Threat Database Backdoors Backdoor.MSIL.Webshell.A

Backdoor.MSIL.Webshell.A

By CagedTech in Backdoors

Threat Scorecard

Popularity Rank: 13,556
Threat Level: 60 % (Medium)
Infected Computers: 187
First Seen: December 28, 2021
Last Seen: March 8, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Backdoor.MSIL.Webshell.A
Signature status: No Signature

Known Samples

MD5: 5da4adcc543a1c21aad4173300bb87fc
SHA1: 829ef89ddb54612b1850915462d7325ecd69b697
SHA256: E0E18FF7EA7C79665E51A928ECFC0AF4B12BF7D1243A802B14F08A9EF363771D
File Size: 49.15 KB, 49152 bytes
MD5: cf6ebeb558eebacda2735f1e10a6240f
SHA1: a81e8103b2f809f2e1db5d018622d2c18121da17
SHA256: 2A8BE442E3943CBA02F9DAEB779FEB19BF3693B88E85B6D23465E2360CF8072D
File Size: 49.15 KB, 49152 bytes
MD5: 7f7103ebe20941b1d6fd9890e7cb2a5c
SHA1: 3ad654e1c286766366bad2de53b11c8ef5002eae
SHA256: BDB28739CA1014568FB73CE7299B4ECAA031DF6C43A7EEE3F83CFF9F50B7AD01
File Size: 49.15 KB, 49152 bytes
MD5: 042ca603b5121868a66b3c02604663f3
SHA1: 1cfddbfe9289c2253aa6d46b107db78f963daca5
SHA256: 95BE5CAAA6340B7D5F50B2D3DF351FFD4B81C1E216BB420407A5567773ED8967
File Size: 49.15 KB, 49152 bytes
MD5: 4acfcd6301a9d9fdacac442bd8ad60e0
SHA1: 04320a9a573658f908a029568055904c886e633d
SHA256: 6A79E4205D017988E490BAAF60683BE339DA961C1E4C49724055CBF4AD66FDEC
File Size: 37.89 KB, 37888 bytes
Show More
MD5: 45a9e206bdbb66baea642f035da48822
SHA1: 6bcef318326061e26c468f90ec41d9146e94840c
SHA256: 9674405F19CF0E482C05804FECD97F57C637588FEC1A6920DFDC6D5F12A20B6A
File Size: 49.15 KB, 49152 bytes
MD5: 0e4d0238811a8497102ed044b060f6d6
SHA1: c6c6866038740d02ced0703ed43c0bf4d87dad51
SHA256: 9251ECC42446D45F0E30A96ABB2160EB6E6AD58426CDD01D3C765C6741257154
File Size: 49.15 KB, 49152 bytes
MD5: efff923f9089635d32d2988cc293d817
SHA1: 7907ef436bb6af17b06f5f16b29ba86e3a691ef9
SHA256: 4FF505694FA15904E6D6899A56CC655CE30B631A36D642F61E05B47E7FD989B5
File Size: 49.15 KB, 49152 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
File Version 0.0.0.0
Internal Name
  • App_Web_3olq-1yy
  • App_Web_adothol5.dll
  • App_Web_hdn0dtt_
  • App_Web_hp7k1zyd
  • App_Web_htbcdm-7
  • App_Web_lil4qk3v
  • App_Web_tiuzkvnk
  • App_Web_yu3pbh0o
Original Filename
  • App_Web_3olq-1yy.dll
  • App_Web_adothol5.dll
  • App_Web_hdn0dtt_.dll
  • App_Web_hp7k1zyd.dll
  • App_Web_htbcdm-7.dll
  • App_Web_lil4qk3v.dll
  • App_Web_tiuzkvnk.dll
  • App_Web_yu3pbh0o.dll

File Traits

  • .NET
  • dll
  • x86

Block Information

Total Blocks: 15
Potentially Malicious Blocks: 2
Whitelisted Blocks: 9
Unknown Blocks: 4

Visual Map

x 0 0 ? ? ? 0 0 x 0 0 0 ? 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Webshell.A

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Trending

Most Viewed

Loading...