Backdoor

Backdoor:MSIL/AsyncRAT.AA!MTB removal tips

Malware Removal

The Backdoor:MSIL/AsyncRAT.AA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:MSIL/AsyncRAT.AA!MTB virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the AsyncRat malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:MSIL/AsyncRAT.AA!MTB?



File Info:

name: 85D81E72F60271A35481.mlw
path: /opt/CAPEv2/storage/binaries/e6eb5e74a9beddc94315bd63a328b0899fbb39b1ca55aae54441501eeb1ac80f
crc32: B18C46BF
md5: 85d81e72f60271a3548132646d6ca838
sha1: a12bdf77a1ba158003d7d396663ff3f43648ba66
sha256: e6eb5e74a9beddc94315bd63a328b0899fbb39b1ca55aae54441501eeb1ac80f
sha512: 2d28c5a9d73eb39be105ce3e0cb482962150914e9fe521352aebc9a8fbfddbe780689f150503af3c6263f06a411b7af7c7e499d316779315031a7dbd98a22349
ssdeep: 6144:+l7nnqJ+oMXxYcUb07930PwMXBXXXT4xLrGztYKBzf6eDWbTiIWS/Rj5X:BJ+vxYcUAdHUceDFJaRjB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FB94170017A8892BE5BE0FF4A5B273015FB4E507E765DB4E19B79C98B852340A7C13BB
sha3_384: 1be8c6d78f3434314391d97fbc60a957af874c5879021ddf4a6402c6dc64fe2d327f58a5086af6851fe5cce07b44ba0b
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-12-30 01:19:53


Version Info:

Translation: 0x0000 0x04b0
Comments: Adobe Acrobat Reader DC
CompanyName: Adobe Systems Incorporated
FileDescription: Adobe Acrobat Reader DC
FileVersion: 20.13.20074.41169
InternalName: Stub.exe
LegalCopyright: Copyright 1984-2020 Adobe Systems Incorporated and its licensors. All rights reserved.
LegalTrademarks: 
OriginalFilename: Stub.exe
ProductName: Adobe Acrobat Reader DC
ProductVersion: 20.13.20074.41169
Assembly Version: 20.13.20074.41169

Backdoor:MSIL/AsyncRAT.AA!MTB also known as:

BkavW32.AIDetectMalware.CS
ElasticWindows.Generic.Threat
DrWebBackDoor.AsyncRATNET.1
MicroWorld-eScanIL:Trojan.MSILZilla.81201
FireEyeGeneric.mg.85d81e72f60271a3
SkyhighGenericRXNG-DK!85D81E72F602
McAfeeGenericRXNG-DK!85D81E72F602
Cylanceunsafe
ZillyaTrojan.Agent.Win32.3346221
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaBackdoor:MSIL/AsyncRAT.f059b420
K7GWTrojan ( 0055995e1 )
K7AntiVirusTrojan ( 0055995e1 )
BitDefenderThetaGen:NN.ZemsilF.36802.Am0@aWGC0Qn
VirITTrojan.Win32.MSIL_Heur.A
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Agent.CFW
ClamAVWin.Packed.Razy-9625918-0
KasperskyHEUR:Backdoor.MSIL.Crysan.gen
BitDefenderIL:Trojan.MSILZilla.81201
AvastWin32:RATX-gen [Trj]
TencentMalware.Win32.Gencirc.13ba6d43
EmsisoftIL:Trojan.MSILZilla.81201 (B)
F-SecureHeuristic.HEUR/AGEN.1307532
VIPREIL:Trojan.MSILZilla.81201
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.MSIL.ervc
GoogleDetected
AviraHEUR/AGEN.1307532
VaristW32/MSIL_Kryptik.DOD.gen!Eldorado
Antiy-AVLTrojan[Backdoor]/MSIL.Crysan
MicrosoftBackdoor:MSIL/AsyncRAT.AA!MTB
ArcabitIL:Trojan.MSILZilla.D13D31
ZoneAlarmHEUR:Backdoor.MSIL.Crysan.gen
GDataIL:Trojan.MSILZilla.81201
AhnLab-V3Trojan/Win32.RL_Generic.C4239825
VBA32OScope.Backdoor.MSIL.Crysan
ALYacIL:Trojan.MSILZilla.81201
MAXmalware (ai score=89)
MalwarebytesMalware.AI.2150559652
PandaTrj/GdSda.A
RisingTrojan.AntiVM!1.CF63 (CLASSIC)
IkarusBackdoor.AsyncRat
MaxSecureTrojan.Malware.74418669.susgen
FortinetMSIL/Agent.CFQ!tr
AVGWin32:RATX-gen [Trj]
DeepInstinctMALICIOUS
alibabacloudBackdoor[rat]:MSIL/Agenttesla.Stub.LQL!MTB

How to remove Backdoor:MSIL/AsyncRAT.AA!MTB?

Backdoor:MSIL/AsyncRAT.AA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment