Backdoor

Backdoor:MSIL/WebShell.GMQ!MTB (file analysis)

Malware Removal

The Backdoor:MSIL/WebShell.GMQ!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:MSIL/WebShell.GMQ!MTB virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine Backdoor:MSIL/WebShell.GMQ!MTB?



File Info:

name: D651A70F779F673940D5.mlw
path: /opt/CAPEv2/storage/binaries/cc4c379a29f0bba77bd0c4450eea476e379f0aede08e8cf60ebc44ac593dca55
crc32: 1FA01E0F
md5: d651a70f779f673940d5595a2b1f0de7
sha1: 21b9e21a6c41ccc7d837a7be233e34282035c239
sha256: cc4c379a29f0bba77bd0c4450eea476e379f0aede08e8cf60ebc44ac593dca55
sha512: 7c789e3e353740881b6d2051cbb08b0ea6f7808cb2d0f6bd63751abe3ee2cb7a6bad7db97b392a2de0fc917186313faa665d5a27e3bff4bade6c8f890bd8800d
ssdeep: 3072:wbqdw3ESTfuktXSJMT+dsyZQUeiXUyWmrjebqqq2Vq:qektx/
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1A204C60733ED8614F1BEDA7951354C648B37B96A9835C15E0D9868ED1BF3F80C862FA2
sha3_384: abe541a73165dbd13f08ec66da4231c6dfcfbc4c13ff2be05b67041932ea14bfcff19357c8335d531b6303c04a34f017
ep_bytes: ff250020400000000000000000000000
timestamp: 2024-03-26 19:18:58


Version Info:

0: [No Data]

Backdoor:MSIL/WebShell.GMQ!MTB also known as:

BkavW32.AIDetectMalware.CS
AVGWin32:BackdoorX-gen [Trj]
DrWebBackDoor.WebshellNET.8
MicroWorld-eScanGen:Variant.MSILHeracles.68689
FireEyeGen:Variant.MSILHeracles.68689
SkyhighBehavesLike.Win32.Backdoor.cm
ALYacGen:Variant.MSILHeracles.68689
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005ab4bd1 )
K7GWTrojan ( 005ab4bd1 )
CrowdStrikewin/malicious_confidence_100% (W)
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Webshell.AU
APEXMalicious
AvastWin32:BackdoorX-gen [Trj]
ClamAVWin.Packed.Bulz-9891413-0
KasperskyHEUR:Backdoor.MSIL.WebShell.gen
BitDefenderGen:Variant.MSILHeracles.68689
TencentBackdoor.MSIL.WebShell.16000622
EmsisoftGen:Variant.MSILHeracles.68689 (B)
F-SecureHeuristic.HEUR/AGEN.1362733
IkarusTrojan.MSIL.Webshell
GDataMSIL.Trojan.PSE.10FRWX1
GoogleDetected
AviraHEUR/AGEN.1362733
MAXmalware (ai score=87)
ArcabitTrojan.MSILHeracles.D10C51
ZoneAlarmHEUR:Backdoor.MSIL.WebShell.gen
MicrosoftBackdoor:MSIL/WebShell.GMQ!MTB
VaristW32/WebShell.D.gen!Eldorado
AhnLab-V3Trojan/Win.Generic.C5388690
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Webshell.AZ!tr
alibabacloudBackdoor:MSIL/Webshell.AU

How to remove Backdoor:MSIL/WebShell.GMQ!MTB?

Backdoor:MSIL/WebShell.GMQ!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment