Categories: Backdoor

Backdoor:MSIL/AsyncRAT!MTB removal

The Backdoor:MSIL/AsyncRAT!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:MSIL/AsyncRAT!MTB virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Installs itself for autorun at Windows startup
Creates known Njrat/Bladabindi RAT registry keys

How to determine Backdoor:MSIL/AsyncRAT!MTB?


File Info:
name: B5BA1E483EA472236711.mlwpath: /opt/CAPEv2/storage/binaries/d03ece89573cf3ec2382bacd5744690b928209dc4c4447249f35cdc0ce387d88crc32: 7EC26713md5: b5ba1e483ea472236711f3571e7283f4sha1: e3f480627dd3496acc2cda4450bb62cc99d51913sha256: d03ece89573cf3ec2382bacd5744690b928209dc4c4447249f35cdc0ce387d88sha512: f8f5b6bdfe447f72a25724caae035e402a27a4f0cee53f009cea17fd07c4446a43e2002d7fb4510f3e981769a533c26ae53187acb6d4e98ef9ccd534c8492404ssdeep: 384:cLG9fL0CJ1G4APoWahxolxQmCYPPdR9MZAQk93vmhm7UMKmIEecKdbXTzm9bVhc7:61UEIwxWZA/vMHTi9bDtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T18BC2E72D37B68232D1EE067E5562EA5043B5E04BF272FB0E4CD994DD4B5B38A0A41EE4sha3_384: dc086de1bfddf8db90524173dea9d67839a3562620189aa395ac65586cda1e617cbcdfe856cffc05db87515322723477ep_bytes: ff250020400000000000000000000000timestamp: 2021-12-06 20:40:57
Version Info:
0: [No Data]

Backdoor:MSIL/AsyncRAT!MTB also known as:

Elastic	malicious (high confidence)
DrWeb	BackDoor.BladabindiNET.9
MicroWorld-eScan	Trojan.GenericKD.47620300
FireEye	Generic.mg.b5ba1e483ea47223
CAT-QuickHeal	Trojan.GenericFC.S17873958
ALYac	Trojan.GenericKD.47620300
Cylance	Unsafe
Zillya	Trojan.Bladabindi.Win32.23092
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:MSIL/AsyncRAT.3f90aeeb
K7GW	Trojan ( 700000121 )
K7AntiVirus	Trojan ( 700000121 )
BitDefenderTheta	Gen:NN.ZemsilF.34084.bmW@aex25A
Cyren	W32/MSIL_Bladabindi.GD.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Bladabindi.AS
TrendMicro-HouseCall	BKDR_BLADABI.SMC
Paloalto	generic.ml
ClamAV	Win.Trojan.Generic-6417450-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKD.47620300
Avast	Win32:KeyloggerX-gen [Trj]
Tencent	Win32.Trojan.Generic.Pgms
Ad-Aware	Trojan.GenericKD.47620300
Emsisoft	Trojan.GenericKD.47620300 (B)
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	BKDR_BLADABI.SMC
McAfee-GW-Edition	BehavesLike.Win32.BackdoorNJRat.mm
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Bladabindi
GData	MSIL.Trojan.Bladabindi.BW
Jiangmin	AdWare.Amonetize.ammc
Avira	TR/Dropper.Gen7
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Generic.ASMalwS.34E5FDA
Gridinsoft	Ransom.Win32.Bladabindi.sa
Microsoft	Backdoor:MSIL/AsyncRAT!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Backdoor/Win32.Bladabindi.R137413
Acronis	suspicious
McAfee	BackDoor-NJRat!B5BA1E483EA4
VBA32	TScope.Trojan.MSIL
Malwarebytes	Backdoor.AsyncRAT.MSIL.Generic
APEX	Malicious
Rising	Backdoor.Njrat!1.D4D6 (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Bladabindi.F!tr
AVG	Win32:KeyloggerX-gen [Trj]
Cybereason	malicious.83ea47
Panda	Trj/GdSda.A