Backdoor

Backdoor.MSIL.Bladabindi.bwkw (file analysis)

Malware Removal

The Backdoor.MSIL.Bladabindi.bwkw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.MSIL.Bladabindi.bwkw virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • CAPE detected the njRat malware family
  • Deletes executed files from disk
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Backdoor.MSIL.Bladabindi.bwkw?



File Info:

name: 407163C94A228C8692CA.mlw
path: /opt/CAPEv2/storage/binaries/545610642cafbdff44038edbf6d246fc9e188826a54fce317178d1c9557d1307
crc32: 69D533FC
md5: 407163c94a228c8692cabc567882707d
sha1: b33b0c2ab442e0c714ab71f2a2d4015a9fa7f2e9
sha256: 545610642cafbdff44038edbf6d246fc9e188826a54fce317178d1c9557d1307
sha512: 87dc9cc565e09dc1a081c229e96a9b105a001feacbbc0544b1c28a63be93160201afa762237b1c335c847586b636165cf81e6a1a44fd2b9eede57623735c6d3d
ssdeep: 24576:6F98KKTZ0C/1ZR0U1PXJHEeqbvtNKgoaa:SIT+C/13zBH2T5Ta
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10A35331B1B6D62D9FF86A2BE040FCBF12B66EE280F0744816BD49D17F9393604D8B525
sha3_384: a89b9a2ff0b8b3ade4a268eb9995bfd711b85f4ceb6cbbad9bce942a4b48547b08a4b756f473c7371f67190929e5900f
ep_bytes: e8b59110006a00ff15a4c05000c3b900
timestamp: 2022-10-05 08:43:42


Version Info:

FileDescription: Mega Joiner
ProductName: Mega Joiner
FileVersion: 0.6.0.0
ProductVersion: 0.6.0.0
LegalCopyright: 
OriginalFilename: 
Translation: 0x0409 0x0000

Backdoor.MSIL.Bladabindi.bwkw also known as:

BkavW32.AIDetect.malware1
LionicTrojan.MSIL.Agent.m!c
DrWebTrojan.MulDrop20.65224
MicroWorld-eScanGen:Variant.ExNuma.1
FireEyeGeneric.mg.407163c94a228c86
ALYacGen:Variant.ExNuma.1
CylanceUnsafe
VIPREGen:Variant.ExNuma.1
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0058ee541 )
AlibabaTrojan:Win32/Starter.ali2000005
K7GWTrojan ( 0058ee541 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.A70275C11E
CyrenW32/ExNuma.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HNPY
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R002C0DJ522
Paloaltogeneric.ml
KasperskyBackdoor.MSIL.Bladabindi.bwkw
BitDefenderGen:Variant.ExNuma.1
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Kryptik.zad
Ad-AwareGen:Variant.ExNuma.1
EmsisoftGen:Variant.ExNuma.1 (B)
TrendMicroTROJ_GEN.R002C0DJ522
McAfee-GW-EditionGenericRXQL-MR!407163C94A22
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.QuasarRAT.B
GoogleDetected
AviraHEUR/AGEN.1215601
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.50E8
ArcabitTrojan.ExNuma.1
ZoneAlarmBackdoor.MSIL.Bladabindi.bwkw
MicrosoftVirTool:Win32/Pucrpt.A!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R442274
McAfeeGenericRXQL-MR!407163C94A22
TACHYONBackdoor/W32.Agent.1117184.B
VBA32BScope.TrojanSpy.Stealer
MalwarebytesTrojan.Dropper
RisingTrojan.GenKryptik!8.AA55 (TFE:2:rHqDW0siAcL)
IkarusTrojan.Win32.Krypt
MaxSecureTrojan.Malware.189894617.susgen
FortinetW32/Kryptik.HNPY!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.94a228
PandaTrj/GdSda.A

How to remove Backdoor.MSIL.Bladabindi.bwkw?

Backdoor.MSIL.Bladabindi.bwkw removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment