Backdoor

Backdoor:MSIL/Noancooe.B information

Malware Removal

The Backdoor:MSIL/Noancooe.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:MSIL/Noancooe.B virus can do?

  • Executable code extraction
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • A process created a hidden window
  • Attempts to remove evidence of file being downloaded from the Internet
  • Exhibits behavior characteristic of Nanocore RAT
  • Collects information to fingerprint the system

How to determine Backdoor:MSIL/Noancooe.B?



File Info:

crc32: 81F68E80
md5: 697e43f3a59b5dcb6d69553eaf2a25ff
name: piscine.exe
sha1: ae2213dc371b3cf70dfb024ee1aed9bf302935e4
sha256: 1e98947f35cfd7b8963d61a6c6e93a1fcef59007d848c38f1a2983204ecfab35
sha512: 93a3a7605924134921cf0f94cde7b070c0e824b5467e5bfa95c18e82e1a9003f0ba6bc25c00cff1519f1e1103ac7770ce429c770410c83392b4a0a85210d122f
ssdeep: 6144:YMZzwDSwluTcZvlJVPZ5/527CGRehvTnuyIx3qJp+VyULGt+i4:YcwDXlScZvlJVHR2R6vTnuywqKdGt+d
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) Glenoma 2019
InternalName: ultraexpeditious.exe
FileVersion: 3.1.4.8
CompanyName: garrulity
ProductName: Cassandry
ProductVersion: 6.0.4.2
FileDescription: taborins
OriginalFilename: recabling.exe
Translation: 0x0409 0x04b0

Backdoor:MSIL/Noancooe.B also known as:

DrWebBackDoor.Siggen2.2962
MicroWorld-eScanTrojan.GenericKD.32321050
FireEyeGeneric.mg.697e43f3a59b5dcb
CAT-QuickHealBackdoor.MSIL
McAfeeGenericRXIK-MG!697E43F3A59B
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 00556a4e1 )
BitDefenderTrojan.GenericKD.32321050
K7GWTrojan ( 00556a4e1 )
CrowdStrikewin/malicious_confidence_90% (W)
TrendMicroTROJ_GEN.R020C0PHQ19
BitDefenderThetaGen:NN.ZexaF.33558.vu3@au6vmnoi
F-ProtW32/Injector.RD.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
GDataTrojan.GenericKD.32321050
KasperskyHEUR:Trojan.Win32.Generic
AlibabaBackdoor:MSIL/NanoBot.7975452e
NANO-AntivirusTrojan.Win32.NanoBot.fwumwq
RisingBackdoor.NanoBot!8.28C (TFE:5:DUtXXqqDQsU)
Endgamemalicious (high confidence)
EmsisoftTrojan.GenericKD.32321050 (B)
ComodoMalware@#337bzqprvye7t
F-SecureTrojan.TR/AD.BDSNanoCoreClient.ahqwc
ZillyaTrojan.Generic.Win32.934914
Invinceaheuristic
McAfee-GW-EditionGenericRXIK-MG!697E43F3A59B
SophosMal/Generic-S
IkarusTrojan.Win32.Krypt
CyrenW32/Injector.RD.gen!Eldorado
WebrootW32.Trojan.GenKD
AviraTR/AD.BDSNanoCoreClient.ahqwc
MAXmalware (ai score=100)
Antiy-AVLTrojan[Backdoor]/MSIL.NanoBot
MicrosoftBackdoor:MSIL/Noancooe.B
ArcabitTrojan.Generic.D1ED2E1A
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmHEUR:Trojan.Win32.Generic
AhnLab-V3Trojan/Win32.Agent.R288775
Acronissuspicious
VBA32BScope.Trojan.Meterpreter
ALYacTrojan.GenericKD.32321050
Ad-AwareTrojan.GenericKD.32321050
MalwarebytesBackdoor.NanoCore
ESET-NOD32a variant of Win32/Injector.EHKI
TrendMicro-HouseCallBackdoor.Win32.NETWIRED.SM1
YandexBackdoor.NanoBot!
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_53%
FortinetW32/GenKryptik.DRCI!tr
AVGWin32:RATX-gen [Trj]
Cybereasonmalicious.c371b3
AvastWin32:RATX-gen [Trj]
Qihoo-360Win32/Trojan.ae8

How to remove Backdoor:MSIL/Noancooe.B?

Backdoor:MSIL/Noancooe.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment