Backdoor

Backdoor:MSIL/Sisbot.A malicious file

Malware Removal

The Backdoor:MSIL/Sisbot.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:MSIL/Sisbot.A virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares

How to determine Backdoor:MSIL/Sisbot.A?



File Info:

name: 282CAB6184384C11A766.mlw
path: /opt/CAPEv2/storage/binaries/a5b12c7dba0668da696330cbcc201d4018e9f33ab062267bcfc9037fe94efe4b
crc32: 9AB5BC39
md5: 282cab6184384c11a766e4a1c22d327c
sha1: ecee19f8e092127bef5be428c6776e67ad133a49
sha256: a5b12c7dba0668da696330cbcc201d4018e9f33ab062267bcfc9037fe94efe4b
sha512: c529cfece5dec534bdbf16dddb27ad1049371fdce8b8fb590bf170118043854e9de35c4cdc75001d9afbfe4f45867a1392b3fb0b85c685a1a8c6b8338d29ec62
ssdeep: 12288:AyVK5pCy1dZZMWwNHnSat5ZfjAHwK1ZJ1OSo9OIOhWfw3kWpbPyn/0eHLnR:cB1zZdwNHnSufMkSnIi3k+PynMaR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC153C103794EA1ED1FF4A34D475482903F0E2063666EBAA5BA0F19E3C93F819D653B7
sha3_384: 03af3d175cff44d4c5b4c73706695fa7203037e07ff5c4bb7e409fac9259768287385220001734ff9645ddbcff393a31
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-06-04 05:18:06


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: rwszjj1t.exe
LegalCopyright:  
OriginalFilename: rwszjj1t.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Backdoor:MSIL/Sisbot.A also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.56853
ClamAVWin.Ircbot.Generickdz-9843485-0
ALYacTrojan.GenericKDZ.56853
MalwarebytesAutoRun.Trojan.MSIL.DDS
VIPRETrojan.GenericKDZ.56853
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 700000121 )
K7AntiVirusTrojan ( 700000121 )
BaiduMSIL.Worm.Autorun.a
VirITTrojan.Win32.DownLoader7.CECP
CyrenW32/MSIL_Troj.CI.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Autorun.Agent.ET
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKDZ.56853
NANO-AntivirusTrojan.Win32.IRCBot.dbizwe
AvastWin32:GenMalicious-HFG [Trj]
TencentWorm.Msil.Autorun.ya
EmsisoftTrojan.GenericKDZ.56853 (B)
F-SecureTrojan.TR/IRCbot.agbs
DrWebTrojan.DownLoader7.37923
TrendMicroBKDR_SISBOT.SMILA
McAfee-GW-EditionBehavesLike.Win32.Backdoor.dm
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.282cab6184384c11
SophosTroj/MSIL-IO
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKDZ.56853
WebrootW32.Bot.Gen
AviraTR/IRCbot.agbs
MAXmalware (ai score=88)
Antiy-AVLTrojan/MSIL.Agent
XcitiumWorm.MSIL.IRCBot.u@53shnj
ArcabitTrojan.Generic.DDE15
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftBackdoor:MSIL/Sisbot.A
GoogleDetected
AhnLab-V3Trojan/Win32.Siscos.R29097
McAfeeBackDoor-FBRX!282CAB618438
VBA32Backdoor.MSIL.XWorm.gen
Cylanceunsafe
PandaGeneric Malware
TrendMicro-HouseCallBKDR_SISBOT.SMILA
RisingBackdoor.Sisbot!1.A305 (CLASSIC)
IkarusTrojan-Dropper.MSIL
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/IRCBot.SDD!tr
BitDefenderThetaAI:Packer.F12C1F9E1F
AVGWin32:GenMalicious-HFG [Trj]
Cybereasonmalicious.184384
DeepInstinctMALICIOUS

How to remove Backdoor:MSIL/Sisbot.A?

Backdoor:MSIL/Sisbot.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment