Backdoor

Backdoor.Win32.Emotet.bslg malicious file

Malware Removal

The Backdoor.Win32.Emotet.bslg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Emotet.bslg virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Anomalous binary characteristics

How to determine Backdoor.Win32.Emotet.bslg?



File Info:

crc32: E1FD634F
md5: b435bc7129eecf2469587047e0897ba8
name: upload_file
sha1: 530e4a1441b8a9364fdb72ec9072254ebfca1e67
sha256: 67a2004e8337080bf642857379d043bb1c97c704ecf90a4df86fc011bcb93a2d
sha512: 65fa8d2b44e398010dad6ffd2c3815b981c6d38b64911fd6b6a5cab8b9665013021c7cc1aa7bea10e32b8467307c5b34d7f2255169bf69b44d7e34a647969947
ssdeep: 768:LiEgbXnp5TK0LR8n4oWPjuQ5U6CNedJL6jk9CJExFO2smXKZ6KW+DZXWQ2Wm4Co:t0LOjAVCsdJL6jYFO2sZgKW+Vf2r4C
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2003
InternalName: UseShGetFileInfoDemo
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: UseShGetFileInfoDemo Application
ProductVersion: 1, 0, 0, 1
FileDescription: UseShGetFileInfoDemo MFC Application
OriginalFilename: UseShGetFileInfoDemo.EXE
Translation: 0x0409 0x04b0

Backdoor.Win32.Emotet.bslg also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ranapama.ALM
FireEyeGeneric.mg.b435bc7129eecf24
McAfeeEmotet-FRT!B435BC7129EE
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.Ranapama.ALM
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.441b8a
Invinceaheuristic
F-ProtW32/Kryptik.BTL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Emotet.CD
AvastWin32:BankerX-gen [Trj]
KasperskyBackdoor.Win32.Emotet.bslg
ViRobotTrojan.Win32.Emotet.61440
Ad-AwareTrojan.Ranapama.ALM
Comodo.UnclassifiedMalware@0
F-SecureTrojan.TR/Emotet.yhigd
DrWebTrojan.Emotet.1000
APEXMalicious
CyrenW32/Kryptik.BTL.gen!Eldorado
AviraTR/Emotet.yhigd
FortinetW32/Malicious_Behavior.VEX
ArcabitTrojan.Ranapama.ALM
ZoneAlarmBackdoor.Win32.Emotet.bslg
MicrosoftTrojan:Win32/Emotet.GGG!MTB
CynetMalicious (score: 100)
VBA32BScope.TrojanBanker.Emotet
ALYacTrojan.Ranapama.ALM
MalwarebytesTrojan.MalPack.TRE
IkarusTrojan-Banker.Emotet
PandaTrj/Emotet.C
RisingMalware.Heuristic!ET#83% (RDMK:cmRtazp9ujv5IaTSMhfZeajxicVb)
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_99%
GDataTrojan.Ranapama.ALM
AVGWin32:BankerX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Backdoor.Win32.Emotet.bslg?

Backdoor.Win32.Emotet.bslg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment