Categories: Backdoor

What is “Backdoor:Win32/Visel.C”?

The Backdoor:Win32/Visel.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Visel.C virus can do?

Injection (inter-process)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Expresses interest in specific running processes
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Uses Windows utilities for basic functionality
Code injection with CreateRemoteThread in a remote process
Deletes its original binary from disk
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a copy of itself
Uses suspicious command line tools or Windows utilities

How to determine Backdoor:Win32/Visel.C?


File Info:
crc32: 89E4D721md5: 5dc4ed7b17628df3c13bf9aaf47cdd21name: 5DC4ED7B17628DF3C13BF9AAF47CDD21.mlwsha1: 16fff49e224ece62629ff02290816129e3e7bc63sha256: fce98b15cacd52ff1f6825b7264dd20d1997284cdcc27aaf876bd3711b5791b4sha512: 2088d751514ea3acfea1c19ed7c9f1a25cb26b84fb1d883c435c4341cc3bbdc66c2d63fc4fc7c5ce78123297dc64fb1e109a06232218bcb88536d2e7a255579fssdeep: 1536:1S1qEQEqhCgHEjRGXyCLu8Pnb3uGTz8xBxvPTQPTBm4RcYyhUhSWUb:1S1vQZrEjRVCLPnbR6BOTB1cYyhUhSTbtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
0: [No Data]

Backdoor:Win32/Visel.C also known as:

K7AntiVirus	Trojan ( 004d1ab11 )
DrWeb	BackDoor.Darkshell
Cynet	Malicious (score: 100)
ALYac	Generic.Visel.52C5385B
Cylance	Unsafe
Zillya	Backdoor.Visel.Win32.488
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_60% (D)
Alibaba	Backdoor:Win32/Visel.88246764
K7GW	Trojan ( 004d1ab11 )
Cybereason	malicious.b17628
Cyren	W32/Backdoor.EPEV-1166
Symantec	Backdoor.Trojan
ESET-NOD32	Win32/Visel.NAC
APEX	Malicious
Avast	Win32:Dh-A [Heur]
ClamAV	Win.Trojan.Visel-1
Kaspersky	Backdoor.Win32.Visel.bj
BitDefender	Generic.Visel.52C5385B
NANO-Antivirus	Trojan.Win32.Visel.buwmr
MicroWorld-eScan	Generic.Visel.52C5385B
Tencent	Win32.Backdoor.Visel.Tafk
Ad-Aware	Generic.Visel.52C5385B
Sophos	Generic ML PUA (PUA)
Comodo	Backdoor@#1k1dwmmlscns0
BitDefenderTheta	AI:Packer.4C460B241F
VIPRE	Trojan.Win32.Generic!SB.0
TrendMicro	BKDR_VISEL.BS
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.lc
FireEye	Generic.mg.5dc4ed7b17628df3
Emsisoft	Generic.Visel.52C5385B (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Backdoor/Visel.on
Webroot	W32.Backdoor.Gen
Avira	BDS/Visel.AL.1
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.707178
Kingsoft	Win32.Heur.KVM003.a.(kcloud)
Microsoft	Backdoor:Win32/Visel.C
GData	Generic.Visel.52C5385B
TACHYON	Backdoor/W32.Visel.203480.B
McAfee	Artemis!5DC4ED7B1762
MAX	malware (ai score=100)
VBA32	Backdoor.Visel
Panda	Trj/ByShell.C
TrendMicro-HouseCall	BKDR_VISEL.BS
Rising	Backdoor.Win32.Agent.ykn (CLASSIC)
Yandex	Trojan.GenAsa!P07AsaQsBkA
Ikarus	Backdoor.Win32.Visel
AVG	Win32:Dh-A [Heur]
Paloalto	generic.ml