About “Backdoor.WebShell” infection

The Backdoor.WebShell is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.WebShell virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Backdoor.WebShell?


File Info:
name: E1C50C9B74E392F04CA2.mlw
path: /opt/CAPEv2/storage/binaries/10b6fc8f9ae8a055617c3a2db3fe10c04e0d2170bbb1392e4e11fed5773618ec
crc32: 8DCD0F79
md5: e1c50c9b74e392f04ca257646df4e617
sha1: b14fb13cb11bdee11fc601791e535cc635a039d2
sha256: 10b6fc8f9ae8a055617c3a2db3fe10c04e0d2170bbb1392e4e11fed5773618ec
sha512: ce2f5a2c31c5791332a930984f6eb1d0c2e5536d16ec6f4f8483024c9c4057481473117bd8b3476b2999d1f205f35746b653ec733c00141ee37ec93b77ab8d4f
ssdeep: 96:6cdfkAngBAXVjbVJyySs1AKAzMlB87Zzp+wtSj:6kXFljZJyps1TAzIB877vsj
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T150C1E70BBB98CB3BC57F8B3AA6A2874717B5D5199613DB1E1CC4119C6C8371817B07E1
sha3_384: 32f4c8cfbc4569d5069059eaeec86e0eb3a07fc5ed33d9f99b03b460683bc8d21273f595731feed47adebea0c0357077
ep_bytes: ff250020001000000000000000000000
timestamp: 2023-11-28 20:32:00

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: App_Web_fs4w0tzc.dll
LegalCopyright:  
OriginalFilename: App_Web_fs4w0tzc.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Backdoor.WebShell also known as:

Bkav	W32.AIDetectMalware.CS
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.104569
ClamAV	Win.Packed.Webshell-10016062-0
CAT-QuickHeal	Backdoor.WebShell
McAfee	GenericRXVF-WD!E1C50C9B74E3
Malwarebytes	Trojan.WebShell
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 005b19ee1 )
K7AntiVirus	Trojan ( 005b19ee1 )
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Webshell.EV
APEX	Malicious
Emsisoft	Trojan.GenericKDZ.104569 (B)
F-Secure	Trojan.TR/Dropper.MSIL.Gen
DrWeb	BackDoor.WebshellNET.9
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Varist	W32/Trojan.IIE.gen!Eldorado
Avira	TR/Dropper.MSIL.Gen
Arcabit	Trojan.Generic.D19879
ZoneAlarm	HEUR:Backdoor.MSIL.WebShell.gen
Microsoft	Backdoor:MSIL/Webshell.BB!MTB
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5342975
TACHYON	Backdoor/W32.DN-WebShell.6144.K
DeepInstinct	MALICIOUS
Tencent	Backdoor.MSIL.WebShell.ki
Ikarus	Trojan.MSIL.Webshell
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Webshell.EE!tr
Panda	Trj/GdSda.A

How to remove Backdoor.WebShell?

Backdoor.WebShell removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X