Backdoor

What is “Backdoor:MSIL/Cooatut.A”?

Malware Removal

The Backdoor:MSIL/Cooatut.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:MSIL/Cooatut.A virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Drops a binary and executes it
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Collects information to fingerprint the system

How to determine Backdoor:MSIL/Cooatut.A?


File Info:

crc32: 27A5BFEC
md5: 6d12686ffa91ac7f66581262644e5fe8
name: 6D12686FFA91AC7F66581262644E5FE8.mlw
sha1: e4ea4fa694555c34bbb9915ee12806c6a90edba7
sha256: 200d28e2162a2fa405443f42c460f245ada3a2cade28b327ce4df5fb07f3b9bd
sha512: c4b1ae25e1fd9ef690eb1e3caffa1a1f9e81d5f2514d7d6f2538352e00c70d358b33b94dc66e6a1151784bbba444336e7980b45ce6f3b4f09bc5f81f22ae361a
ssdeep: 1536:nv6pEGwaii4QtdapxTCqIJyV+sucsULWnWrLbOGeph04yVc/zGEz:ypEGwCo+xJyM1csULWnWfbZeph0I/zz
type: PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Hewlett-Packard Company 2013
Assembly Version: 1.0.0.0
InternalName: Client.exe
FileVersion: 1.0.0.0
CompanyName: Hewlett-Packard Company
ProductName: Client
ProductVersion: 1.0.0.0
FileDescription: Client
OriginalFilename: Client.exe

Backdoor:MSIL/Cooatut.A also known as:

K7AntiVirusTrojan ( 0052a0081 )
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader9.25108
CynetMalicious (score: 100)
CAT-QuickHealTrojan.GenericFC.S18287917
ALYacGen:Variant.MSILPerseus.40471
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaBackdoor:MSIL/Cooatut.cde5b444
K7GWTrojan ( 0052a0081 )
Cybereasonmalicious.ffa91a
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Troob.AA
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Packed.Zusy-9782474-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.MSILPerseus.40471
NANO-AntivirusTrojan.Win32.RiskGen.dcmdhu
MicroWorld-eScanGen:Variant.MSILPerseus.40471
TencentWin32.Trojan.Generic.Wozq
Ad-AwareGen:Variant.MSILPerseus.40471
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZemsilF.34690.fm0@a0LDA@l
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0DEH21
McAfee-GW-EditionGenericRXBT-IW!6D12686FFA91
FireEyeGeneric.mg.6d12686ffa91ac7f
EmsisoftGen:Variant.MSILPerseus.40471 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.emiqs
AviraHEUR/AGEN.1106066
eGambitUnsafe.AI_Score_99%
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftBackdoor:MSIL/Cooatut.A
AegisLabTrojan.Win32.Generic.4!c
GDataGen:Variant.MSILPerseus.40471
AhnLab-V3Malware/Gen.Generic.C1247822
McAfeeGenericRXBT-IW!6D12686FFA91
MAXmalware (ai score=82)
MalwarebytesMalware.AI.760594752
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DEH21
RisingBackdoor.CloudNet!1.CBAF (CLOUD)
YandexTrojan.Agent!2I9KwCqsFgM
IkarusTrojan.MSIL.Troob
FortinetMSIL/Troob.AA!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Backdoor:MSIL/Cooatut.A?

Backdoor:MSIL/Cooatut.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment