Backdoor

UDS:Backdoor.MSIL.Crysan.pef (file analysis)

Malware Removal

The UDS:Backdoor.MSIL.Crysan.pef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What UDS:Backdoor.MSIL.Crysan.pef virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial language used in binary resources: Korean
  • Authenticode signature is invalid
  • CAPE detected the zgRAT malware family
  • Anomalous binary characteristics

How to determine UDS:Backdoor.MSIL.Crysan.pef?



File Info:

name: 27805CE4185071D3B023.mlw
path: /opt/CAPEv2/storage/binaries/3bde2fc90d1804e845f56090464afb7f7fd1b4e153f2b8dec98b4c9c6dc81e79
crc32: 5F986F28
md5: 27805ce4185071d3b023cf91d884767d
sha1: 3ece7a1c04c48617bb7236c5ee7b2f0728550664
sha256: 3bde2fc90d1804e845f56090464afb7f7fd1b4e153f2b8dec98b4c9c6dc81e79
sha512: 8597e28eb34251b6a1b0b69a539bbccc7705c5e3813e3b393844ff1d1f7745e29c4e64e70697327a5ba71f1e222e7245287f104aea0c4c75364452b230fef3f7
ssdeep: 24576:mMMAdazhb82AmZFcBMgkySB+p/beoyF+/0dPeP/0dUIpk8W662Ipk8Xs1:mqMNI2A6sM1gKjIslePsGIpPW662IpPS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18465A62A7590CA93CD851B31E092D8F0D7F78DC8B643A60FA5C93F39B8333955B5A192
sha3_384: de64d636a5afe01f55a701313f6895e327110aa288490de29efed1add734fa4b044725d9d57a825a2df958d6c4cf71ce
ep_bytes: 5bafe2e10f56cb9f1b85e374bd2685e9
timestamp: 1995-08-15 05:27:12


Version Info:

CompanyName: (C) AfreecaTV
FileDescription: AfreecaTV Package
FileVersion: 1.0.0.1
InternalName: AfreecaTV Package
LegalCopyright: Copyright AfreecaTV Co., Ltd. All rights reserved. 2007, 2008
LegalTrademarks: (C) AfreecaTV
OriginalFilename: AfreecaTV Package
ProductName: AfreecaTV Package
ProductVersion: 1.0.0.1
Translation: 0x0412 0x03b5

UDS:Backdoor.MSIL.Crysan.pef also known as:

LionicTrojan.Win32.Crysan.m!c
DrWebTrojan.MulDrop21.36563
MicroWorld-eScanTrojan.GenericKD.65289320
SkyhighArtemis!Trojan
McAfeeArtemis!27805CE41850
Cylanceunsafe
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 004da5141 )
K7AntiVirusTrojan ( 004da5141 )
ArcabitTrojan.Generic.D3E43C68
SymantecTrojan.Gen.MBT
CynetMalicious (score: 99)
KasperskyUDS:Backdoor.MSIL.Crysan.pef
BitDefenderTrojan.GenericKD.65289320
TencentMalware.Win32.Gencirc.10bdd951
EmsisoftTrojan.GenericKD.65289320 (B)
F-SecureBackdoor.BDS/Redcap.jwdva
VIPRETrojan.GenericKD.65289320
TrendMicroTROJ_GEN.R002C0XAA24
SophosMal/Generic-S
IkarusTrojan.MSIL.Agent
VaristW32/ABRisk.KZFH-3071
AviraBDS/Redcap.jwdva
Antiy-AVLTrojan/MSIL.Kryptik
MicrosoftProgram:Win32/Wacapew.C!ml
ZoneAlarmHEUR:Backdoor.MSIL.Crysan.pef
GDataTrojan.GenericKD.65289320
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5363267
ALYacTrojan.GenericKD.65289320
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002C0XAA24
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL2:EtNFWi1YTuO4GHprJkyBiA)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetPossibleThreat
DeepInstinctMALICIOUS

How to remove UDS:Backdoor.MSIL.Crysan.pef?

UDS:Backdoor.MSIL.Crysan.pef removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment