Categories: Backdoor

Should I remove “Backdoor:MSIL/Bladabindi.CA”?

The Backdoor:MSIL/Bladabindi.CA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:MSIL/Bladabindi.CA virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Creates an autorun.inf file
Authenticode signature is invalid
Anomalous .NET characteristics
Creates a copy of itself
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:MSIL/Bladabindi.CA?


File Info:
name: FB5BC323330400D4B0EE.mlwpath: /opt/CAPEv2/storage/binaries/5b167bc8bdf16cdd0264cb1c497b42fd7942c69d2633450d0b073877ca729f68crc32: 495CC1E5md5: fb5bc323330400d4b0ee8b336a2d53ebsha1: 7cfb74dec10dd2621ac8402073271913f485dec3sha256: 5b167bc8bdf16cdd0264cb1c497b42fd7942c69d2633450d0b073877ca729f68sha512: ff382e6b66f6fc5780116d8c655be3e2e18d1df9dbddb71e29097f33494563b0034e8078b260b5e10c7cd1a14bf69a32c5e6598c3907836386d23fb3f07ec599ssdeep: 384:nWs7Y3Kv5LJNM17BEqRkLXeIOum5D0fan5XLRLhToU7WRofZ+PBwLdhA:Ws7Y3Kh9Ngk75On0glh1EJadhAtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A6922B01F7E04325D67E1FB104736251127CFA078B3BEA6F89D4B1BE26B37A44A016E2sha3_384: 356f1d3bedff2149e80df3b60c22b33c474f46dc97638196ee6f4cd2bf18bfd775a3c1782789572a923c7e691ab030b0ep_bytes: ff250020400000000000000000000000timestamp: 2013-09-04 12:57:28
Version Info:
CompanyName: VMware, Inc.FileDescription: VMware PlayerFileVersion: 9.0.2 build-1031769InternalName: vmplayerLegalCopyright: Copyright © 1998-2013 VMware, Inc.OriginalFilename: vmplayer.exeProductName: VMware WorkstationProductVersion: 9.0.2 build-1031769Translation: 0x0409 0x04b0

Backdoor:MSIL/Bladabindi.CA also known as:

Lionic	Trojan.Win32.Generic.lM6P
tehtris	Generic.Malware
DrWeb	Trojan.DownLoader23.1308
MicroWorld-eScan	IL:Trojan.MSILZilla.6389
ClamAV	Win.Trojan.Agent-1134065
FireEye	Generic.mg.fb5bc323330400d4
McAfee	GenericRXAM-JT!FB5BC3233304
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/udisk.ali1000021
K7GW	Trojan ( 700000121 )
K7AntiVirus	Trojan ( 700000121 )
BitDefenderTheta	Gen:NN.ZemsilF.36662.bq1@aO8Flkni
VirIT	Trojan.Win32.MSIL.ATVB
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Bladabindi.AM
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	IL:Trojan.MSILZilla.6389
NANO-Antivirus	Trojan.Win32.Bladabindi.dchrzo
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.10b6219f
Emsisoft	IL:Trojan.MSILZilla.6389 (B)
F-Secure	Trojan.TR/Downloader.Gen
VIPRE	IL:Trojan.MSILZilla.6389
McAfee-GW-Edition	GenericRXAM-JT!FB5BC3233304
Sophos	Mal/Generic-S
Ikarus	Trojan.Msil
GData	IL:Trojan.MSILZilla.6389
Jiangmin	Trojan.Generic.dwkal
Webroot	Trojan.Dropper.Gen
Avira	TR/Downloader.Gen
Arcabit	IL:Trojan.MSILZilla.D18F5
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Backdoor:MSIL/Bladabindi.CA
Google	Detected
AhnLab-V3	Trojan/Win32.Bladabindi.R101578
ALYac	IL:Trojan.MSILZilla.6389
MAX	malware (ai score=86)
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/Dtcontx.G
Rising	Backdoor.Bladabindi!8.B1F (CLOUD)
Yandex	Trojan.DL.Agent!0GiXRwqnzLs
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	MSIL/Agent.IJ!tr
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS