Malware

Bredo.2 (B) malicious file

Malware Removal

The Bredo.2 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bredo.2 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Spanish (Ecuador)
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Bredo.2 (B)?



File Info:

name: 7F9C588758E8BFF60945.mlw
path: /opt/CAPEv2/storage/binaries/6bde20fbbccf7659cb0b3c701ee57f0cd21b22d46313dfaecd217b50978187b9
crc32: B9BCC819
md5: 7f9c588758e8bff60945fffdc346e060
sha1: fcc397136b57f652ea903e76a956a87a83f2d264
sha256: 6bde20fbbccf7659cb0b3c701ee57f0cd21b22d46313dfaecd217b50978187b9
sha512: b665048f542a45ad493bf31aa3a2f71a14214e16a2bad46757a701b33bc6ccf86472b6bbdf5eb05e620a89c3e09d9dbd3413cc503a31f88e821c34e2c930f8c8
ssdeep: 6144:3GIlP24xoN9eyejqqpSJ9Y33lu6puiXjbXR:dXxoLxBKSW3luCuiXvXR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19F24E0F3593A6AAAC37D0FBCC392045FC50059B42ED7047E029E6BD6C1819E0BADE5B5
sha3_384: ba428397b51ada6f2b34f86d05951b2cb7ebaaed1bebd44825e96633e95ed365c18f5fec244fbc3b8815da1119057d5c
ep_bytes: 558bec83c4cc8b3da4254300893d9027
timestamp: 2011-01-23 00:43:03


Version Info:

KBH86rLTtS6qFUal: t3EogIhCtaM
ProductName: Duhi
shWGwBKkxvrCyJ: ISs8fFepGOgxIS
InternalName: Uxado
tRyddKdpkDqchK8cp: ksBDxu7RR6vQKCwa
OriginalFilename: Qo7og4nwrro.exe
RP7DnlrLmWDR1: RUdTBSbSjgoF
kwxbnKtceiqd: Jk5KlvHsSXnn3mLR4Ko
iyXWa6hlCYx212o: dp4mVSdGm8jDYsp
sptsOG3MgIw1B5qbE7Xc: uTJ5ekDluHLYp
FileDescription: Bota Inij Gotow
5m6WHIATpYTKy: Nbwpr1RDifhP4c8
88pboLNnGEckNx: NPXP3NrahXr
pl1IntACsvwdUEdn6: 7cfrsdNH1hJ28K4XLOQk
CompanyName: AppStream Inc.
BD6kxnBpR3IuH: Ijb35CMtHK32omxWmCc
Xr1LNdjx6G: cHNaXPWBF7NMoR7icUQ
Translation: 0x0409 0x04b0

Bredo.2 (B) also known as:

LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.547
MicroWorld-eScanGen:Variant.Bredo.2
FireEyeGeneric.mg.7f9c588758e8bff6
ALYacGen:Variant.Bredo.2
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.117399
SangforSuspicious.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanSpy:Win32/ZboCheMan.f6022b1e
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.758e8b
BitDefenderThetaGen:NN.ZexaF.34212.nq1@aigKlXU
VirITTrojan.Win32.Generic.JKH
SymantecTrojan.Zbot
ESET-NOD32Win32/Spy.Zbot.YW
TrendMicro-HouseCallTSPY_ZBOT.WMP
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Bredo.2
NANO-AntivirusTrojan.Win32.Panda.ctmxem
AvastWin32:MalPack-G [Trj]
TencentMalware.Win32.Gencirc.114be201
Ad-AwareGen:Variant.Bredo.2
EmsisoftGen:Variant.Bredo.2 (B)
ComodoMalware@#gte2z341rfvk
F-SecureHeuristic.HEUR/AGEN.1233354
VIPRETrojan.Win32.Zbot.dx (v)
TrendMicroTSPY_ZBOT.WMP
McAfee-GW-EditionPWS-Zbot-FAXS!7F9C588758E8
SophosMal/Generic-R + Mal/ZboCheMan-N
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Bredo.2
JiangminTrojanSpy.Zbot.dbpt
WebrootW32.Rogue.Gen
AviraHEUR/AGEN.1233354
MAXmalware (ai score=100)
Antiy-AVLTrojan[Spy]/Win32.Zbot
ArcabitTrojan.Bredo.2
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot
CynetMalicious (score: 99)
AhnLab-V3Spyware/Win32.Zbot.R65207
McAfeePWS-Zbot-FAXS!7F9C588758E8
TACHYONTrojan/W32.Agent.223232.KZ
VBA32BScope.Trojan.MTA.0661
MalwarebytesGeneric.Malware/Suspicious
APEXMalicious
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojanSpy.Zbot!5/4/G1mOorM
IkarusTrojan-PWS.Win32.Zbot
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Kryptik.AGAJ!tr
AVGWin32:MalPack-G [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Bredo.2 (B)?

Bredo.2 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment