Categories: Backdoor

Backdoor:MSIL/Muddywat.A!MTB removal instruction

The Backdoor:MSIL/Muddywat.A!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:MSIL/Muddywat.A!MTB virus can do?

CAPE extracted potentially suspicious content
.NET file is packed/obfuscated with Confuser
Authenticode signature is invalid

How to determine Backdoor:MSIL/Muddywat.A!MTB?


File Info:
name: FA200E715E856550C76F.mlwpath: /opt/CAPEv2/storage/binaries/bf696397784b22f8e891dd0627dce731f288d14d4791ac5d0a906bc1cbe10de6crc32: 0C178304md5: fa200e715e856550c76f729604ebaf57sha1: 7bf879aaf66bb5fc5b97bb29c966f3b21c8e25c8sha256: bf696397784b22f8e891dd0627dce731f288d14d4791ac5d0a906bc1cbe10de6sha512: 4cb7a6a86ae9c427aa6ede67f925d54231b684160dce835c154c101cfe4839dc19e21b573e74fb7ab6ba5bce0a7e63a195e28b79336e1517a24a520f1c1725c5ssdeep: 768:PZ3yh/XhPWg6OITczIdtJcYpB8+JXLgiypicclZmJNjqvVbnE:PV0hegcwIdbcYpBK1FJqDEtype: PE32 executable (console) Intel 80386, for MS Windowstlsh: T13E932F1032B74748F3F68B3D59BA7A5068BDFF55D802CBE84A71100D1969E12AD92F3Bsha3_384: e1022987cd38953ac2440a683254c6f23b9225468b066009298f352705a8771ba693fefe33706f145c79792478d28015ep_bytes: ff250020400000000000000000000000timestamp: 2018-05-03 13:33:17
Version Info:
Translation: 0x0000 0x04b0Comments: CompanyName: FileDescription: LisfonFileVersion: 1.0.0.0InternalName: Lisfon.exeLegalCopyright: Copyright ©  2018LegalTrademarks: OriginalFilename: Lisfon.exeProductName: LisfonProductVersion: 1.0.0.0Assembly Version: 1.0.0.0

Backdoor:MSIL/Muddywat.A!MTB also known as:

Bkav	W32.Common.6BAC2723
Lionic	Trojan.MSIL.MuddyRope.m!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ursu.349442
ClamAV	Win.Trojan.Powermud-6779287-0
FireEye	Gen:Variant.Ursu.349442
McAfee	Generic Trojan.fb
Malwarebytes	Malware.AI.1982961157
Zillya	Trojan.Agent.Win32.1028433
Sangfor	Backdoor.Msil.Muddywat.V1ps
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Win32/Seedworm.181214
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.af66bb
BitDefenderTheta	Gen:NN.ZemsilF.36662.fm0@a8HZmum
Symantec	Backdoor.Powemuddy
ESET-NOD32	a variant of MSIL/Agent.BSQ
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	Backdoor.MSIL.MuddyRope.e
BitDefender	Gen:Variant.Ursu.349442
NANO-Antivirus	Trojan.Win32.MuddyRope.flndeu
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.13b7dbee
Emsisoft	Gen:Variant.Ursu.349442 (B)
F-Secure	Trojan.TR/Agent.brdcv
VIPRE	Gen:Variant.Ursu.349442
TrendMicro	Backdoor.MSIL.POWEMUDDY.THABACAH
McAfee-GW-Edition	Generic Trojan.fb
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-R
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Ursu.349442
Jiangmin	Backdoor.MSIL.ayxh
Webroot	W32.Trojan.Gen
Avira	TR/Agent.brdcv
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Backdoor]/MSIL.Muddywater
Xcitium	Malware@#31eonkhufu0c1
Arcabit	Trojan.Ursu.D55502
ZoneAlarm	Backdoor.MSIL.MuddyRope.e
Microsoft	Backdoor:MSIL/Muddywat.A!MTB
Google	Detected
ALYac	Trojan.PowerShell.Agent
VBA32	TScope.Trojan.MSIL
Cylance	unsafe
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Backdoor.MSIL.POWEMUDDY.THABACAH
Rising	Backdoor.Muddywat!8.105CF (CLOUD)
Yandex	Backdoor.MuddyRope!GLXXxmwt3sc
Ikarus	Trojan.Win32.Agent
MaxSecure	Trojan.Malware.73983235.susgen
Fortinet	MSIL/Razy.0DE6!tr
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)