Backdoor

What is “Backdoor:MSIL/WebShell.AH!MTB”?

Malware Removal

The Backdoor:MSIL/WebShell.AH!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:MSIL/WebShell.AH!MTB virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine Backdoor:MSIL/WebShell.AH!MTB?


File Info:

name: A5415513D4E0E415E073.mlw
path: /opt/CAPEv2/storage/binaries/ae4e7d22c9649548daf66dbcb868e75c6dd9bfc2c2867103cfc2f16c013d87a8
crc32: 682D7237
md5: a5415513d4e0e415e07341d46018fd70
sha1: 06f58cc0f6a51e8e70256b22b2c6589f016d421f
sha256: ae4e7d22c9649548daf66dbcb868e75c6dd9bfc2c2867103cfc2f16c013d87a8
sha512: c7d1d762aaf098ec34245f82ceb7ac1a642d5b2e668ed2440b5ac7c667a9dce9d1e5d91b7cffdb3d41a98d26d7725b058f027987574515fbbef9510747cad1ab
ssdeep: 6144:h575zMQlKeXdLeOkzTo2jSvlpABKobY1PkwKL1TxDBJhTA8p+gATTrpGe712:eQQTp
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1EE44C40A36E84B04E5BA97BEA67506048B77B813D571E21D3CDCA4ED1FB3B908417B63
sha3_384: c6a8c0e6b893eb78853d4019289b301c2aa7c0777a43d350420fb7350e3c748f5a6315cc4edb8d7c5d06567ee10099fb
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-10-12 22:09:52

Version Info:

0: [No Data]

Backdoor:MSIL/WebShell.AH!MTB also known as:

BkavW32.AIDetectMalware.CS
AVGWin32:BackdoorX-gen [Trj]
MicroWorld-eScanGen:Variant.MSILHeracles.118220
FireEyeGen:Variant.MSILHeracles.118220
SkyhighBehavesLike.Win32.BadFile.dm
McAfeeArtemis!A5415513D4E0
MalwarebytesGeneric.Malware.AI.DDS
CrowdStrikewin/malicious_confidence_90% (W)
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Webshell.AU
APEXMalicious
ClamAVWin.Packed.Generickdz-9941382-0
KasperskyHEUR:Backdoor.MSIL.WebShell.gen
BitDefenderGen:Variant.MSILHeracles.118220
NANO-AntivirusTrojan.Win32.WebShell.klolbx
AvastWin32:BackdoorX-gen [Trj]
EmsisoftGen:Variant.MSILHeracles.118220 (B)
F-SecureBackdoor.BDC/AspxShell.G
DrWebBackDoor.WebshellNET.8
VIPREGen:Variant.MSILHeracles.118220
TrendMicroTROJ_GEN.R03BC0DDE24
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
VaristW32/WebShell.J.gen!Eldorado
AviraBDC/AspxShell.G
MicrosoftBackdoor:MSIL/WebShell.AH!MTB
ArcabitTrojan.MSILHeracles.D1CDCC
ZoneAlarmHEUR:Backdoor.MSIL.WebShell.gen
GDataMSIL.Trojan.PSE.4C3LYT
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5528305
ALYacGen:Variant.MSILHeracles.118220
MAXmalware (ai score=88)
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R03BC0DDE24
IkarusTrojan.MSIL.Webshell
MaxSecureTrojan.Malware.116271617.susgen
FortinetMSIL/Webshell.AZ!tr
alibabacloudBackdoor:MSIL/Webshell.AU

How to remove Backdoor:MSIL/WebShell.AH!MTB?

Backdoor:MSIL/WebShell.AH!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment