Categories: Trojan

What is “Trojan:MSIL/DCRat.MA!MTB”?

The Trojan:MSIL/DCRat.MA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:MSIL/DCRat.MA!MTB virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
CAPE detected the DCRat malware family
Anomalous binary characteristics

How to determine Trojan:MSIL/DCRat.MA!MTB?


File Info:
name: 011ABC4C7F96F61BDCA1.mlwpath: /opt/CAPEv2/storage/binaries/ea37857787c7c70f7ed72ef34e3bec03a6b775ec7048411a811717230d943d86crc32: 187410BEmd5: 011abc4c7f96f61bdca14fc60131c7basha1: 75fa0ac651b1ee61798c695e98d813d2b6dc9b97sha256: ea37857787c7c70f7ed72ef34e3bec03a6b775ec7048411a811717230d943d86sha512: 0424fe051b24bead15b7c9a02fda6a908c6d9f0d49e9ab30b60d65c6d39f80fd6e49d04d7c13cd8dff97400a96bcadd93b5e3868f0ec23b043678a129ad455bfssdeep: 24576:hCNqlizzN4yGwrXLoamoWvXa7IwfvoMODACOfCt2lPy1A9QsD2lPy1A9QnU:AwgKyGwHthIwf7gOqt2wKQsD2wKQnUtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1059575342EEA5019F1B3BF7C9AF435959A6FBEA37B27854D0061028A0733A41DDD173Asha3_384: 416a9bfb26a6ce6b2599e977c83dad8640227014e0a75e80c9d37e607715668caa0938e9e09ee67da0948d70c7aa39b2ep_bytes: ff250020d30000000000000000000000timestamp: 2022-07-24 15:13:08
Version Info:
Build Id: Intouch2400MaintBuild_v0527CompanyName: Schneider Electric Software, LLC.Component Id: view_v0041FileDescription: InTouch WindowViewerFileVersion: 2400.0631.0527.0041LegalCopyright: (c) 2015 Schneider Electric Software, LLC. All rights reserved.LegalTrademarks: Schneider Electric, Wonderware and ArchestrA are trademarks of Schneider Electric SE, its subsidiaries and affiliated companies.OriginalFilename: View.exeProductName: InTouchProductVersion: 11.1.13100Translation: 0x0409 0x04b0

Trojan:MSIL/DCRat.MA!MTB also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.DCRat.4!c
MicroWorld-eScan	IL:Trojan.MSILZilla.26381
ClamAV	Win.Packed.Msilmamut-9987799-0
FireEye	Generic.mg.011abc4c7f96f61b
ALYac	IL:Trojan.MSILZilla.26381
Malwarebytes	Malware.AI.2230680604
Sangfor	Trojan.Win32.Save.a
Alibaba	Backdoor:MSIL/DCRat.3ca50209
CrowdStrike	win/malicious_confidence_100% (W)
VirIT	Trojan.Win32.MSIL_Heur.A
Cyren	W32/MSIL_Kryptik.JBT.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Spy.Agent.DTR
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Backdoor.MSIL.DCRat.gen
BitDefender	IL:Trojan.MSILZilla.26381
Avast	Win32:DropperX-gen [Drp]
Emsisoft	IL:Trojan.MSILZilla.26381 (B)
F-Secure	Heuristic.HEUR/AGEN.1310064
DrWeb	BackDoor.DarkCrystalNET.18
VIPRE	IL:Trojan.MSILZilla.26381
TrendMicro	TROJ_GEN.R002C0DD723
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.tm
Trapmine	malicious.high.ml.score
Sophos	Troj/DCRat-J
SentinelOne	Static AI – Malicious PE
GData	MSIL.Trojan.PSE.11DI5JD
Jiangmin	Backdoor.MSIL.ftrw
Avira	HEUR/AGEN.1310064
MAX	malware (ai score=84)
Antiy-AVL	Trojan[Backdoor]/MSIL.DCRat
Arcabit	IL:Trojan.MSILZilla.D670D
ViRobot	Trojan.Win.Z.Dcrat.2043904.AA
ZoneAlarm	HEUR:Backdoor.MSIL.DCRat.gen
Microsoft	Trojan:MSIL/DCRat.MA!MTB
Google	Detected
AhnLab-V3	Trojan/Win.MSILMamut.C5394515
McAfee	Artemis!011ABC4C7F96
TACHYON	Backdoor/W32.DN-DCRat.2043904
VBA32	Dropper.MSIL.gen
Cylance	unsafe
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DD723
Rising	Backdoor.DCRat!1.E0D3 (CLASSIC)
Ikarus	Trojan.MSIL.Spy
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Agent.DTR!tr
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS