Categories: Backdoor

Backdoor.Win32.Bladabindi.agz information

The Backdoor.Win32.Bladabindi.agz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Bladabindi.agz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • CAPE detected the njRat malware family
  • Creates known Njrat/Bladabindi RAT registry keys
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Bladabindi.agz?



File Info:

name: 436355C7652BE364EF16.mlwpath: /opt/CAPEv2/storage/binaries/55e49b3277616f580dfc234356d85ed87134ebec64b53511f96d1e86a29b6d45crc32: 12E5D6E8md5: 436355c7652be364ef16b187fba73ccdsha1: d0f9dcd7f94cc2abce05a8088c86e01f071ba628sha256: 55e49b3277616f580dfc234356d85ed87134ebec64b53511f96d1e86a29b6d45sha512: bcfa9319d18f03c9f843780aea89884fc0595d2329e311a348b6f8c14218547cb0c98718bd383a4eecb911d87d83bc4c7c4e7b287eb0c0a7ab7328a0fa7b8811ssdeep: 3072:bpLGLC2McdAXXYGDmNEiFiOVaLGvW5T5IYs88RfCdB6vhpHfrFN9Q/38aw0aHn0E:NHcI8zUoapOMsfC76J5frpQf8xHn0type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T16534235D64C6BEE0E91E6037282F5B5CC5A4FC71BC7276EBF6280DECAE478A05815318sha3_384: 1a5342631857db0822ef91ef6cdde20d79a2f8af5cecb24253e5f8f938fe30aad2169efb3e5f9e3956be37bad1f64ae2ep_bytes: e8407903006a00ff15a4a04300c39d00timestamp: 2022-05-05 22:42:45

Version Info:

FileDescription: ?? ?? ?? ?? ?? ?? ?? ?? ?? . ?? ?? ?? ?? ?? ?? ??ProductName: ?? ?? ?? ?? ?? ?? ?? ?? ?? . ?? ?? ?? ?? ?? ?? ??FileVersion: 1.0.0.0ProductVersion: 1.0.0.0LegalCopyright: ?? ?? ?? ?? ?? ?? ?? ?? ?? . ?? ?? ?? ?? ?? ?? ??  Copyright ©  2018OriginalFilename: gamesense.exeTranslation: 0x0409 0x0000

Backdoor.Win32.Bladabindi.agz also known as:

Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Convagent.4!c
Elastic malicious (high confidence)
DrWeb Trojan.Siggen17.48752
MicroWorld-eScan Gen:Variant.ExNuma.1
FireEye Generic.mg.436355c7652be364
McAfee GenericRXQJ-SK!436355C7652B
Cylance Unsafe
Sangfor Trojan.Win32.Convagent.gen
K7AntiVirus Trojan ( 0058ee541 )
Alibaba Trojan:Win32/Starter.ali2000005
K7GW Trojan ( 0058ee541 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta AI:Packer.527131481E
Cyren W32/ExNuma.A.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HNPY
TrendMicro-HouseCall TROJ_GEN.R002C0DE622
Kaspersky Backdoor.Win32.Bladabindi.agz
BitDefender Gen:Variant.ExNuma.1
Avast FileRepMalware [Misc]
Ad-Aware Gen:Variant.ExNuma.1
Emsisoft Gen:Variant.ExNuma.1 (B)
McAfee-GW-Edition GenericRXQJ-SK!436355C7652B
SentinelOne Static AI – Malicious PE
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Krypt
GData Win32.Trojan.Agent.71XHYY
Avira TR/Crypt.ZPACK.Gen
Microsoft VirTool:Win32/Pucrpt.A!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.R442274
VBA32 BScope.TrojanSpy.Stealer
ALYac Gen:Variant.ExNuma.1
Malwarebytes Trojan.Dropper
APEX Malicious
Rising Backdoor.njRAT!1.9E49 (CLASSIC)
MAX malware (ai score=85)
Fortinet W32/Kryptik.HNPY!tr
AVG FileRepMalware [Misc]
Panda Trj/Genetic.gen

How to remove Backdoor.Win32.Bladabindi.agz?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Backdoor.Win32.Bladabindi.agzgamesense.exe
2 years ago

Recent Posts

What is “MSIL/TrojanDropper.Agent.BVT”?

The MSIL/TrojanDropper.Agent.BVT is considered dangerous by lots of security experts. When this infection is active,…

1 day ago

Should I remove “Generic.Dacic.94CCEEA9.A.A4A6DA47”?

The Generic.Dacic.94CCEEA9.A.A4A6DA47 is considered dangerous by lots of security experts. When this infection is active,…

1 day ago

Malware.AI.524217860 removal tips

The Malware.AI.524217860 is considered dangerous by lots of security experts. When this infection is active,…

1 day ago

Trojan:Win32/Koutodoor.F removal tips

The Trojan:Win32/Koutodoor.F is considered dangerous by lots of security experts. When this infection is active,…

1 day ago

How to remove “Malware.AI.1412460714”?

The Malware.AI.1412460714 is considered dangerous by lots of security experts. When this infection is active,…

1 day ago

Generic.Dacic.8952383F.A.5EC8C34B removal instruction

The Generic.Dacic.8952383F.A.5EC8C34B is considered dangerous by lots of security experts. When this infection is active,…

1 day ago