Categories: Backdoor

Backdoor:Win32/Bifrose.ES (file analysis)

The Backdoor:Win32/Bifrose.ES is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Bifrose.ES virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the embedded win api malware family
Anomalous binary characteristics
Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Bifrose.ES?


File Info:
name: DE9859D69542BFEF5B5B.mlwpath: /opt/CAPEv2/storage/binaries/925637305d5e8eb734efd3ed38c092628d3513cc4836d01125cf62ccd10f673ccrc32: 05127922md5: de9859d69542bfef5b5b5821efdb1956sha1: 94a435743ead30729b54a15f3d791d4b3ec8d051sha256: 925637305d5e8eb734efd3ed38c092628d3513cc4836d01125cf62ccd10f673csha512: e280146c76b79368a790419fed764dc502a755adf3b027106b95b5090f6a5da750152a0235dc2bed964f2280812cb3e0a369c81370efa6ec540ee3e227339d71ssdeep: 3072:x6w+UCejNTYUFrBZHldZUQoBmE9ywzxNXXFs44iFfXyhOZXMVM6hM3FYUFrlOjZI:x6P6fyzB9PtJX74pO1MKXXqdKBykXMlYtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1592402EE4A85C44AE3FD563170D8C848A61DECF68BBA47FAC1C1F7B9D5FD42096050A2sha3_384: 36682cc6ff639083aa755e18aa171c7ae325e3e54563e7f7c93d6b586b3749b8b65241c8b4fb32a3c15480249d5571e9ep_bytes: 558bec83ec4456ff15141040008bf08atimestamp: 2007-07-24 13:02:46
Version Info:
0: [No Data]

Backdoor:Win32/Bifrose.ES also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Bifrose.lj8w
tehtris	Generic.Malware
MicroWorld-eScan	Backdoor.Bifrose.ZXE
FireEye	Generic.mg.de9859d69542bfef
Skyhigh	BehavesLike.Win32.Generic.dc
McAfee	BackDoor-CEP.ak.gen.a
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Backdoor:Win32/Bifrose.c2dc9fca
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Backdoor.Bifrose.ZXE
BitDefenderTheta	AI:Packer.9150F90020
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Bifrose.NHD
APEX	Malicious
ClamAV	Win.Trojan.Bifrose-420
Kaspersky	Backdoor.Win32.Agent.uek
BitDefender	Backdoor.Bifrose.ZXE
NANO-Antivirus	Trojan.Win32.Agent.ciqch
Avast	Win32:Agent-AAKP [Trj]
Tencent	Malware.Win32.Gencirc.10b1a144
Sophos	ML/PE-A
Baidu	Win32.Backdoor.Bifrose.ac
F-Secure	Trojan.TR/Agent.gdzs
DrWeb	BackDoor.Bifrost.816
VIPRE	Backdoor.Bifrose.ZXE
TrendMicro	TROJ_AGENT.AGY
Trapmine	malicious.high.ml.score
Emsisoft	Backdoor.Bifrose.ZXE (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/Agent.wpy
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Agent.gdzs
Varist	W32/Trojan.INKG-7127
Antiy-AVL	Trojan[Backdoor]/Win32.Agent.uek
Kingsoft	Win32.Hack.Agent.uek
Xcitium	TrojWare.Win32.Agent.~MQ@7p29
Microsoft	Backdoor:Win32/Bifrose.ES
ViRobot	Backdoor.Win32.Agent.40349
ZoneAlarm	Backdoor.Win32.Agent.uek
GData	Backdoor.Bifrose.ZXE
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.CSon.R450
VBA32	Backdoor.Agent
ALYac	Backdoor.Bifrose.ZXE
MAX	malware (ai score=100)
Malwarebytes	Generic.Malware.AI.DDS
Panda	Bck/Bifrose.BHP
Zoner	Trojan.Win32.36969
TrendMicro-HouseCall	TROJ_AGENT.AGY
Rising	Trojan.FakeIcon!1.9A3A (CLASSIC)
Yandex	Trojan.GenAsa!M5CWC9hpa0Q
Ikarus	Trojan.Win32.Midgare
Fortinet	W32/Agent.CND!tr
AVG	Win32:Agent-AAKP [Trj]
Cybereason	malicious.43ead3
DeepInstinct	MALICIOUS