Generic.MSIL.Bladabindi.4A11F30F (file analysis)

The Generic.MSIL.Bladabindi.4A11F30F is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.MSIL.Bladabindi.4A11F30F virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics
Uses Windows utilities for basic functionality
Sniffs keystrokes
Installs itself for autorun at Windows startup
CAPE detected the njRat malware family
Creates known Njrat/Bladabindi RAT registry keys

How to determine Generic.MSIL.Bladabindi.4A11F30F?


File Info:
name: B258BAB4281EE6D1CF05.mlw
path: /opt/CAPEv2/storage/binaries/6c1d4182232f03ac00c1a417b762551dabc1a85445248f39190f5853105cb9a5
crc32: 1A0941D1
md5: b258bab4281ee6d1cf05681cea20b7be
sha1: c175b404f99d74b467623feed24e3acd175d6a1e
sha256: 6c1d4182232f03ac00c1a417b762551dabc1a85445248f39190f5853105cb9a5
sha512: fb0a269c29728bbe75f86268c1a3a98a38f0695081aaa35fa5c6db2124bba5027f2a4b4908369ee88d46eca6f548da4c5fb2e8b29ae426333d3c5979d47cb9ce
ssdeep: 384:xsqCm6yocx/Yp7jemiO0nd08/VQ6bgNQC5h7tmRvR6JZlbw8hqIusZzZHqZ:KSoQA6mlcrRpcnuB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T199B20A4E3FB98856D57C16748AA6965003B4918B0423EE2FCCC550CBAFB3BD91D4CAF9
sha3_384: 41432aea726277f817bbccd46d28a71da1346b8e4027c2b95aeec1e2038d7787d2398e5ef15a71e5091b0179f1975e31
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-01-10 22:13:41

Version Info:
0: [No Data]

Generic.MSIL.Bladabindi.4A11F30F also known as:

Bkav	W32.FamVT.binANHb.Worm
Lionic	Trojan.Win32.Generic.mAmC
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.MSIL.Bladabindi.4A11F30F
FireEye	Generic.mg.b258bab4281ee6d1
CAT-QuickHeal	Backdoor.Bladabindi.AL3
ALYac	Generic.MSIL.Bladabindi.4A11F30F
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
K7GW	Trojan ( 700000121 )
Cybereason	malicious.4281ee
BitDefenderTheta	Gen:NN.ZemsilF.34114.bmW@aO96iUn
VirIT	Backdoor.Win32.Generic.AWM
Cyren	W32/MSIL_Bladabindi.AU.gen!Eldorado
Symantec	Backdoor.Ratenjay
ESET-NOD32	MSIL/Bladabindi.BC
Baidu	MSIL.Backdoor.Bladabindi.a
APEX	Malicious
ClamAV	Win.Dropper.njRAT-7436651-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Generic.MSIL.Bladabindi.4A11F30F
NANO-Antivirus	Trojan.Win32.Disfa.dtznyx
Avast	MSIL:Agent-DRD [Trj]
Tencent	Win32.Trojan.Generic.Pdca
Ad-Aware	Generic.MSIL.Bladabindi.4A11F30F
Emsisoft	Trojan.Bladabindi (A)
Comodo	Backdoor.MSIL.Bladabindi.A@566ygc
DrWeb	Trojan.DownLoader19.37002
VIPRE	Backdoor.MSIL.Bladabindi.a (v)
TrendMicro	BKDR_BLADABI.SMC
McAfee-GW-Edition	BehavesLike.Win32.BackdoorNJRat.mm
Sophos	ML/PE-A + Troj/MSIL-HX
Ikarus	Trojan.MSIL.Bladabindi
Jiangmin	TrojanDropper.Autoit.dce
Avira	TR/Dropper.Gen7
Antiy-AVL	Trojan/Generic.ASBOL.A8F4
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Backdoor:MSIL/Bladabindi
ViRobot	Backdoor.Win32.Bladabindi.Gen.A
GData	MSIL.Backdoor.Bladabindi.AV
Cynet	Malicious (score: 100)
AhnLab-V3	Backdoor/Win32.Bladabindi.R91438
Acronis	suspicious
McAfee	Trojan-FIGN
MAX	malware (ai score=82)
VBA32	Trojan.MSIL.Disfa
Malwarebytes	Backdoor.NJRat
TrendMicro-HouseCall	BKDR_BLADABI.SMC
Rising	Backdoor.Njrat!1.9E49 (CLASSIC)
Yandex	Trojan.Agent!0kgviirP5gc
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_100%
Fortinet	MSIL/Agent.LI!tr
AVG	MSIL:Agent-DRD [Trj]
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.300983.susgen

How to remove Generic.MSIL.Bladabindi.4A11F30F?

Generic.MSIL.Bladabindi.4A11F30F removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Generic.MSIL.Bladabindi.4A11F30F (file analysis)

Gridinsoft Anti-Malware

How to determine Generic.MSIL.Bladabindi.4A11F30F?

File Info:

Version Info:

Generic.MSIL.Bladabindi.4A11F30F also known as:

How to remove Generic.MSIL.Bladabindi.4A11F30F?

About the author

Paul Valéry

Leave a Comment X

Gridinsoft Anti-Malware

How to determine Generic.MSIL.Bladabindi.4A11F30F?

File Info:

Version Info:

Generic.MSIL.Bladabindi.4A11F30F also known as:

How to remove Generic.MSIL.Bladabindi.4A11F30F?

You may also like

About the author

Paul Valéry

Leave a Comment X