Backdoor

What is “Backdoor:Win32/Visel.C”?

Malware Removal

The Backdoor:Win32/Visel.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/Visel.C virus can do?

  • Injection (inter-process)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor:Win32/Visel.C?


File Info:

crc32: 89E4D721
md5: 5dc4ed7b17628df3c13bf9aaf47cdd21
name: 5DC4ED7B17628DF3C13BF9AAF47CDD21.mlw
sha1: 16fff49e224ece62629ff02290816129e3e7bc63
sha256: fce98b15cacd52ff1f6825b7264dd20d1997284cdcc27aaf876bd3711b5791b4
sha512: 2088d751514ea3acfea1c19ed7c9f1a25cb26b84fb1d883c435c4341cc3bbdc66c2d63fc4fc7c5ce78123297dc64fb1e109a06232218bcb88536d2e7a255579f
ssdeep: 1536:1S1qEQEqhCgHEjRGXyCLu8Pnb3uGTz8xBxvPTQPTBm4RcYyhUhSWUb:1S1vQZrEjRVCLPnbR6BOTB1cYyhUhSTb
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

0: [No Data]

Backdoor:Win32/Visel.C also known as:

K7AntiVirusTrojan ( 004d1ab11 )
DrWebBackDoor.Darkshell
CynetMalicious (score: 100)
ALYacGeneric.Visel.52C5385B
CylanceUnsafe
ZillyaBackdoor.Visel.Win32.488
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_60% (D)
AlibabaBackdoor:Win32/Visel.88246764
K7GWTrojan ( 004d1ab11 )
Cybereasonmalicious.b17628
CyrenW32/Backdoor.EPEV-1166
SymantecBackdoor.Trojan
ESET-NOD32Win32/Visel.NAC
APEXMalicious
AvastWin32:Dh-A [Heur]
ClamAVWin.Trojan.Visel-1
KasperskyBackdoor.Win32.Visel.bj
BitDefenderGeneric.Visel.52C5385B
NANO-AntivirusTrojan.Win32.Visel.buwmr
MicroWorld-eScanGeneric.Visel.52C5385B
TencentWin32.Backdoor.Visel.Tafk
Ad-AwareGeneric.Visel.52C5385B
SophosGeneric ML PUA (PUA)
ComodoBackdoor@#1k1dwmmlscns0
BitDefenderThetaAI:Packer.4C460B241F
VIPRETrojan.Win32.Generic!SB.0
TrendMicroBKDR_VISEL.BS
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.lc
FireEyeGeneric.mg.5dc4ed7b17628df3
EmsisoftGeneric.Visel.52C5385B (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/Visel.on
WebrootW32.Backdoor.Gen
AviraBDS/Visel.AL.1
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.707178
KingsoftWin32.Heur.KVM003.a.(kcloud)
MicrosoftBackdoor:Win32/Visel.C
GDataGeneric.Visel.52C5385B
TACHYONBackdoor/W32.Visel.203480.B
McAfeeArtemis!5DC4ED7B1762
MAXmalware (ai score=100)
VBA32Backdoor.Visel
PandaTrj/ByShell.C
TrendMicro-HouseCallBKDR_VISEL.BS
RisingBackdoor.Win32.Agent.ykn (CLASSIC)
YandexTrojan.GenAsa!P07AsaQsBkA
IkarusBackdoor.Win32.Visel
AVGWin32:Dh-A [Heur]
Paloaltogeneric.ml

How to remove Backdoor:Win32/Visel.C?

Backdoor:Win32/Visel.C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment