Malware

Bredo.22 (B) (file analysis)

Malware Removal

The Bredo.22 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Bredo.22 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Bredo.22 (B)?



File Info:

name: 81DA12B887B43CBA42F0.mlw
path: /opt/CAPEv2/storage/binaries/c9f070e3e8dd3414d397dd11f53ea9c924463584e43d553e8e59388707077810
crc32: CA4E4712
md5: 81da12b887b43cba42f0f734b61cc50f
sha1: 53e9606c92bca3086e8bddbb83c97e5eaa78b7e0
sha256: c9f070e3e8dd3414d397dd11f53ea9c924463584e43d553e8e59388707077810
sha512: 77287307d367db3228e79f15c6274b80dfad0cf4cb0dc7c466384daf7e83e9b49603f380ff56bc9a3fab1eadd1d98dc8f99f83d1b836a59f61853b6115c291fc
ssdeep: 3072:DeFJI9rIX/XftYUSCKSm/N41M2zDxj5fvl3Tp2JYslapbqj/WRm9m:DmIBW/XfWvpSgWW2zDxFfvl3vAap3Rm9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124F312413CC67506D2F6EB7AC19745901D319ECA0E6B7668FD0437AB0F23E64F92BA21
sha3_384: 5b9fe554320349c5bd82998c948df4020f40078aa94f55a12445ebf2188a6f048be502ad4e0dc9e853d7f3c5a063be19
ep_bytes: 60be004041008dbe00d0feff57eb0b90
timestamp: 2008-09-19 12:13:47


Version Info:

Comments: 
CompanyName: Avira GmbH
FileDescription: Antivirus Control Center
FileVersion: 8.00.70.08
InternalName: Control Center
LegalCopyright: Copyright © 2008 Avira GmbH. All rights reserved.
LegalTrademarks: AntiVir® is a registered trademark of Avira GmbH, Germany.
OriginalFilename: avcenter.exe
PrivateBuild: 
ProductName: AntiVir Workstation
ProductVersion: 8.00.70.08
SpecialBuild: 
Translation: 0x0800 0x04b0

Bredo.22 (B) also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.SpyEyes.l!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.387
MicroWorld-eScanGen:Variant.Bredo.22
FireEyeGeneric.mg.81da12b887b43cba
CAT-QuickHealTrojanBNK.Zbot.mue
ALYacGen:Variant.Bredo.22
VIPREVirTool.Win32.Obfuscator.da!j (v)
SangforTrojan.Win32.Kryptik.JAV
K7AntiVirusTrojan ( 004af95c1 )
AlibabaTrojanSpy:Win32/SpyEyes.4537a63c
K7GWTrojan ( 004af95c1 )
Cybereasonmalicious.887b43
BitDefenderThetaGen:NN.ZexaF.34212.jmKfaOcBCDhc
VirITTrojan.Win32.Generic.AOQE
CyrenW32/S-5f8a72a3!Eldorado
SymantecTrojan.Spyeye
ESET-NOD32a variant of Win32/Kryptik.JAV
TrendMicro-HouseCallTROJ_SPYEYE.SMEP
ClamAVWin.Packed.Zbot-9872123-0
KasperskyTrojan-Spy.Win32.SpyEyes.evn
BitDefenderGen:Variant.Bredo.22
NANO-AntivirusTrojan.Win32.ZBot.cpfyc
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.114de46e
Ad-AwareGen:Variant.Bredo.22
EmsisoftGen:Variant.Bredo.22 (B)
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
ZillyaTrojan.FakeAV.Win32.41677
TrendMicroTROJ_SPYEYE.SMEP
McAfee-GW-EditionPWS-Spyeye.fa
SophosMal/Generic-R + Mal/FakeAV-BW
IkarusTrojan.Win32.Spyeye
GDataGen:Variant.Bredo.22
JiangminTrojanSpy.SpyEyes.osx
eGambitGeneric.Malware
AviraTR/Crypt.EPACK.Gen2
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.BA39C5
ViRobotTrojan.Win32.A.SpyEyes.162816.E[UPX]
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot.TQ
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R2551
McAfeeArtemis!81DA12B887B4
VBA32Trojan.Zeus.EA.0999
CylanceUnsafe
APEXMalicious
RisingSpyware.SpyEyes!8.4AA (CLOUD)
YandexTrojan.Kryptik!3iiXCFhJzPc
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.1852287.susgen
FortinetW32/Kryptic!tr
WebrootW32.InfoStealer.Zeus
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Bredo.22 (B)?

Bredo.22 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment