Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/Rootkit
Threat report

What is “Trojan:Win32/Rootkit!MSR”?

Published May 2, 2023 Rootkit category 3 min read
Report context

What to verify before removal

Use this report for a controlled check of What is “Trojan:Win32/Rootkit!MSR”? when the affected machine shows suspicious processes, dropped files, or payload delivery behavior. The goal is to verify the exact file and persistence path before quarantine.

Start by comparing the local file name with 776568DE43BDB8C36AA8.mlw, then review the behavior notes for persistence entries, dropped files, unusual processes, and browser or network changes. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
776568DE43BDB8C36AA8.mlw
  • Compare the suspicious file name with 776568DE43BDB8C36AA8.mlw.
  • Confirm the detection name matches What is “Trojan:Win32/Rootkit!MSR”? before removing related files.
  • Review the report for persistence entries, dropped files, unusual processes, and browser or network changes so the cleanup is based on observed behavior, not only the label.
  • Run a full scan, quarantine confirmed detections, and restart before signing back in to sensitive accounts.

The Trojan:Win32/Rootkit!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Trojan:Win32/Rootkit!MSR virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Rootkit!MSR?



File Info:

name: 776568DE43BDB8C36AA8.mlw
path: /opt/CAPEv2/storage/binaries/7ddd4a6aeb8712a2330ea4019a0a7532ad7ae8af1fa426abd564636a4e306332
crc32: 3EC7E7CA
md5: 776568de43bdb8c36aa8860276d0edab
sha1: 8cec3f7b5cc6ab83a8362b4aaea8c295809eb38e
sha256: 7ddd4a6aeb8712a2330ea4019a0a7532ad7ae8af1fa426abd564636a4e306332
sha512: def50751f5b23e6c5f1d2e5b40f9ca9c9797b58b7345ccb6f4129d1d951702230350d6e0769eb35b5998d0497db56ad95d7f9e74e62638d17d24c95bd67f3f7e
ssdeep: 98304:y54xSL7FtU1VqsfOq9F4XiKtcNoCn/lCSMf0XwwU6uUfn:y54xS0iYOgOiKtcN/n/l60XPUsv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124E50242A6B140B3C89782754B7D1B32697A7A615321C6C7F3DC5D190F623E0EA3A3E7
sha3_384: 2bfe1a18e51b333e675703f762cca4d0b96b09a05cec5ef48134bdcb13a78e405e68aa6a09c19ce2aa3966d62378cd1c
ep_bytes: e8615a0000e9000000006a1468b8436d
timestamp: 2023-04-05 11:48:39


Version Info:

CompanyName: The Chromium Authors
FileDescription: Chromium
FileVersion: 1.4.37.163
LegalCopyright: Copyright 2022 The Chromium Authors. All rights reserved
ProductName: Chromium
ProductVersion: 1.4.37.163
Translation: 0x0804 0x04b0

Trojan:Win32/Rootkit!MSR also known as:

Lionic Trojan.Win32.Doina.4!c
MicroWorld-eScan Gen:Variant.Doina.55857
McAfee Artemis!776568DE43BD
Zillya Trojan.AgentAGen.Win64.1345
Cyren W32/Agent.FVY.gen!Eldorado
ESET-NOD32 multiple detections
BitDefender Gen:Variant.Doina.55857
Tencent Win32.Trojan.Ad.Aujl
Emsisoft Gen:Variant.Doina.55857 (B)
F-Secure Trojan.TR/AD.CopperSteal.eaiai
VIPRE Gen:Variant.Doina.55857
TrendMicro TROJ_GEN.R002C0DDK23
McAfee-GW-Edition Artemis
Ikarus Trojan.Win64.Agent
Google Detected
Avira TR/AD.CopperSteal.eaiai
Microsoft Trojan:Win32/Rootkit!MSR
Arcabit Trojan.Doina.DDA31
GData Gen:Variant.Doina.55857
VBA32 BScope.Trojan.Wacatac
ALYac Gen:Variant.Doina.55857
MAX malware (ai score=88)
Cylance unsafe
TrendMicro-HouseCall TROJ_GEN.R002C0DDK23
Rising Rootkit.Hijacker!1.E450 (CLASSIC)
Fortinet W64/Agent_AGen.UP!tr
DeepInstinct MALICIOUS

How to remove Trojan:Win32/Rootkit!MSR?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.