Categories: Backdoor

Backdoor.MSIL.Bladabindi.boya malicious file

The Backdoor.MSIL.Bladabindi.boya is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.MSIL.Bladabindi.boya virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
NtSetInformationThread: attempt to hide thread from debugger
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Creates an autorun.inf file
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Sniffs keystrokes
Installs itself for autorun at Windows startup
CAPE detected the EnigmaStub malware family
Creates known Njrat/Bladabindi RAT registry keys
Anomalous binary characteristics

How to determine Backdoor.MSIL.Bladabindi.boya?


File Info:
name: 717DF39AB37AEAA8032A.mlwpath: /opt/CAPEv2/storage/binaries/55ec81ae7c6bf3a271951301a11d5b443b1653fd1d4020dd0f2de2dc93a3f160crc32: 01E4D10Bmd5: 717df39ab37aeaa8032a15addf0fe320sha1: 9ae2af78018a7aaf2ed700da4537448620fba6bdsha256: 55ec81ae7c6bf3a271951301a11d5b443b1653fd1d4020dd0f2de2dc93a3f160sha512: 317d9904d01fe9021be54e850eba0d5d1e24886f2dfb90cbeb93d92962e27feec47308116471b0943c2201023f231370cb0a261ac87b9e98d9eabd7532a349f8ssdeep: 24576:8dlcni47grXi2CgLEpKaScqzAclZBG9MwLs:8d4SS2CWzAcLB8MMstype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1733522B06C8FF413D14BAAB50950EFAFD568395C4E886D5A22B3AF6E3F7336C5450812sha3_384: 804f9ccc7eeaf1b00cae3d2cbd85052fdaefc3d5f93777df06335f8256ed1928edb47ef49f6905717407ec6cb8176f91ep_bytes: e861000000e979feffff6860bb440064timestamp: 2021-07-12 15:24:10
Version Info:
0: [No Data]

Backdoor.MSIL.Bladabindi.boya also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.37226855
FireEye	Generic.mg.717df39ab37aeaa8
ALYac	Trojan.GenericKD.37226855
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004befdb1 )
Alibaba	Trojan:Win32/Starter.ali2000005
K7GW	Trojan ( 004befdb1 )
Cybereason	malicious.8018a7
BitDefenderTheta	Gen:NN.ZexaF.34182.azW@aC9OVjl
Cyren	W32/Trojan.QIEA-5779
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.EnigmaProtector.J suspicious
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.MSIL.Bladabindi.boya
BitDefender	Trojan.GenericKD.37226855
Avast	Win32:Malware-gen
Tencent	Msil.Backdoor.Bladabindi.Afrp
Emsisoft	Trojan.GenericKD.37226855 (B)
Zillya	Backdoor.Bladabindi.Win32.25902
McAfee-GW-Edition	BehavesLike.Win32.Mytob.tc
Sophos	Mal/Generic-S
Ikarus	PUA.Packed.Enigma
Avira	HEUR/AGEN.1128053
Microsoft	Backdoor:MSIL/Bladabindi.AJ
ZoneAlarm	Backdoor.MSIL.Bladabindi.boya
GData	Trojan.GenericKD.37226855
Cynet	Malicious (score: 100)
McAfee	Artemis!717DF39AB37A
MAX	malware (ai score=86)
VBA32	Trojan.Inject
Malwarebytes	Malware.Heuristic.1003
Rising	Malware.Heuristic!ET#100% (RDMK:cmRtazpT0a7GI/OE5fXgDReNNxhG)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.119645955.susgen
Fortinet	Riskware/Application
AVG	Win32:Malware-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_70% (W)