Categories: Backdoor

Should I remove “Bifrose.Backdoor.Bot.DDS”?

The Bifrose.Backdoor.Bot.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bifrose.Backdoor.Bot.DDS virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Bifrose.Backdoor.Bot.DDS?



File Info:

name: 6EB73F8DCCE138B530DD.mlwpath: /opt/CAPEv2/storage/binaries/6b9f6d7bcd31365252ab27761ff66f0f3d51105a2af7ba7c31256bcea0470977crc32: CE2112D9md5: 6eb73f8dcce138b530dd8780fc0a3358sha1: 13255136148f6b64589d6abcc5f93117591741a8sha256: 6b9f6d7bcd31365252ab27761ff66f0f3d51105a2af7ba7c31256bcea0470977sha512: b864a4a49fce5c492f9316bd9244286933b08a22bc88f0269db4fb935aafdf83ff36635886c4522870a098ce086bb555068c81a30fec014121c2799fb5f5523essdeep: 3072:/bKH4+HPuNLKClXVHVkLOzrrAr6nwT7pZCeTDxTws4odO67Vi5qQE7fd1M:zHSMAcS7dxs0O605qjrwtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T13564C43A69B9622BD1B5C2B5CBD68537F414EC3730112926A9C3BB49473798379C323Esha3_384: f6b15130a3d0d357b71870e2a1fdff84b9c726532e6efc7ece3347812aadedbc476eb88134781d8e56b25f1fa35f439eep_bytes: 684c1c4000e8eeffffff000000000000timestamp: 2008-09-17 21:36:48

Version Info:

Translation: 0x0409 0x04b0Comments: C4OBQdUREjCompanyName: CE8nxyrFiGFileDescription: eALegalCopyright: owA6hOvgLegalTrademarks: qWdProductName: NXu8XPFileVersion: 9.35.0042ProductVersion: 9.35.0042InternalName: 00OriginalFilename: 00.exe

Bifrose.Backdoor.Bot.DDS also known as:

Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Cossta.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.62404710
ClamAV Win.Dropper.Bifrost-9985228-0
CAT-QuickHeal Trojan.VBInject
ALYac Trojan.GenericKD.62404710
Malwarebytes Bifrose.Backdoor.Bot.DDS
VIPRE Trojan.GenericKD.62404710
Sangfor Suspicious.Win32.Save.vb
K7AntiVirus Trojan ( 0054ec131 )
Alibaba Trojan:Win32/Cossta.d7fcd187
K7GW Trojan ( 0054ec131 )
Cybereason malicious.dcce13
Cyren W32/VBInject.AH.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/Bifrose.NUC
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.Cossta.pdv
BitDefender Trojan.GenericKD.62404710
NANO-Antivirus Virus.Win32.Sality.bgiylc
Avast Win32:GenMalicious-KJI [Trj]
Tencent Trojan.Win32.Cossta.xa
Emsisoft Trojan.GenericKD.62404710 (B)
F-Secure Trojan.TR/Crypt.XPACK.Gen
DrWeb Trojan.VbCrypt.8
Zillya Trojan.Cossta.Win32.6500
TrendMicro Ransom_HPCERBER.SMJ
McAfee-GW-Edition BehavesLike.Win32.VBObfus.fm
Trapmine malicious.high.ml.score
FireEye Generic.mg.6eb73f8dcce138b5
Sophos Mal/VB-ZL
SentinelOne Static AI – Malicious PE
GData Trojan.GenericKD.62404710
Avira TR/Crypt.XPACK.Gen
MAX malware (ai score=85)
Antiy-AVL Trojan/Win32.Cossta
Xcitium TrojWare.Win32.Injector.dec@4mpx5r
Arcabit Trojan.Generic.D3B83866
ZoneAlarm Trojan.Win32.Cossta.pdv
Microsoft VirTool:Win32/VBInject.UG
Google Detected
AhnLab-V3 Trojan/Win32.Refroso.C138872
Acronis suspicious
McAfee Generic VB.fl
VBA32 BScope.Trojan.VBKrypt
Cylance unsafe
TrendMicro-HouseCall Ransom_HPCERBER.SMJ
Rising HackTool.VBInject!8.1A0 (TFE:1:kAGxm7L4cuD)
Yandex Trojan.VBInject.Gen.8
Ikarus Trojan-Dropper.Win32.VB
MaxSecure Trojan.WIN32.Cossta.pdv
Fortinet W32/Bifrose.NKY!tr
BitDefenderTheta AI:Packer.81445A561D
AVG Win32:GenMalicious-KJI [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)

How to remove Bifrose.Backdoor.Bot.DDS?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: 00Bifrose.Backdoor.Bot.DDS
11 months ago

Recent Posts

Malware.AI.1637728237 removal guide

The Malware.AI.1637728237 is considered dangerous by lots of security experts. When this infection is active,…

13 mins ago

Malware.AI.3853500047 removal instruction

The Malware.AI.3853500047 is considered dangerous by lots of security experts. When this infection is active,…

14 mins ago

About “Malware.Heuristic.2013” infection

The Malware.Heuristic.2013 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Application.Bundler.iStartSurf.264 (file analysis)

The Application.Bundler.iStartSurf.264 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Should I remove “Ursu.726157”?

The Ursu.726157 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

About “Virus:Win32/Xpaj.B” infection

The Virus:Win32/Xpaj.B is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago