Categories: Backdoor

Backdoor:MSIL/Bladabindi.OP information

The Backdoor:MSIL/Bladabindi.OP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:MSIL/Bladabindi.OP virus can do?

Attempts to connect to a dead IP:Port (4 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
‘Google Drive’ in HTML Title but connection is not HTTPS. Possibly indicative of phishing.
Drops a binary and executes it
Performs some HTTP requests
Unconventionial language used in binary resources: Turkish
Network activity contains more than one unique useragent.
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Anomalous binary characteristics

Related domains:

xred.mooo.com

freedns.afraid.org

ocsp.pki.goog

How to determine Backdoor:MSIL/Bladabindi.OP?


File Info:
crc32: ADC389ABmd5: 3e1d6ff8af7bfaa074aef28d195f0a57name: krnl_bootstrapper.exesha1: 45cb16be316cc3f805197e851f205465eb023128sha256: 0e6ae4a6931e69708c66765e6862585da75b345cc13d1239720fe8dc9f75fe22sha512: 4a8d4612a60e0d34affc37517e6f58542928a0e7b32fca81c0b62c63b69e5302c1f7cde3a07a2d418d76b8eb86ed2cdc17da53f11218c1fd2624ef311490ad6dssdeep: 12288:gMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Gdqvj:gnsJ39LyjbJkQFMhmC+6GD9mq7type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: InternalName: FileVersion: 1.0.0.4CompanyName: SynapticsLegalTrademarks: Comments: ProductName: Synaptics Pointing Device DriverProductVersion: 1.0.0.0FileDescription: Synaptics Pointing Device DriverOriginalFilename: Translation: 0x041f 0x04e6

Backdoor:MSIL/Bladabindi.OP also known as:

Bkav	W32.AIDetectVM.malware
DrWeb	Trojan.DownLoader22.9658
MicroWorld-eScan	Dropped:Trojan.GenericKD.33822205
CAT-QuickHeal	Sus.Nocivo.E0011
McAfee	GenericRXCB-VC!3E1D6FF8AF7B
Cylance	Unsafe
VIPRE	BehavesLike.Win32.Malware.eah (mx-v)
AegisLab	Trojan.Win32.DarkKomet.tp6k
Sangfor	Malware
BitDefender	Dropped:Trojan.GenericKD.33822205
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Arcabit	HEUR.VBA.Trojan.d
Invincea	heuristic
BitDefenderTheta	AI:Packer.F5AF03D517
Cyren	W32/Backdoor.OAZM-5661
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Delf.NBX
Zoner	Trojan.Win32.88102
TrendMicro-HouseCall	Virus.Win32.NAPWHICH.B
Paloalto	generic.ml
ClamAV	Win.Malware.Delf-6899401-0
Kaspersky	Backdoor.Win32.DarkKomet.hqxy
Alibaba	Backdoor:Win32/DarkKomet.131
NANO-Antivirus	Trojan.Win32.DarkKomet.fazbwq
Rising	Backdoor.Agent!1.BF3D (CLOUD)
Ad-Aware	Dropped:Trojan.GenericKD.33822205
Emsisoft	Dropped:Trojan.GenericKD.33822205 (B)
Comodo	Virus.Win32.Agent.DE@74b38h
F-Secure	Trojan:W97M/MaliciousMacro.GEN
Zillya	Trojan.Delf.Win32.76144
TrendMicro	Virus.Win32.NAPWHICH.B
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
FireEye	Generic.mg.3e1d6ff8af7bfaa0
Sophos	Mal/Generic-S
Ikarus	Trojan-PWS.Win32.QQPass
F-Prot	W32/Zorex.A
Jiangmin	Trojan.Generic.bhoqf
Webroot	W32.Malware.gen
Avira	WORM/Dldr.Agent.gqrxn
Fortinet	W32/Delf.NBX!tr
Antiy-AVL	Trojan/Win32.Wacatac
Endgame	malicious (high confidence)
Microsoft	Backdoor:MSIL/Bladabindi.OP
SUPERAntiSpyware	Adware.FileTour/Variant
ZoneAlarm	Backdoor.Win32.DarkKomet.hqxy
AhnLab-V3	Win32/Zorex.X1799
Acronis	suspicious
VBA32	TScope.Trojan.Delf
ALYac	Dropped:Trojan.GenericKD.33822205
MAX	malware (ai score=81)
Malwarebytes	Trojan.Agent
Panda	Trj/Genetic.gen
APEX	Malicious
Tencent	Virus.Win32.DarkKomet.a
Yandex	Riskware.GameHack!
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_100%
GData	Dropped:Trojan.GenericKD.33822205
MaxSecure	Trojan.Malware.121218.susgen
AVG	Other:Malware-gen [Trj]
Avast	Other:Malware-gen [Trj]
Qihoo-360	Win32/Virus.Synaptics.A