Trojan

Trojan:MSIL/DCRat.JB information

Malware Removal

The Trojan:MSIL/DCRat.JB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/DCRat.JB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the DCRat malware family
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:MSIL/DCRat.JB?



File Info:

name: 049D1DDA4BA410C788B2.mlw
path: /opt/CAPEv2/storage/binaries/e55e723f1506321e68d1e9ffed9ebbf3d50390c8a456b33a07b9225c1f9bb22a
crc32: D3AD6C83
md5: 049d1dda4ba410c788b22b972e75b1b4
sha1: 55c4a9325946b5b5d178684163cb70ef0f2395d6
sha256: e55e723f1506321e68d1e9ffed9ebbf3d50390c8a456b33a07b9225c1f9bb22a
sha512: 7a06e549a1c6c60b2ceeca512eb223f567c3d46362de5f55f352549e40b121715dcff47ccca0a97b9bb874e69aa931abd0139882e43c29fc7d74442885c13305
ssdeep: 12288:kyXJB8+3YwUNO+WCf6YMc8Z+GwXxmk4Bnopmn3abBm5EZT0:flNUNObK6XwXxmk4Bopmqo0I
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1BBE4C617DE294F5EC558E8E021FC4C494CDBEF961818C6822EF10AB7BB4AF59653AD0C
sha3_384: e3926ba3dc00703e08de838ff06352584617417d3ce4489a9ee6848d151069135273b5fff0c281403ad885d660349bbb
ep_bytes: e807300000e9a4feffff3b0d04db4a00
timestamp: 2023-06-10 10:50:56


Version Info:

Comments: Il s'agit d'une application légitime.
CompanyName: Renault S.A.
FileDescription: Renault S.A. Produit
FileVersion: 231
InternalName: ApplicationInterne
LegalCopyright: Droit d'auteur © Renault S.A. Tous droits réservés.
LegalTrademarks: Marques déposées © Renault S.A.
OriginalFilename: app.exe
ProductName: Application
ProductVersion: 231
Translation: 0x0407 0x04b0

Trojan:MSIL/DCRat.JB also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.67462245
FireEyeGeneric.mg.049d1dda4ba410c7
Cylanceunsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenKryptik.GKPI
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Downloader.Win32.Krocomain.gen
BitDefenderTrojan.GenericKD.67462245
AvastWin32:PWSX-gen [Trj]
EmsisoftTrojan.GenericKD.67462245 (B)
VIPRETrojan.GenericKD.67462245
McAfee-GW-EditionArtemis!Trojan
Trapminemalicious.high.ml.score
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.67462245
Antiy-AVLTrojan/Win32.Sabsik
ArcabitTrojan.Generic.D4056465
ZoneAlarmHEUR:Trojan-Downloader.Win32.Krocomain.gen
MicrosoftTrojan:MSIL/DCRat.JB
GoogleDetected
McAfeeArtemis!049D1DDA4BA4
MAXmalware (ai score=84)
MalwarebytesMalware.AI.924044069
IkarusTrojan-Spy.Agent
MaxSecurePSW.W32.Coins.gen_265938
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaF.36250.Rq2@aSp4acoi
AVGWin32:PWSX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan:MSIL/DCRat.JB?

Trojan:MSIL/DCRat.JB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment