Rootkit Trojan

What is “Trojan:Win32/Rootkit!MSR”?

Malware Removal

The Trojan:Win32/Rootkit!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Rootkit!MSR virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Rootkit!MSR?



File Info:

name: 776568DE43BDB8C36AA8.mlw
path: /opt/CAPEv2/storage/binaries/7ddd4a6aeb8712a2330ea4019a0a7532ad7ae8af1fa426abd564636a4e306332
crc32: 3EC7E7CA
md5: 776568de43bdb8c36aa8860276d0edab
sha1: 8cec3f7b5cc6ab83a8362b4aaea8c295809eb38e
sha256: 7ddd4a6aeb8712a2330ea4019a0a7532ad7ae8af1fa426abd564636a4e306332
sha512: def50751f5b23e6c5f1d2e5b40f9ca9c9797b58b7345ccb6f4129d1d951702230350d6e0769eb35b5998d0497db56ad95d7f9e74e62638d17d24c95bd67f3f7e
ssdeep: 98304:y54xSL7FtU1VqsfOq9F4XiKtcNoCn/lCSMf0XwwU6uUfn:y54xS0iYOgOiKtcN/n/l60XPUsv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124E50242A6B140B3C89782754B7D1B32697A7A615321C6C7F3DC5D190F623E0EA3A3E7
sha3_384: 2bfe1a18e51b333e675703f762cca4d0b96b09a05cec5ef48134bdcb13a78e405e68aa6a09c19ce2aa3966d62378cd1c
ep_bytes: e8615a0000e9000000006a1468b8436d
timestamp: 2023-04-05 11:48:39


Version Info:

CompanyName: The Chromium Authors
FileDescription: Chromium
FileVersion: 1.4.37.163
LegalCopyright: Copyright 2022 The Chromium Authors. All rights reserved
ProductName: Chromium
ProductVersion: 1.4.37.163
Translation: 0x0804 0x04b0

Trojan:Win32/Rootkit!MSR also known as:

LionicTrojan.Win32.Doina.4!c
MicroWorld-eScanGen:Variant.Doina.55857
McAfeeArtemis!776568DE43BD
ZillyaTrojan.AgentAGen.Win64.1345
CyrenW32/Agent.FVY.gen!Eldorado
ESET-NOD32multiple detections
BitDefenderGen:Variant.Doina.55857
TencentWin32.Trojan.Ad.Aujl
EmsisoftGen:Variant.Doina.55857 (B)
F-SecureTrojan.TR/AD.CopperSteal.eaiai
VIPREGen:Variant.Doina.55857
TrendMicroTROJ_GEN.R002C0DDK23
McAfee-GW-EditionArtemis
IkarusTrojan.Win64.Agent
GoogleDetected
AviraTR/AD.CopperSteal.eaiai
MicrosoftTrojan:Win32/Rootkit!MSR
ArcabitTrojan.Doina.DDA31
GDataGen:Variant.Doina.55857
VBA32BScope.Trojan.Wacatac
ALYacGen:Variant.Doina.55857
MAXmalware (ai score=88)
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0DDK23
RisingRootkit.Hijacker!1.E450 (CLASSIC)
FortinetW64/Agent_AGen.UP!tr
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Rootkit!MSR?

Trojan:Win32/Rootkit!MSR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment