Backdoor

Backdoor.MSIL.Blanet.aq information

Malware Removal

The Backdoor.MSIL.Blanet.aq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.MSIL.Blanet.aq virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics

How to determine Backdoor.MSIL.Blanet.aq?



File Info:

name: 1088B26945B2AF8E5015.mlw
path: /opt/CAPEv2/storage/binaries/e1864b94e1635f194626e2a514c2241b154fcd0edd6286aca1f354badf60abb4
crc32: C171F756
md5: 1088b26945b2af8e501556a09103f8ce
sha1: c677d9e2735d600878b61489e095561d7fc15517
sha256: e1864b94e1635f194626e2a514c2241b154fcd0edd6286aca1f354badf60abb4
sha512: 8fdcfb6fbf04c36d71c7246276fda3d8c9be921591243099967599dd7d170321a97967f692f3390fd1bcdd692c236fd73e0cba1eab27c503e61cbd81a9c50e41
ssdeep: 12288:kh1Lk70Tnvjcdj5WAWq6MQtjRoBz2H2SqKn8nu08LA:gk70Trc55WANQtjK22vK8nu0n
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D5D4BF84BC904EB3C9B309F55682CFD1EB37545257D389DBA74B3B2A2B1639CAA340C5
sha3_384: 0c0d679cd99f9eaed4e97b8a998ebc93cdbc0b8a3721b6752d753383891bf56e75fe37fe45f1d5661d7cd67fc6294d40
ep_bytes: e8e15c0000e9a4feffff8bff558bec83
timestamp: 2012-07-13 22:47:16


Version Info:

Translation: 0x0000 0x04b0
Comments: Chinhu-Chakasenderwa Service Message DLL
CompanyName: Microsoft Corporation
FileDescription: cbsmsg.dll
FileVersion: 10.0.17763.0
InternalName: Test.exe
LegalCopyright: © Microsoft Corporation. All Rights Reserved.
OriginalFilename: Test.exe
ProductName: Microsoft® Windows®-operativsystem
ProductVersion: 10.0.17763.0
Assembly Version: 0.0.0.0

Backdoor.MSIL.Blanet.aq also known as:

LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.44672330
FireEyeGeneric.mg.1088b26945b2af8e
McAfeeArtemis!1088B26945B2
CylanceUnsafe
ZillyaBackdoor.Blanet.Win32.20
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0056df391 )
AlibabaTrojan:Win32/Kryptik.ali2000016
K7GWTrojan ( 0056df391 )
Cybereasonmalicious.945b2a
CyrenW32/Agent.AIK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.ZRU
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.MSIL.Blanet.aq
BitDefenderTrojan.GenericKD.44672330
NANO-AntivirusTrojan.Win32.Blanet.iervbf
AvastWin32:Trojan-gen
TencentWin32.Trojan.Inject.Auto
Ad-AwareTrojan.GenericKD.44672330
EmsisoftTrojan.GenericKD.44672330 (B)
DrWebTrojan.DownLoader34.7684
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
SophosMal/Generic-S
GDataTrojan.GenericKD.44672330
AviraHEUR/AGEN.1203069
ArcabitTrojan.Generic.D2A9A54A
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Gen.Reputation.C4284210
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34212.Lq0@a8wY4Nn
ALYacTrojan.GenericKD.44672330
MAXmalware (ai score=81)
MalwarebytesTrojan.MalPack
RisingBackdoor.Blanet!8.11C19 (CLOUD)
YandexBackdoor.Blanet!Q8rjLYXYs3k
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetAdware/GenKryptik
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Backdoor.MSIL.Blanet.aq?

Backdoor.MSIL.Blanet.aq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment