Backdoor:MSIL/DCRat!pz removal guide

The Backdoor:MSIL/DCRat!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:MSIL/DCRat!pz virus can do?

Authenticode signature is invalid
CAPE detected the DCRat malware family
Anomalous binary characteristics

How to determine Backdoor:MSIL/DCRat!pz?


File Info:
name: 7431B5C913F2BC8BE768.mlw
path: /opt/CAPEv2/storage/binaries/7958d1b4c0816bdaada064df91552c1943057a7b12b94492c8b0c6e6f40cc578
crc32: 9ADD40DA
md5: 7431b5c913f2bc8be768dfba62af6e39
sha1: 428c99dde9a3ecc4ab4cd4402e18d47512112ca0
sha256: 7958d1b4c0816bdaada064df91552c1943057a7b12b94492c8b0c6e6f40cc578
sha512: 2bcc1b27d22fdf8496770e9222cf5c5ffe6849456c14a210c64d9b066c4bf0fae6932bfa39869be1570c242395a4b8993226a8bdfd5b7081cf39ce123b8f27ac
ssdeep: 12288:w6NE5ig5Fttrh5PxjUm5SvDdLILaBFkjKuAMx6A5gtbGk84Ca04jtiPBgGKYTx:w6N297PxbsKtC5AHgk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E60574342EEA1029F177AF7D8AE47596DA6EB6A33707994D00B103C60723B42DDD163E
sha3_384: 73f45836141e8adb2c42b983f97e58ad7638a1191d5817bb1bc78c083d46c12281d753314ae9564b430172eb146698f6
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-07-24 15:13:08

Version Info:
ProductName: TrRhBItcpz92Wmln
CompanyName: nniQp2hc8kBqELEp5t6gdACL
InternalName: Zvozq7NeUd7pOz.exe
LegalCopyright: d4DqrVto4TqUcJLbvW
Comments: JFGBoxb8xpH9jxVCk7slG4Ogq
OriginalFilename: dwSInKNZpyy3tjhWx9bUxaqGt0Lgl.exe
ProductVersion: 136.439.777.117
FileVersion: 780.781.940.265
Translation: 0x0409 0x0514

Backdoor:MSIL/DCRat!pz also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.DCRat.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.MSIL.Basic.8.Gen
ClamAV	Win.Packed.Msilmamut-9987799-0
FireEye	Generic.mg.7431b5c913f2bc8b
CAT-QuickHeal	Trojan.MsilFC.S28419717
Skyhigh	BehavesLike.Win32.DCRAT.cm
McAfee	DCRAT-FDQN!7431B5C913F2
Cylance	unsafe
Zillya	Trojan.BasicGen.Win32.1
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005b0c8c1 )
Alibaba	Backdoor:MSIL/DCRAT.eb44db9b
K7GW	Trojan ( 005b0c8c1 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.MSIL.Basic.8.Gen
BitDefenderTheta	Gen:NN.ZemsilF.36744.1m0@aCWTcmgi
VirIT	Trojan.Win32.Genus.LVV
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Spy.Agent.DTR
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Backdoor.MSIL.DCRat.gen
BitDefender	Trojan.MSIL.Basic.8.Gen
Avast	Win32:DropperX-gen [Drp]
Tencent	Backdoor.MSIL.DCRat.ha
TACHYON	Backdoor/W32.DN-DCRat.869376
Emsisoft	Trojan.MSIL.Basic.8.Gen (B)
F-Secure	Heuristic.HEUR/AGEN.1365733
DrWeb	BackDoor.DarkCrystalNET.18
VIPRE	Trojan.MSIL.Basic.8.Gen
Sophos	Troj/DCRat-J
SentinelOne	Static AI – Malicious PE
Jiangmin	Backdoor.MSIL.ftrw
Google	Detected
Avira	HEUR/AGEN.1365733
Antiy-AVL	Trojan[Backdoor]/MSIL.DCRat
Kingsoft	malware.kb.c.996
Microsoft	Backdoor:MSIL/DCRat!pz
ZoneAlarm	HEUR:Backdoor.MSIL.DCRat.gen
GData	MSIL.Trojan.PSE.1OW8TZJ
Varist	W32/MSIL_Agent.EPR.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.C5168281
Acronis	suspicious
ALYac	Trojan.MSIL.Basic.8.Gen
MAX	malware (ai score=89)
VBA32	Dropper.MSIL.gen
Malwarebytes	Generic.Malware.Agent.DDS
Panda	Trj/GdSda.A
Rising	Backdoor.DCRat!1.E0D3 (CLASSIC)
Ikarus	Trojan.MSIL.Spy
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Agent.DTR!tr.spy
AVG	Win32:DropperX-gen [Drp]
Cybereason	malicious.de9a3e
DeepInstinct	MALICIOUS

How to remove Backdoor:MSIL/DCRat!pz?

Backdoor:MSIL/DCRat!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X