Categories: Backdoor

Backdoor:Win32/Bladabindi!rfn (file analysis)

The Backdoor:Win32/Bladabindi!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Bladabindi!rfn virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Backdoor:Win32/Bladabindi!rfn?


File Info:
name: F1EB584E3ACC3C4E6E0C.mlwpath: /opt/CAPEv2/storage/binaries/213489494aeda6b5541d99d02c1f4086cfc86995e678ef09ec5b44f99e66fb66crc32: E9F705D0md5: f1eb584e3acc3c4e6e0cfb8335805233sha1: bdb1094a91542d0f788aad5d705c6caa5d49939esha256: 213489494aeda6b5541d99d02c1f4086cfc86995e678ef09ec5b44f99e66fb66sha512: 54101f03f5015a344dcaac19ba220d32815e891161614021d47376fd18e7f9053ffdae46bd5061516b5f1ba12fde253b6d728f2cf38c39482c348c4b4e38d05essdeep: 3072:thleewgqW74GpaVMwmyVU55OUYUYUYUYQVODiwG18RP9JO92:tTeewgz43DVU551BwG18RlJO9type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1BB146DF17A874297C9E7A4B34F5CE36CA0FC0FEB185B4117B2396A0DB735E942A42152sha3_384: 1a3bcc0a3f400bdae290934475aa2e99706b9fe453553188abf3dd131342acf808872a435b863b01ac2a6fa8fc5154efep_bytes: ff250020400000000000000000000000timestamp: 2020-08-25 15:27:25
Version Info:
Translation: 0x0000 0x04b0Comments: CompanyName: FileDescription: LauncherFileVersion: 1.0.0.0InternalName: LUNCHER CRACKING.exeLegalCopyright: Copyright ©  2020LegalTrademarks: OriginalFilename: LUNCHER CRACKING.exeProductName: LauncherProductVersion: 1.0.0.0Assembly Version: 1.0.0.0

Backdoor:Win32/Bladabindi!rfn also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Bulz.4!c
MicroWorld-eScan	IL:Trojan.MSILZilla.9866
FireEye	Generic.mg.f1eb584e3acc3c4e
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
McAfee	GenericRXOA-BP!F1EB584E3ACC
Cylance	Unsafe
Sangfor	Trojan.MSIL.Agent.UAT
K7AntiVirus	Trojan ( 0057a7da1 )
BitDefender	IL:Trojan.MSILZilla.9866
K7GW	Trojan ( 0057a7da1 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/Trojan.FRF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.UAT
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Malware.Msilperseus-9811769-0
Kaspersky	HEUR:Trojan.MSIL.Agentb.gen
Alibaba	Backdoor:MSIL/Agentb.1c9024e0
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:hupaf0ezWOtOo2TbjGTnuQ)
Ad-Aware	IL:Trojan.MSILZilla.9866
Sophos	Mal/Generic-S
DrWeb	Trojan.StarterNET.4
TrendMicro	TROJ_GEN.R002C0DCI22
McAfee-GW-Edition	GenericRXOA-BP!F1EB584E3ACC
Emsisoft	IL:Trojan.MSILZilla.9866 (B)
SentinelOne	Static AI – Malicious PE
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1222868
Microsoft	Backdoor:Win32/Bladabindi!rfn
SUPERAntiSpyware	Trojan.Agent/Gen-MSILPerseus
GData	MSIL.Trojan.PSE.Z1XA1D
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Win32.RL_Generic.C4195903
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZemsilF.34606.mm0@a8Dfl4o
ALYac	IL:Trojan.MSILZilla.9866
MAX	malware (ai score=87)
VBA32	TScope.Trojan.MSIL
Malwarebytes	Bladabindi.Backdoor.Njrat.DDS
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DCI22
Tencent	Msil.Trojan.Msilperseus.Edxj
Yandex	Trojan.Igent.bVuI7j.53
Ikarus	Trojan.MSIL.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Bulz.7155!tr
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.e3acc3
Avast	Win32:RATX-gen [Trj]