Backdoor:MSIL/Chopper.FA!dha removal

The Backdoor:MSIL/Chopper.FA!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:MSIL/Chopper.FA!dha virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Backdoor:MSIL/Chopper.FA!dha?


File Info:
name: F99F5266515E9B710A4C.mlw
path: /opt/CAPEv2/storage/binaries/95a5968ff17ccdb301f55645f69aa2222938a36a70560197a619f35ff57014b2
crc32: D7E25616
md5: f99f5266515e9b710a4c5e1723128cfa
sha1: 02f5816ee48b40e586de4c04c7ad7befedcab0cd
sha256: 95a5968ff17ccdb301f55645f69aa2222938a36a70560197a619f35ff57014b2
sha512: a6ba75602c9932f7a67fe2d8c31a8cb9c44b9a6a08bc7ddd11bfc720e4ee4d97b539b8737766036a16a4a16bead6d8051eac8a6de97efb518b598cab87026ecd
ssdeep: 384:KJyL1lwKfiMfETozsenF5zgdbY3M4eUY7UFMZbd3Hjaxej8V32A9Nlst8B9gTgbD:KIL1lwKqMqo4enFz+329d
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1899265307A91A0D9CDAA4F36106546C363FB978E9FE9CF4C55A5129CCE1250BC7A32F2
sha3_384: a1ae710b77dfa74d122b205d2429efadadc6dcb39d577521cbef6fa27e4641018b2f70b469bb98e12f7b964c43b62700
ep_bytes: ff250020400000000000000000000000
timestamp: 2024-03-24 14:51:33

Version Info:
Translation: 0x007f 0x04b0
Comments:  
CompanyName:  
FileDescription:  
FileVersion: 0.0.0.0
InternalName: App_Web_4mxaw2sp.dll
LegalCopyright:  
LegalTrademarks:  
OriginalFilename: App_Web_4mxaw2sp.dll
ProductName:  
ProductVersion:

Backdoor:MSIL/Chopper.FA!dha also known as:

Bkav	W32.AIDetectMalware.CS
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.MSIL.Chopper.A.F288EEA5
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Arcabit	Generic.MSIL.Chopper.A.F288EEA5
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Webshell.AA
APEX	Malicious
TrendMicro-HouseCall	TROJ_GEN.R011C0DCQ24
Kaspersky	HEUR:Backdoor.MSIL.Webshell.gen
BitDefender	Generic.MSIL.Chopper.A.F288EEA5
Avast	Win32:BackdoorX-gen [Trj]
Tencent	Backdoor.MSIL.Webshell.hb
Emsisoft	Generic.MSIL.Chopper.A.F288EEA5 (B)
F-Secure	Heuristic.HEUR/AGEN.1364305
DrWeb	BackDoor.WebshellNET.1
VIPRE	Generic.MSIL.Chopper.A.F288EEA5
TrendMicro	TROJ_GEN.R011C0DCQ24
FireEye	Generic.MSIL.Chopper.A.F288EEA5
Ikarus	Backdoor.MSIL.Chopper
ALYac	Generic.MSIL.Chopper.A.F288EEA5
Varist	W32/MSIL_Troj.BKP.gen!Eldorado
Avira	HEUR/AGEN.1364305
Microsoft	Backdoor:MSIL/Chopper.FA!dha
ZoneAlarm	HEUR:Backdoor.MSIL.Webshell.gen
GData	Generic.MSIL.Chopper.A.F288EEA5
AhnLab-V3	Backdoor/Win.Chopper.C5605214
VBA32	Backdoor.MSIL.Webshell.Heur
Google	Detected
MAX	malware (ai score=84)
Panda	Trj/GdSda.A
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Webshell.AA!tr
AVG	Win32:BackdoorX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Backdoor:MSIL/Chopper.FA!dha?

Backdoor:MSIL/Chopper.FA!dha removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X