Backdoor:MSIL/WebShell.AI!MTB information

The Backdoor:MSIL/WebShell.AI!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:MSIL/WebShell.AI!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Backdoor:MSIL/WebShell.AI!MTB?


File Info:
name: 1EAFD8BDAE30826CB039.mlw
path: /opt/CAPEv2/storage/binaries/4303c51fc87be8041c7caf9a61916e3df27fc1aaead6221bad8a2a145d2536f1
crc32: 225CFB9C
md5: 1eafd8bdae30826cb03929c506be3ccb
sha1: 7e7348e00486b67e26c03b21a35166df728d2d64
sha256: 4303c51fc87be8041c7caf9a61916e3df27fc1aaead6221bad8a2a145d2536f1
sha512: 8a32bd2655a08de7d4d8532164b24d1eb0b3d6ec347e41ed17c979331f73a5cce00bb90b568aebac2648ba3e0341eff1367bca3e5d384d3956234faa875a2084
ssdeep: 192:IUpU1U0D0lqbhVHbggSzcfVasYtbFY5XwbMFbU8b:9U1KQVV7gdzcfVasYtYD
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T16A32E81BB7D9CA23DA7E477C297186140376D603A023FB277FC850A89FD37518852B96
sha3_384: 7cf8203da99d3fcf74cc14bbca7109142d4d9beaff466e91a5ed1ae2f4e440698b75397f0703b012f41f27dc3fd740d7
ep_bytes: ff250020001000000000000000000000
timestamp: 2024-03-25 14:54:22

Version Info:
0: [No Data]

Backdoor:MSIL/WebShell.AI!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.104945
FireEye	Trojan.GenericKDZ.104945
Malwarebytes	Trojan.WebShell.MSIL
Zillya	Trojan.Agent.Win32.3763008
CrowdStrike	win/malicious_confidence_60% (W)
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Agent.EJA
APEX	Malicious
TrendMicro-HouseCall	TROJ_GEN.R011C0DCR24
ClamAV	Win.Packed.Webshell-10014509-0
Kaspersky	HEUR:Backdoor.MSIL.WebShell.gen
BitDefender	Trojan.GenericKDZ.104945
Avast	Win32:BackdoorX-gen [Trj]
TACHYON	Backdoor/W32.DN-WebShell.11264.L
Emsisoft	Trojan.GenericKDZ.104945 (B)
F-Secure	Heuristic.HEUR/AGEN.1370573
DrWeb	BackDoor.WebshellNET.5
VIPRE	Trojan.GenericKDZ.104945
TrendMicro	TROJ_GEN.R011C0DCR24
Ikarus	Trojan.MSIL.Agent
Google	Detected
Avira	HEUR/AGEN.1370573
Varist	W32/MSIL_Agent1.GWE.gen!Eldorado
Antiy-AVL	Trojan[Backdoor]/MSIL.WebShell
Microsoft	Backdoor:MSIL/WebShell.AI!MTB
Arcabit	Trojan.Generic.D199F1
ZoneAlarm	HEUR:Backdoor.MSIL.WebShell.gen
GData	MSIL.Trojan.PSE.CX8BC6
AhnLab-V3	Backdoor/Win.WEBSHELL.C5545120
ALYac	Trojan.GenericKDZ.104945
MAX	malware (ai score=80)
VBA32	TScope.Trojan.MSIL
Panda	Trj/GdSda.A
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Agent.EJA!tr
AVG	Win32:BackdoorX-gen [Trj]

How to remove Backdoor:MSIL/WebShell.AI!MTB?

Backdoor:MSIL/WebShell.AI!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X