Backdoor:MSIL/Quasar!pz (file analysis)

The Backdoor:MSIL/Quasar!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:MSIL/Quasar!pz virus can do?

Authenticode signature is invalid
CAPE detected the QuasarStealer malware family

How to determine Backdoor:MSIL/Quasar!pz?


File Info:
name: 6D7A9FF46C6EE0723C00.mlw
path: /opt/CAPEv2/storage/binaries/9a8f51edc8257b2dec91798b4897b600700bb4ca2073b1b15c68589012338119
crc32: A859EBC1
md5: 6d7a9ff46c6ee0723c00788f6b2b3b56
sha1: 201de13c84cae8772d7dc238c3b7365962345cc7
sha256: 9a8f51edc8257b2dec91798b4897b600700bb4ca2073b1b15c68589012338119
sha512: 669ef530442827938db90bbbf06771039c4fc5978291feee1550694046200f7dbc273bc581a1a46ca3e8450ff8219c504f211fac8d74136672cae9c496ea303b
ssdeep: 49152:PvEI22SsaNYfdPBldt698dBcjHHjXHBxcxoGdSTHHB72eh2NT:Pvp22SsaNYfdPBldt6+dBcjH7i
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C8E56B0437F85E33E56BD2B3D5B05026A3F1E82AF363EB1B518167BE1C53B5488426A7
sha3_384: cc3cc1db9d6d7837fb23550dc9a7a2519db0f1237924210f3729fadd8d12c186032c30e1a729d8220908bf354f4448c1
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-04-28 03:11:21

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: ServiceUpdate
FileDescription: ServiceUpdate
FileVersion: 1.1.1.1
InternalName: ServiceUpdate
LegalCopyright: ServiceUpdate
LegalTrademarks: ServiceUpdate
OriginalFilename: ServiceUpdate
ProductName: ServiceUpdate
ProductVersion: 1.1.1.1
Assembly Version: 1.1.1.1

Backdoor:MSIL/Quasar!pz also known as:

ClamAV	Win.Malware.Generic-9883083-0
CAT-QuickHeal	Trojan.Generic.TRFH927
McAfee	GenericRXMC-UD!6D7A9FF46C6E
Malwarebytes	Backdoor.Quasar
Sangfor	Trojan.Win32.Save.a
BitDefenderTheta	Gen:NN.ZemsilF.36662.hp0@aC03U4o
VirIT	Trojan.Win32.MSIL_Heur.B
Cyren	W32/MSIL_Troj.BTX.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.CLQ
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.MSIL.Quasar.gen
BitDefender	Generic.MSIL.PasswordStealerA.3E8977AC
MicroWorld-eScan	Generic.MSIL.PasswordStealerA.3E8977AC
Avast	MSIL:Quasar-A [Rat]
Emsisoft	Generic.MSIL.PasswordStealerA.3E8977AC (B)
F-Secure	Heuristic.HEUR/AGEN.1305743
DrWeb	BackDoor.QuasarNET.3
VIPRE	Generic.MSIL.PasswordStealerA.3E8977AC
McAfee-GW-Edition	BehavesLike.Win32.Generic.wh
FireEye	Generic.mg.6d7a9ff46c6ee072
Sophos	ML/PE-A
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1305743
MAX	malware (ai score=83)
Microsoft	Backdoor:MSIL/Quasar!pz
Arcabit	Generic.MSIL.PasswordStealerA.3E8977AC
ZoneAlarm	HEUR:Trojan.MSIL.Quasar.gen
GData	MSIL.Backdoor.Quasar.A
Google	Detected
AhnLab-V3	Backdoor/Win32.QuasarRAT.R341693
ALYac	Generic.MSIL.PasswordStealerA.3E8977AC
VBA32	Trojan.MSIL.Quasar.Heur
Cylance	unsafe
Rising	Backdoor.Quasar!1.E5F1 (CLASSIC)
Ikarus	Trojan-Spy.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.BXX!tr
AVG	MSIL:Quasar-A [Rat]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Backdoor:MSIL/Quasar!pz?

Backdoor:MSIL/Quasar!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X