Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Threats Backdoor MSIL

Backdoor.MSIL.XWorm.oe

Update Date
11/02/2023

Class: Backdoor

Backdoors are designed to give malicious users remote control over an infected computer. In terms of functionality, Backdoors are similar to many administration systems designed and distributed by software developers. These types of malicious programs make it possible to do anything the author wants on the infected computer: send and receive files, launch files or delete them, display messages, delete data, reboot the computer, etc. The programs in this category are often used in order to unite a group of victim computers and form a botnet or zombie network. This gives malicious users centralized control over an army of infected computers which can then be used for criminal purposes. There is also a group of Backdoors which are capable of spreading via networks and infecting other computers as Net-Worms do. The difference is that such Backdoors do not spread automatically (as Net-Worms do), but only upon a special “command” from the malicious user that controls them.

Read more

Platform: MSIL

The Common Intermediate Language (formerly known as Microsoft Intermediate Language, or MSIL) is an intermediate language developed by Microsoft for the .NET Framework. CIL code is generated by all Microsoft .NET compilers in Microsoft Visual Studio (Visual Basic .NET, Visual C++, Visual C#, and others).

Family: XWorm

No family description

Examples

739A257AF19346AC7A5FA6399ADEAF85
1E87958C524C745E23A75FE57CED18EE
094E6E63E7D986B9A8C05ED5E85572DA
5D9E4FE882DF7FBED6706E5AFC1113BF
B434BDCCC882542C065EA82784539835

Tactics and Techniques: Mitre*

TA0002
Execution

Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API).


T1129
Shared Modules

Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API).


* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
15 May 2025
Securelist
Threat landscape for industrial automation systems in Q1 2025
13 May 2025
Securelist
Using a Mythic agent to optimize penetration testing
07 May 2025
Securelist
State of ransomware in 2025
29 April 2025
Securelist
Outlaw cybergang attacking targets worldwide
25 April 2025
Securelist
Triada strikes back
24 April 2025
Securelist
Operation SyncHole: Lazarus APT goes back to the well
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Threat
Confirm changes?
Your message has been sent successfully.