Backdoor:MSIL/DCRat!pz information

The Backdoor:MSIL/DCRat!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:MSIL/DCRat!pz virus can do?

Authenticode signature is invalid
CAPE detected the DCRat malware family
Anomalous binary characteristics

How to determine Backdoor:MSIL/DCRat!pz?


File Info:
name: AA38B4F60297CB70DB30.mlw
path: /opt/CAPEv2/storage/binaries/8077cf85e3058853f3e95ee79642c0357038f836d94422c06da2ad6545c72e9b
crc32: 5D11C9EE
md5: aa38b4f60297cb70db30afd04489139b
sha1: 66873b7e3f2bc4568749cc432e9976bc53ba6b9c
sha256: 8077cf85e3058853f3e95ee79642c0357038f836d94422c06da2ad6545c72e9b
sha512: 1be57b72950b2b5bbda3545a11ffaaab6936a4104e3b97afd3bcae4d99a822acc23347f2a5ad6cf35cdc9a2d718317b844e7018da0de8e2579fa257e6da5a68e
ssdeep: 12288:E62N7K1mRj6a/+VfDpxDfrX4ibZVztFK6OdvRcPEgF2+TpjxzkaUBa7yz8dC8F0J:E62sKTatx7cil8MEgf9n8WTADPUrdox
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16F4542342EEA102AF173AF7D8AE47596DA5FB6A33707985D10B203C60723A42DDD153E
sha3_384: 727c93eb29a133fbf3244b2812b1b609061536f0bd0c8cfb404a8c59a769b6a277551f32f5d5b7e1d6e7a7b9efe38569
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-05-04 16:03:35

Version Info:
ProductName: oDhzanRIlA1F3bk6F1xIbixyB
CompanyName: 87LsX94KyKVy
InternalName: zGbd9MUIincbV.exe
LegalCopyright: 2CASJkMmU7Hd
Comments: KzRusarBB94xTjOwIZbCdCHy2L
OriginalFilename: L3v0yXTJYQSKN2V0CFi0A8YL.exe
ProductVersion: 900.212.120.10
FileVersion: 36.333.526.714
Translation: 0x0409 0x0514

Backdoor:MSIL/DCRat!pz also known as:

Bkav	W32.AIDetectMalware.CS
DrWeb	BackDoor.DarkCrystalNET.18
MicroWorld-eScan	Gen:Trojan.Mardom.IN.13
Skyhigh	BehavesLike.Win32.AgentTesla.tt
McAfee	DCRAT-FDQN!AA38B4F60297
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Trojan.BasicGen.Win32.1
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00592ff21 )
K7GW	Trojan ( 00592ff21 )
BitDefenderTheta	Gen:NN.ZemsilF.36744.hn0@aGuacHki
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Spy.Agent.DTR
APEX	Malicious
ClamAV	Win.Packed.Msilmamut-9987799-0
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Gen:Trojan.Mardom.IN.13
Avast	Win32:DropperX-gen [Drp]
Emsisoft	Gen:Trojan.Mardom.IN.13 (B)
F-Secure	Heuristic.HEUR/AGEN.1365733
VIPRE	Gen:Trojan.Mardom.IN.13
TrendMicro	Backdoor.Win32.DCRAT.SMWB
FireEye	Generic.mg.aa38b4f60297cb70
Sophos	Troj/DCRat-J
SentinelOne	Static AI – Malicious PE
MAX	malware (ai score=88)
GData	MSIL.Trojan.PSE.1LDHOG1
Jiangmin	TrojanSpy.MSIL.ckhn
Google	Detected
Avira	HEUR/AGEN.1365733
Varist	W32/MSIL_Agent.DZU.gen!Eldorado
Kingsoft	malware.kb.c.998
Arcabit	Trojan.Mardom.IN.13
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
Microsoft	Backdoor:MSIL/DCRat!pz
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C5168281
Acronis	suspicious
VBA32	Dropper.MSIL.gen
ALYac	Gen:Trojan.Mardom.IN.13
TACHYON	Trojan-Spy/W32.DN-InfoStealer.1179136
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Backdoor.DCRat!1.E0D3 (CLASSIC)
Ikarus	Trojan.MSIL.Spy
Fortinet	MSIL/Agent.DTR!tr.spy
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS

How to remove Backdoor:MSIL/DCRat!pz?

Backdoor:MSIL/DCRat!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X