Malware

Generic.MSIL.Bladabindi.16C48443 removal

Malware Removal

The Generic.MSIL.Bladabindi.16C48443 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Generic.MSIL.Bladabindi.16C48443 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • CAPE detected the njRat malware family
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Generic.MSIL.Bladabindi.16C48443?


File Info:

name: 44EEC5B478E1982481B1.mlw
path: /opt/CAPEv2/storage/binaries/bcec1442b3fbbc76244d114e303e81a3dda77e82820f6f1d7c3ba4c0df2f2f8b
crc32: B54C78FC
md5: 44eec5b478e1982481b1cca29d80bb8a
sha1: 9537fd4feb3b9b70549d944845cce78dd9e117ce
sha256: bcec1442b3fbbc76244d114e303e81a3dda77e82820f6f1d7c3ba4c0df2f2f8b
sha512: 0c35842db21edd6e32d74bc82c7fc187c1c85bb7fc911b932dbcbebb87ccf3ddb2c3b42a51b6a74bef25b38ce59b279455d06c8ef83df205af910bd57f36f57f
ssdeep: 384:IuFTgiG1CRZfursvO6yszMFs/DSTHv0mkrAF+rMRTyN/0L+EcoinblneHQM3epzX:lFN5WpszMFsmjv0vrM+rMRa8NuMat
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17C032A4D7FE18168C9FD057B05B2D41207BAE04B6E23D90ECEF564AA37636C58B50AF1
sha3_384: fcec01c8f12a45fa9aacd89f47074b8409c7dcd7352d2e1c10abcb1fbb05b4f6f7329215b7440a678cfecd0c543e656d
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-09-22 20:07:06

Version Info:

0: [No Data]

Generic.MSIL.Bladabindi.16C48443 also known as:

BkavW32.AIDetectNet.01
MicroWorld-eScanGeneric.MSIL.Bladabindi.16C48443
ClamAVWin.Packed.Bladabindi-7994427-0
FireEyeGeneric.mg.44eec5b478e19824
CAT-QuickHealBackdoor.Bladabindi.B3
ALYacGeneric.MSIL.Bladabindi.16C48443
CylanceUnsafe
VIPREGeneric.MSIL.Bladabindi.16C48443
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
K7GWTrojan ( 700000121 )
Cybereasonmalicious.478e19
BaiduMSIL.Backdoor.Bladabindi.a
VirITTrojan.Win32.DownLoader21.BPQW
CyrenW32/MSIL_Troj.AP.gen!Eldorado
SymantecBackdoor.Ratenjay!gen3
ElasticWindows.Trojan.Njrat
ESET-NOD32MSIL/Bladabindi.NZ
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGeneric.MSIL.Bladabindi.16C48443
NANO-AntivirusTrojan.Win32.Autoruner2.ebrjyu
AvastMSIL:Bladabindi-JK [Trj]
TencentTrojan.Msil.Bladabindi.fa
Ad-AwareGeneric.MSIL.Bladabindi.16C48443
SophosML/PE-A + Troj/Bbindi-W
ComodoTrojWare.MSIL.Spy.Agent.CP@4pqytu
DrWebTrojan.DownLoader21.44181
ZillyaTrojan.Bladabindi.Win32.74276
TrendMicroBKDR_BLADABI.SMC
McAfee-GW-EditionBehavesLike.Win32.Trojan.nm
Trapminemalicious.high.ml.score
EmsisoftWorm.Bladabindi (A)
SentinelOneStatic AI – Malicious PE
JiangminTrojanDropper.Autoit.dce
AviraTR/ATRAPS.Gen
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASBOL.A8F4
MicrosoftTrojan:MSIL/njRAT.RDSA!MTB
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataMSIL.Trojan-Spy.Bladabindi.BQ
GoogleDetected
AhnLab-V3Trojan/Win32.Korat.R207428
Acronissuspicious
McAfeeTrojan-FIGN
TACHYONTrojan/W32.DN-Agent.37888.BJ
VBA32Downloader.MSIL.gen
MalwarebytesBackdoor.NJRat
RisingBackdoor.njRAT!1.9E49 (CLASSIC)
YandexTrojan.Agent!v6d32UwcBoo
IkarusTrojan.MSIL.Bladabindi
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Bladabindi.AS!tr
BitDefenderThetaGen:NN.ZemsilF.34682.cmW@aaHGjNo
AVGMSIL:Bladabindi-JK [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Generic.MSIL.Bladabindi.16C48443?

Generic.MSIL.Bladabindi.16C48443 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment