Backdoor

About “Backdoor.WebShell” infection

Malware Removal

The Backdoor.WebShell is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.WebShell virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine Backdoor.WebShell?


File Info:

name: E1C50C9B74E392F04CA2.mlw
path: /opt/CAPEv2/storage/binaries/10b6fc8f9ae8a055617c3a2db3fe10c04e0d2170bbb1392e4e11fed5773618ec
crc32: 8DCD0F79
md5: e1c50c9b74e392f04ca257646df4e617
sha1: b14fb13cb11bdee11fc601791e535cc635a039d2
sha256: 10b6fc8f9ae8a055617c3a2db3fe10c04e0d2170bbb1392e4e11fed5773618ec
sha512: ce2f5a2c31c5791332a930984f6eb1d0c2e5536d16ec6f4f8483024c9c4057481473117bd8b3476b2999d1f205f35746b653ec733c00141ee37ec93b77ab8d4f
ssdeep: 96:6cdfkAngBAXVjbVJyySs1AKAzMlB87Zzp+wtSj:6kXFljZJyps1TAzIB877vsj
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T150C1E70BBB98CB3BC57F8B3AA6A2874717B5D5199613DB1E1CC4119C6C8371817B07E1
sha3_384: 32f4c8cfbc4569d5069059eaeec86e0eb3a07fc5ed33d9f99b03b460683bc8d21273f595731feed47adebea0c0357077
ep_bytes: ff250020001000000000000000000000
timestamp: 2023-11-28 20:32:00

Version Info:

Translation: 0x0000 0x04b0
FileDescription:
FileVersion: 0.0.0.0
InternalName: App_Web_fs4w0tzc.dll
LegalCopyright:
OriginalFilename: App_Web_fs4w0tzc.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Backdoor.WebShell also known as:

BkavW32.AIDetectMalware.CS
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.104569
ClamAVWin.Packed.Webshell-10016062-0
CAT-QuickHealBackdoor.WebShell
McAfeeGenericRXVF-WD!E1C50C9B74E3
MalwarebytesTrojan.WebShell
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 005b19ee1 )
K7AntiVirusTrojan ( 005b19ee1 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Webshell.EV
APEXMalicious
EmsisoftTrojan.GenericKDZ.104569 (B)
F-SecureTrojan.TR/Dropper.MSIL.Gen
DrWebBackDoor.WebshellNET.9
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
VaristW32/Trojan.IIE.gen!Eldorado
AviraTR/Dropper.MSIL.Gen
ArcabitTrojan.Generic.D19879
ZoneAlarmHEUR:Backdoor.MSIL.WebShell.gen
MicrosoftBackdoor:MSIL/Webshell.BB!MTB
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5342975
TACHYONBackdoor/W32.DN-WebShell.6144.K
DeepInstinctMALICIOUS
TencentBackdoor.MSIL.WebShell.ki
IkarusTrojan.MSIL.Webshell
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Webshell.EE!tr
PandaTrj/GdSda.A

How to remove Backdoor.WebShell?

Backdoor.WebShell removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment