Categories: Backdoor

Backdoor.MSIL.Blanet.aq information

The Backdoor.MSIL.Blanet.aq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.MSIL.Blanet.aq virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
Yara rule detections observed from a process memory dump/dropped files/CAPE
Possible date expiration check, exits too soon after checking local time
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the RedLine malware family
Anomalous binary characteristics

How to determine Backdoor.MSIL.Blanet.aq?


File Info:
name: 1088B26945B2AF8E5015.mlwpath: /opt/CAPEv2/storage/binaries/e1864b94e1635f194626e2a514c2241b154fcd0edd6286aca1f354badf60abb4crc32: C171F756md5: 1088b26945b2af8e501556a09103f8cesha1: c677d9e2735d600878b61489e095561d7fc15517sha256: e1864b94e1635f194626e2a514c2241b154fcd0edd6286aca1f354badf60abb4sha512: 8fdcfb6fbf04c36d71c7246276fda3d8c9be921591243099967599dd7d170321a97967f692f3390fd1bcdd692c236fd73e0cba1eab27c503e61cbd81a9c50e41ssdeep: 12288:kh1Lk70Tnvjcdj5WAWq6MQtjRoBz2H2SqKn8nu08LA:gk70Trc55WANQtjK22vK8nu0ntype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D5D4BF84BC904EB3C9B309F55682CFD1EB37545257D389DBA74B3B2A2B1639CAA340C5sha3_384: 0c0d679cd99f9eaed4e97b8a998ebc93cdbc0b8a3721b6752d753383891bf56e75fe37fe45f1d5661d7cd67fc6294d40ep_bytes: e8e15c0000e9a4feffff8bff558bec83timestamp: 2012-07-13 22:47:16
Version Info:
Translation: 0x0000 0x04b0Comments: Chinhu-Chakasenderwa Service Message DLLCompanyName: Microsoft CorporationFileDescription: cbsmsg.dllFileVersion: 10.0.17763.0InternalName: Test.exeLegalCopyright: © Microsoft Corporation. All Rights Reserved.OriginalFilename: Test.exeProductName: Microsoft® Windows®-operativsystemProductVersion: 10.0.17763.0Assembly Version: 0.0.0.0

Backdoor.MSIL.Blanet.aq also known as:

Lionic	Trojan.Win32.Malicious.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.44672330
FireEye	Generic.mg.1088b26945b2af8e
McAfee	Artemis!1088B26945B2
Cylance	Unsafe
Zillya	Backdoor.Blanet.Win32.20
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056df391 )
Alibaba	Trojan:Win32/Kryptik.ali2000016
K7GW	Trojan ( 0056df391 )
Cybereason	malicious.945b2a
Cyren	W32/Agent.AIK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.ZRU
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.MSIL.Blanet.aq
BitDefender	Trojan.GenericKD.44672330
NANO-Antivirus	Trojan.Win32.Blanet.iervbf
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan.Inject.Auto
Ad-Aware	Trojan.GenericKD.44672330
Emsisoft	Trojan.GenericKD.44672330 (B)
DrWeb	Trojan.DownLoader34.7684
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.jc
Sophos	Mal/Generic-S
GData	Trojan.GenericKD.44672330
Avira	HEUR/AGEN.1203069
Arcabit	Trojan.Generic.D2A9A54A
Microsoft	Backdoor:Win32/Bladabindi!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Gen.Reputation.C4284210
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34212.Lq0@a8wY4Nn
ALYac	Trojan.GenericKD.44672330
MAX	malware (ai score=81)
Malwarebytes	Trojan.MalPack
Rising	Backdoor.Blanet!8.11C19 (CLOUD)
Yandex	Backdoor.Blanet!Q8rjLYXYs3k
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Adware/GenKryptik
AVG	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_90% (W)