Categories: Backdoor

Backdoor.Bladabindi.G3 removal

The Backdoor.Bladabindi.G3 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Bladabindi.G3 virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • CAPE detected the SpyGate malware family
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients

How to determine Backdoor.Bladabindi.G3?



File Info:

name: 4BB896A3D180F355C868.mlwpath: /opt/CAPEv2/storage/binaries/1683332c409352f35548deb140971f929d557d8e83b66d66c2c19905c1a47d31crc32: 29E74634md5: 4bb896a3d180f355c868e18d7347f259sha1: 0c0e53fa5203e3ee750e8e408723cabdd4973b01sha256: 1683332c409352f35548deb140971f929d557d8e83b66d66c2c19905c1a47d31sha512: bbfaf35280c7fb8cc8476e3b5653a11efed0a66629a9536c69288edeb4d61130df3ba0e31e5c95470eba3fdd0f65805577ada64d0f7dce60c145d24973299e9assdeep: 3072:h5lpCluZr8k5zChO2ZuKVPe1vej4HoPMwiN:Bp6uehzPyejJYtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T146D34B9937D44E8AE0FE4EBA447062015375E663CA03E79D8EE154A91F77380CE1E7A3sha3_384: 375c442ace2af302094d0511f5113a97e0abf852d2301bda0cb80387daf6d07f47a967dffb324f8e298c333814ef7268ep_bytes: ff250020400000000000000000000000timestamp: 2013-06-23 02:01:30

Version Info:

Translation: 0x0000 0x04b0CompanyName: Microsoft CorporationFileDescription: Microsoft CorporationFileVersion: 0.2.6.0InternalName: StubX.exeLegalCopyright: Microsoft CorporationOriginalFilename: StubX.exeProductVersion: 0.2.6.0Assembly Version: 0.2.6.0

Backdoor.Bladabindi.G3 also known as:

Bkav W32.AIDetectNet.01
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Siggen1.7518
MicroWorld-eScan IL:Trojan.MSILZilla.12224
FireEye Generic.mg.4bb896a3d180f355
CAT-QuickHeal Backdoor.Bladabindi.G3
McAfee Obfuscated-FOS!hb
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 700000121 )
Alibaba TrojanDownloader:MSIL/Genmaldow.89f7cfae
K7GW Trojan ( 700000121 )
Cybereason malicious.3d180f
BitDefenderTheta Gen:NN.ZemsilF.34698.iq1@a4ZRtKl
VirIT Backdoor.Win32.Generic.VWG
Cyren W32/MSIL_Mintluks.A.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 MSIL/Autorun.Spy.Agent.R
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Zusy-7753321-0
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender IL:Trojan.MSILZilla.12224
NANO-Antivirus Trojan.Win32.TrjGen.dklyhh
Tencent Trojan.Win32.Bladabindi.16000442
Ad-Aware IL:Trojan.MSILZilla.12224
Sophos ML/PE-A + Mal/SpyGate-A
Comodo Backdoor.MSIL.Bladabindi.FQ@5s6e92
VIPRE IL:Trojan.MSILZilla.12224
TrendMicro BKDR_BLADABI.SMC
McAfee-GW-Edition Obfuscated-FOS!hb
Emsisoft Malware.Generic.CN1 (A)
SentinelOne Static AI – Malicious PE
GData MSIL.Trojan-Spy.Keylogger.I
Jiangmin Trojan.Generic.dwokt
Google Detected
Avira TR/Agent.htrdfs
Antiy-AVL Trojan/Generic.ASMalwS.24D
Kingsoft Win32.Troj.Undef.(kcloud)
Arcabit IL:Trojan.MSILZilla.D2FC0
ZoneAlarm HEUR:Trojan.MSIL.Bladabindi.gen
Microsoft TrojanDownloader:MSIL/Genmaldow.AE!bit
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Zbot.R74478
Acronis suspicious
ALYac IL:Trojan.MSILZilla.12224
MAX malware (ai score=85)
Malwarebytes Backdoor.Bladabindi
Panda Generic Malware
TrendMicro-HouseCall BKDR_BLADABI.SMR
Rising Backdoor.njRAT!1.9E49 (CLASSIC)
Yandex Trojan.Agent!lq3jbUBJWCA
Ikarus Trojan.MSIL.Janeleiro
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/SpyPSW.AVQ!tr
AVG MSIL:GenMalicious-BRD [Trj]
Avast MSIL:GenMalicious-BRD [Trj]
CrowdStrike win/malicious_confidence_100% (W)

How to remove Backdoor.Bladabindi.G3?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor.Bladabindi.G3StubX.exe
2 years ago

Recent Posts

Trojan:Win64/Midie.NM!MTB malicious file

The Trojan:Win64/Midie.NM!MTB is considered dangerous by lots of security experts. When this infection is active,…

15 mins ago

Virus:Win32/Patchload.A removal

The Virus:Win32/Patchload.A is considered dangerous by lots of security experts. When this infection is active,…

15 mins ago

Go For Files (PUA) information

The Go For Files (PUA) is considered dangerous by lots of security experts. When this…

45 mins ago

About “TrojanDownloader:Win32/VB.ZJ” infection

The TrojanDownloader:Win32/VB.ZJ is considered dangerous by lots of security experts. When this infection is active,…

46 mins ago

Win32:ExpressDload-AH [PUP] malicious file

The Win32:ExpressDload-AH [PUP] is considered dangerous by lots of security experts. When this infection is…

46 mins ago

Win32/SimpleFiles.A potentially unwanted removal guide

The Win32/SimpleFiles.A potentially unwanted is considered dangerous by lots of security experts. When this infection…

51 mins ago