Backdoor

Backdoor:MSIL/DCRat.C!MTB removal guide

Malware Removal

The Backdoor:MSIL/DCRat.C!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:MSIL/DCRat.C!MTB virus can do?

  • Authenticode signature is invalid
  • CAPE detected the DCRat malware family
  • Anomalous binary characteristics

How to determine Backdoor:MSIL/DCRat.C!MTB?


File Info:

name: 7B66B0A16900E321F7A6.mlw
path: /opt/CAPEv2/storage/binaries/8ae5155254add551f0993a8c423accfecfff5800254710e31aaab1e8e154fa3e
crc32: 0A27698A
md5: 7b66b0a16900e321f7a63bab13ed986b
sha1: 91f9481ccded0c15fd6cb7e7629a278d19887a23
sha256: 8ae5155254add551f0993a8c423accfecfff5800254710e31aaab1e8e154fa3e
sha512: 82d86247d705b54d673ac57b0a5c90e6c4c686ad8fbfe688269c6ed1e004e6e1ef817fe3b129393b5f568d38332161ce5e8bdd5e3d5936ab707ed62adb9aab99
ssdeep: 12288:RQjQEMCYFzhC79lb3TS+E+gPa/10k1iV7:RpHCcNk3ptKs10
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CBB4FA282AE94929F1BBAF7D95F13496DA3EB6633717D74D04A102860723B41DDC0B3B
sha3_384: d6a7894d9ae09528f8ac73b21994ea38e4c82123c7a53b34812930a551d397746f12369f2411f1ee23c3bc5f9da8758c
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-03-15 23:42:27

Version Info:

ProductName: vnaBX7m21dlmjSke8
CompanyName: MVm0vYGP
InternalName: QIq2GxX2rSF75dCuzFz4q8T0rSNz6.exe
LegalCopyright: L5H
Comments: ozwzdETqOK3QQzbUCSWViRnaZnug5
OriginalFilename: GKm6DSEArgsAxJ.exe
ProductVersion: 824.694.492.572
FileVersion: 593.738.682.774
Translation: 0x0409 0x0514

Backdoor:MSIL/DCRat.C!MTB also known as:

BkavW32.AIDetectMalware.CS
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.86836
FireEyeGeneric.mg.7b66b0a16900e321
CAT-QuickHealTrojan.MsilFC.S27416877
SkyhighBehavesLike.Win32.AgentTesla.gm
McAfeePWS-FDKA!7B66B0A16900
MalwarebytesGeneric.Malware.AI.DDS
VIPRETrojan.GenericKDZ.86836
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:MSIL/SpyNoon.b2ec2e5a
K7GWTrojan ( 00592ff21 )
K7AntiVirusTrojan ( 00592ff21 )
VirITTrojan.Win32.Injector.DCGZ
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Spy.Agent.DTR
APEXMalicious
ClamAVWin.Packed.Passwordstealera-9917697-0
KasperskyHEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefenderTrojan.GenericKDZ.86836
AvastWin32:RATX-gen [Trj]
TencentTrojan-Spy.Msil.Stealer.fd
EmsisoftTrojan.GenericKDZ.86836 (B)
F-SecureHeuristic.HEUR/AGEN.1371403
DrWebTrojan.Siggen17.26510
ZillyaTrojan.Agent.Win32.2825081
Trapminemalicious.moderate.ml.score
SophosTroj/SpyNoon-A
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=88)
JiangminTrojanSpy.MSIL.cgla
GoogleDetected
AviraHEUR/AGEN.1371403
VaristW32/MSIL_Agent.CYZ.gen!Eldorado
Antiy-AVLTrojan[Spy]/MSIL.Agent
Kingsoftmalware.kb.c.862
MicrosoftBackdoor:MSIL/DCRat.C!MTB
ArcabitTrojan.Generic.D15334
ZoneAlarmHEUR:Trojan-Spy.MSIL.Stealer.gen
GDataTrojan.GenericKDZ.86836
AhnLab-V3Trojan/Win.Spy.C4877870
Acronissuspicious
BitDefenderThetaGen:NN.ZemsilF.36802.Em0@aOsWLBli
ALYacTrojan.GenericKDZ.86836
TACHYONTrojan-Spy/W32.DN-InfoStealer.494592
VBA32Dropper.MSIL.gen
Cylanceunsafe
PandaTrj/CI.A
RisingBackdoor.DCRat!1.E0D3 (CLASSIC)
IkarusTrojan.MSIL.Spy
MaxSecureTrojan.Malware.121218.susgen
FortinetMSIL/Agent.DTR!tr
AVGWin32:RATX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Backdoor:MSIL/DCRat.C!MTB?

Backdoor:MSIL/DCRat.C!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment