Backdoor

Backdoor.Bladabindi.VMP removal guide

Malware Removal

The Backdoor.Bladabindi.VMP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor.Bladabindi.VMP virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid

How to determine Backdoor.Bladabindi.VMP?


File Info:

name: 0C511E4FFBACE72936ED.mlw
path: /opt/CAPEv2/storage/binaries/574a7fdc01c13e03502904f250ed31e07f67c0ab03305bab043ce198764d2d43
crc32: FD922895
md5: 0c511e4ffbace72936ed3071ad55531e
sha1: 887dec08c5d4814c8fd40ef6c4ab1507c0338295
sha256: 574a7fdc01c13e03502904f250ed31e07f67c0ab03305bab043ce198764d2d43
sha512: 7154346ed4f11cdde84eba14f44f8fc8e3c382959d1d567c2bbe2f9e75b261e6bf3e115735b46dd7bae506e202ee393c28cecaf100edb939a44cb187d452feaf
ssdeep: 196608:ZD8xDctts9tp3LIaj9eLGLiwzw8wCMtHLfZZwBxgsxom8Sp1x3IRtzgXkxHOSSSR:ZDbtts9XLIKoifzHwpLnjAstzgXkxVF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19AC633A725E50059E0D4C437CA3BBE9073FF21A55B42DC74A9ABE9C226B19E4F213713
sha3_384: d332b36c772400f9a05e8c3a95a45335e153a07dafc7481c96d7e27d7abe239dafe95ed0bff7d616f9f58b4d27a9ef27
ep_bytes: 6863109200e8bebc0200895604660f49
timestamp: 1992-06-19 22:22:17

Version Info:

0: [No Data]

Backdoor.Bladabindi.VMP also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Barys.330251
FireEyeGeneric.mg.0c511e4ffbace729
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000001c1 )
K7GWTrojan ( 7000001c1 )
Cybereasonmalicious.8c5d48
BitDefenderThetaGen:NN.ZexaF.34646.@NW@ae4PZqh
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.VMProtect.WQ
BitDefenderGen:Variant.Barys.330251
Ad-AwareGen:Variant.Barys.330251
SophosMal/VMProtBad-A
F-SecureTrojan.TR/Crypt.XPACK.Gen
VIPREGen:Variant.Barys.330251
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Barys.330251 (B)
IkarusTrojan.Win32.VMProtect
GDataGen:Variant.Barys.330251
GoogleDetected
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=87)
ArcabitTrojan.Barys.D50A0B
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R424135
ALYacGen:Variant.Barys.330251
MalwarebytesBackdoor.Bladabindi.VMP
APEXMalicious
RisingTrojan.Nanobot!8.80F2 (TFE:5:ODaZsRE2pBC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Backdoor.Bladabindi.VMP?

Backdoor.Bladabindi.VMP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment