Backdoor

Backdoor.Win32.DCRat information

Malware Removal

The Backdoor.Win32.DCRat is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.DCRat virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • CAPE detected the EnigmaStub malware family
  • Deletes executed files from disk
  • Harvests cookies for information gathering

How to determine Backdoor.Win32.DCRat?



File Info:

name: 278B991BC7AC5B0498B5.mlw
path: /opt/CAPEv2/storage/binaries/04257149a77f0acdce629d74ec377eeca921e4ce9127f08f40e6356fa0e0ab80
crc32: B6E24FAF
md5: 278b991bc7ac5b0498b57c1d02742164
sha1: 4ca4663c34a2c1048f36f669578f6283f6f1c664
sha256: 04257149a77f0acdce629d74ec377eeca921e4ce9127f08f40e6356fa0e0ab80
sha512: 7a3b2f5c1ac9dc033698da4c9a81b70bd1ea7fce69ac9d6907e509dd82c52171caabf9e0fe8d548dcc7305c14f7153305104926a2c7c50a9acfa6bbb4d87d7cb
ssdeep: 196608:RrnUniN8CZC+s1wj4gbP14dy7l3OJuZlizJSkVWt/gwI/:RQniNZC+8w0itsuZAz8k0tg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A476332742B860C3CDA65D3C81A3755C34D8AC6621A8DE87EE70AD6F907195CFB353E8
sha3_384: 5ac876f69928df12cd3e073a1d29a1529a11683319725770929adf21767f0a7a299e5aa1a7932006338540f3bca51bd5
ep_bytes: eb0800fa53000000000060e800000000
timestamp: 2022-07-29 15:40:36


Version Info:

FileDescription: Krnl
ProductName: Krnl
FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
LegalCopyright: Copyright ©  2022
OriginalFilename: Krnl.exe
Translation: 0x0409 0x0000

Backdoor.Win32.DCRat also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
FireEyeGeneric.mg.278b991bc7ac5b04
CylanceUnsafe
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.Enigma.FR
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.Win32.DCRat.gen
AvastWin32:Evo-gen [Susp]
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
Trapminemalicious.high.ml.score
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Suspicious PE
AviraHEUR/AGEN.1251154
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win.Generic.R471170
MalwarebytesTrojan.MalPack
ZonerProbably Heur.ExeHeaderL
RisingMalware.Undefined!8.C (TFE:dGZlOgVbZysZPR42Ng)
BitDefenderThetaGen:NN.ZexaF.34806.@B0@aiGkb8h
AVGWin32:Evo-gen [Susp]

How to remove Backdoor.Win32.DCRat?

Backdoor.Win32.DCRat removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment