Categories: Backdoor

Backdoor:Win32/Poison.BN malicious file

The Backdoor:Win32/Poison.BN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Poison.BN virus can do?

Behavioural detection: Executable code extraction – unpacking
Dynamic (imported) function loading detected
Reads data out of its own binary image
Unconventionial language used in binary resources: Sutu
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Backdoor:Win32/Poison.BN?


File Info:
name: D4B934356463943A4263.mlwpath: /opt/CAPEv2/storage/binaries/c75b84b9c9e2f7e1077b4eb9573cbb61e7fd0584a64106d9cbc1969a5051aa32crc32: 21B629BBmd5: d4b934356463943a42633ce060d21500sha1: 41e3712e3eaab336cfe17421bd887223800de823sha256: c75b84b9c9e2f7e1077b4eb9573cbb61e7fd0584a64106d9cbc1969a5051aa32sha512: 4998c6bfec81f61769d57b72f0ddf7e64bc9c70860b58f6fe4bc26ee5ce4d32e62a4e445ad27098aa22ce33f1d8977d155491e89eb0135031a16db17beee33afssdeep: 6144:uqiic+1U25W/MXddY3VFLV/kVWOOFeaLQd1:wicdE0FFLFIOFeagtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1BD54025F1FA75A03F11AA7B48A67FB9557B83C473962720FCBC0311256B229446A2FF0sha3_384: 65a259a71262a05b9580a9ffff44c9691d3d1daf2701abfdbd242fe550b6bcc1f170a175a57afac8e1390da93e58ccceep_bytes: e959e4ffff0000000000000007c7f6fbtimestamp: 2012-03-13 19:54:44
Version Info:
CompanyName: Аdobe Systems, Inc.FileDescription: Аdobe® Flаsh® Player Installer/Uninstaller 11.1 r103FileVersion: 11,1,103,55InternalName: Аdobe® Flаsh® Plаyer Installer/Uninstaller 11.1LegalCopyright: Copyright © 1996-2011 Аdobe, Inc.LegalTrademarks: Аdobe® Flash® PlayerOriginalFilename: FlаshUtil.exeProductName: Flаsh® Player Installer/UninstallerProductVersion: 11,1,103,55Translation: 0x0409 0x04b0

Backdoor:Win32/Poison.BN also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Xorist.tq1X
Elastic	malicious (high confidence)
ClamAV	Win.Trojan.Agent-356074
FireEye	Generic.mg.d4b934356463943a
McAfee	GenericRXAA-AA!D4B934356463
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0055e3991 )
Alibaba	Ransom:Win32/Xorist.76f5437b
K7GW	Trojan ( 0055e3991 )
Cybereason	malicious.564639
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Spy.KeyLogger.NTE
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Ransom.Win32.Xorist.gb
BitDefender	Gen:Variant.Barys.158895
NANO-Antivirus	Trojan.Win32.Xorist.bttmro
MicroWorld-eScan	Gen:Variant.Barys.158895
Avast	Win32:Malware-gen
Tencent	Malware.Win32.Gencirc.1149242c
Ad-Aware	Gen:Variant.Barys.158895
Comodo	Malware@#2u8gaphzxciwx
DrWeb	Trojan.Fakealert.29348
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_FRS.0NA103BL20
Ikarus	Backdoor.Poison
GData	Gen:Variant.Barys.158895
Jiangmin	Trojan/Xorist.bn
eGambit	Unsafe.AI_Score_100%
Avira	TR/Dropper.VB.Gen
Kingsoft	Win32.Troj.Undef.(kcloud)
Arcabit	Trojan.Barys.D26CAF
ViRobot	Trojan.Win32.A.Xorist.316416
Microsoft	Backdoor:Win32/Poison.BN
AhnLab-V3	Trojan/Win32.Xorist.C2500990
BitDefenderTheta	AI:Packer.EC6313E31F
ALYac	Gen:Variant.Barys.158895
MAX	malware (ai score=100)
VBA32	Trojan.VB.FlyCryptor
TrendMicro-HouseCall	TROJ_FRS.0NA103BL20
Rising	Ransom.Xorist!8.4A0 (CLOUD)
Yandex	Trojan.Xorist!FsF7xZh9Nk8
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Refroso.DZP!tr
Webroot	W32.Trojan.Gen
AVG	Win32:Malware-gen
Panda	Generic Malware
CrowdStrike	win/malicious_confidence_100% (W)