Malware

What is “Generic.MSIL.Bladabindi.1B7E01DF”?

Malware Removal

The Generic.MSIL.Bladabindi.1B7E01DF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.MSIL.Bladabindi.1B7E01DF virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the njRat malware family
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Generic.MSIL.Bladabindi.1B7E01DF?



File Info:

name: 6C1A53D3C9F2262CC060.mlw
path: /opt/CAPEv2/storage/binaries/74a3b00271b60e59a46ea76ad2ec1a8441fc655f4b780217ce4c9c5f2a729c5c
crc32: 86381AB5
md5: 6c1a53d3c9f2262cc06036f67425cd51
sha1: c040eb454c5913f4e8b5f707ef77bbaeb78ee782
sha256: 74a3b00271b60e59a46ea76ad2ec1a8441fc655f4b780217ce4c9c5f2a729c5c
sha512: dd1255b6b9f02c277720172da4329882931b142c0a3d54c9f24c2bcc733f05548a19e409462a657f0e373a841f6d27f2d64a1540c1c0fa785bbf4f4885f8cd84
ssdeep: 384:zslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZyc:EeEvwIlLMRpcnus
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T117B2290E3FB9C856C5BC1A7486A5965003B0A1470423EE2FCDC564DBAFB37D92D48AF9
sha3_384: 4da0b2fda0e368cfb14c1bd320d1dbc47fc212e2c8903c95e6fee2cc2a2c5d73a7720472ac5b093340423cb5b1485287
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-07-02 16:08:03


Version Info:

0: [No Data]

Generic.MSIL.Bladabindi.1B7E01DF also known as:

BkavW32.FamVT.binANHb.Worm
ElasticWindows.Trojan.Njrat
CynetMalicious (score: 100)
FireEyeGeneric.mg.6c1a53d3c9f2262c
CAT-QuickHealTrojan.Generic.TRFH5
McAfeeTrojan-FIGN
MalwarebytesBladabindi.Backdoor.Njrat.DDS
VIPREGeneric.MSIL.Bladabindi.1B7E01DF
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
BitDefenderGeneric.MSIL.Bladabindi.1B7E01DF
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduMSIL.Backdoor.Bladabindi.a
VirITBackdoor.Win32.Generic.AWM
CyrenW32/MSIL_Bladabindi.AU.gen!Eldorado
SymantecBackdoor.Ratenjay
ESET-NOD32MSIL/Bladabindi.BH
APEXMalicious
ClamAVWin.Packed.Generic-9795615-0
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Disfa.dtznyx
ViRobotBackdoor.Win32.Bladabindi.Gen.A
MicroWorld-eScanGeneric.MSIL.Bladabindi.1B7E01DF
TencentTrojan.Msil.Bladabindi.za
Ad-AwareGeneric.MSIL.Bladabindi.1B7E01DF
SophosML/PE-A + Troj/DotNet-P
ComodoBackdoor.MSIL.Bladabindi.A@566ygc
F-SecureTrojan.TR/Dropper.Gen7
DrWebTrojan.DownLoader23.25967
ZillyaTrojan.Disfa.Win32.27264
TrendMicroBKDR_BLADABI.SMC
McAfee-GW-EditionBehavesLike.Win32.BackdoorNJRat.mm
Trapminemalicious.moderate.ml.score
EmsisoftTrojan.Bladabindi (A)
IkarusTrojan.MSIL.Bladabindi
JiangminTrojanDropper.Autoit.dce
AviraTR/Dropper.Gen7
MAXmalware (ai score=86)
MicrosoftBackdoor:MSIL/Bladabindi
ArcabitGeneric.MSIL.Bladabindi.1B7E01DF
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataMSIL.Backdoor.Bladabindi.AV
AhnLab-V3Win-Trojan/Zbot.24064
Acronissuspicious
VBA32Trojan.MSIL.Disfa
ALYacGeneric.MSIL.Bladabindi.1B7E01DF
TACHYONBackdoor/W32.DN-NjRat.24064.Y
CylanceUnsafe
TrendMicro-HouseCallBKDR_BLADABI.SMI
RisingBackdoor.njRAT!1.9E49 (CLASSIC)
YandexTrojan.Agent!28GjWDalpXI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.LI!tr
BitDefenderThetaGen:NN.ZemsilF.34742.bmW@aaIjolb
AVGMSIL:Agent-DRD [Trj]
Cybereasonmalicious.3c9f22
AvastMSIL:Agent-DRD [Trj]

How to remove Generic.MSIL.Bladabindi.1B7E01DF?

Generic.MSIL.Bladabindi.1B7E01DF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment