Categories: Backdoor

Backdoor:Win32/Bifrose!pz (file analysis)

The Backdoor:Win32/Bifrose!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Bifrose!pz virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the embedded win api malware family
Anomalous binary characteristics
Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Bifrose!pz?


File Info:
name: 662F1C9A213619B17A38.mlwpath: /opt/CAPEv2/storage/binaries/51038523710774a5424acd475f8c0ac1e41bebd04a61034f598723b45bbf5287crc32: E0A7CC98md5: 662f1c9a213619b17a38f31a24259dc7sha1: 63fc28f4b0e5fac536ab79db41ed81627fa21398sha256: 51038523710774a5424acd475f8c0ac1e41bebd04a61034f598723b45bbf5287sha512: 952725334687c199d4ea284633dd8ab436568c7adf1a51186b5ecafb9f3c87470928ac52d6ea5e67e1bc61264b6114e9b93634c60e37e47a23bce8b92677f0cassdeep: 768:ZLh7TzTBziifTeiZSVWihwEEnh0L7OTLeNfQffJP:ZZ/nEEh8OTKNOPtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T135E2D08552DA58C1E1A2FF7C4CED0BE9A19889329EA6130F93BE80FD5F5064624AD4CDsha3_384: 06c2d4c7d27726bbb69ba35ce1296a590155a5130659c833c636bf51142f2902619bea10e8e8acd3ec992bff3f7b700fep_bytes: 558bec83ec4456ff15181040008bf08atimestamp: 2007-12-28 14:11:35
Version Info:
0: [No Data]

Backdoor:Win32/Bifrose!pz also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Dropper.SAG
ClamAV	Win.Trojan.Bifrose-28231
FireEye	Generic.mg.662f1c9a213619b1
CAT-QuickHeal	Backdoor.Bifrose.AE
Skyhigh	BehavesLike.Win32.Sality.nc
ALYac	Trojan.Dropper.SAG
Cylance	unsafe
Zillya	Virus.Bitforse.Win32.1
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Bifrose.6e1da63e
K7GW	Trojan ( 004bff5e1 )
K7AntiVirus	Backdoor ( 0040f49a1 )
BitDefenderTheta	AI:Packer.3F768CFC1E
VirIT	Trojan.Win32.Agent.BILX
Symantec	Backdoor.Bifrose
ESET-NOD32	Win32/Bifrose.NEE
Zoner	Trojan.Win32.36495
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Bifrose.fxv
BitDefender	Trojan.Dropper.SAG
NANO-Antivirus	Trojan.Win32.Bifrose.enscfe
SUPERAntiSpyware	Trojan.Agent/Gen-FraudPack
Avast	Win32:BackDoor-ZR [Trj]
Tencent	Trojan.Win32.Refroso.dejg
TACHYON	Trojan/W32.Midgare.32637
Emsisoft	Trojan.Dropper.SAG (B)
Baidu	Win32.Backdoor.Bifrose.a
F-Secure	Backdoor:W32/Bifrose.gen!E
DrWeb	Trojan.Inject.5077
VIPRE	Trojan.Dropper.SAG
TrendMicro	BKDR_BIFROSE.SMA
Trapmine	malicious.high.ml.score
Sophos	Mal/Bifrose-X
Ikarus	Backdoor.Win32.Prorat
GData	Trojan.Dropper.SAG
Jiangmin	Backdoor/Bifrose.fzf
Webroot	W32.Bifrose.Gen
Google	Detected
Avira	BDS/Bifrose.aec
Antiy-AVL	Trojan[Backdoor]/Win32.Bifrose.fxv
Kingsoft	Win32.Hack.Bifrose.fxv
Xcitium	Backdoor.Win32.Bifrost.~Q@7opw
Arcabit	Trojan.Dropper.SAG
ViRobot	Backdoor.Win32.A.Bifrose.32637.KZ
ZoneAlarm	Backdoor.Win32.Bifrose.fxv
Microsoft	Backdoor:Win32/Bifrose!pz
Varist	W32/Trojan2.BTDY
AhnLab-V3	Backdoor/Win32.Bifrose.R2880
Acronis	suspicious
McAfee	BackDoor-CEP.gen.g
MAX	malware (ai score=100)
VBA32	SScope.Trojan.Buzus.ak
Malwarebytes	Generic.Malware.AI.DDS
Panda	Bck/Bifrose.BFX
TrendMicro-HouseCall	BKDR_BIFROSE.SMA
Rising	Trojan.Win32.Midgare.hhn (CLASSIC)
Yandex	Trojan.GenAsa!4E42FGF2k2Y
SentinelOne	Static AI – Malicious PE
MaxSecure	Backdoor.W32.Refroso.djjg
Fortinet	W32/Bifrose.ZXE!tr
AVG	Win32:BackDoor-ZR [Trj]
Cybereason	malicious.4b0e5f
DeepInstinct	MALICIOUS