Backdoor:MSIL/Webshell.BB!MTB (file analysis)

The Backdoor:MSIL/Webshell.BB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:MSIL/Webshell.BB!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Backdoor:MSIL/Webshell.BB!MTB?


File Info:
name: E634AAE37B07960444C0.mlw
path: /opt/CAPEv2/storage/binaries/7ef36569b7dcb9cba7052590235b0ab581c1bc6c38279829a4efec6e090af733
crc32: 4B62119E
md5: e634aae37b07960444c0e83776024082
sha1: 23b40b8cbfd7f5609ee4781e80506ae618f4f35b
sha256: 7ef36569b7dcb9cba7052590235b0ab581c1bc6c38279829a4efec6e090af733
sha512: efafff8e69304effa981ac6dfa8e5f8afd04ccd017a93fdbce8a350f5acdf9f93b7fcd77b1cae7836b57080f293761e186dae65b267fbacc475f01aabe32d003
ssdeep: 192:BhpsifXpjjkJpj3fLeMLYOs1TD+t82VFLsTmxOQadkX7Lt4TwT:Bga4pj3fLeML1g2DoTmxOtKX7Lt4TwT
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T13252E71EAB98CD13C6BB9331A7B29604C4B695070596CF1ABDDCA5C61FB334402A2FD8
sha3_384: 6172663a13d7a51aa95c0d886ccff7365bf3cb7d333eb9f6ea96dec1bac00d4a8eb6244831b58c0079c3e31311a7b360
ep_bytes: ff250020001000000000000000000000
timestamp: 2024-01-18 23:00:14

Version Info:
0: [No Data]

Backdoor:MSIL/Webshell.BB!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Webshell.m!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.MSILHeracles.61452
Skyhigh	BehavesLike.Win32.Infected.lm
ALYac	Gen:Variant.MSILHeracles.61452
Cylance	unsafe
Zillya	Trojan.Webshell.Win32.16517
Sangfor	Backdoor.Msil.Agent.V8vu
Alibaba	Backdoor:MSIL/WebShell.76df12fe
Arcabit	Trojan.MSILHeracles.DF00C
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Webshell.EV
Cynet	Malicious (score: 99)
ClamAV	Win.Packed.Webshell-10016062-0
Kaspersky	HEUR:Backdoor.MSIL.WebShell.gen
BitDefender	Gen:Variant.MSILHeracles.61452
Avast	Win32:BackdoorX-gen [Trj]
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Dropper.MSIL.Gen
DrWeb	BackDoor.WebshellNET.9
VIPRE	Gen:Variant.MSILHeracles.61452
Emsisoft	Gen:Variant.MSILHeracles.61452 (B)
SentinelOne	Static AI – Suspicious PE
Varist	W32/WebShell.E.gen!Eldorado
Avira	TR/Dropper.MSIL.Gen
Microsoft	Backdoor:MSIL/Webshell.BB!MTB
ZoneAlarm	HEUR:Backdoor.MSIL.WebShell.gen
GData	Gen:Variant.MSILHeracles.61452
Google	Detected
AhnLab-V3	Backdoor/Win.WEBSHELL.C5557106
McAfee	Artemis!E634AAE37B07
Malwarebytes	Trojan.WebShell
Panda	Trj/GdSda.A
Tencent	Backdoor.MSIL.WebShell.kt
Ikarus	Trojan.MSIL.Webshell
Fortinet	W32/Webshell.EE!tr
AVG	Win32:BackdoorX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Backdoor:MSIL/Webshell.BB!MTB?

Backdoor:MSIL/Webshell.BB!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X