Malware

What is “Generic.MSIL.Bladabindi.661DB8CF”?

Malware Removal

The Generic.MSIL.Bladabindi.661DB8CF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generic.MSIL.Bladabindi.661DB8CF virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • CAPE detected the njRat malware family
  • Creates a copy of itself

How to determine Generic.MSIL.Bladabindi.661DB8CF?


File Info:

name: 6C9B586894A16823FA1D.mlw
path: /opt/CAPEv2/storage/binaries/f1c304ef79d0e12da9872dbc070807fc8bb23a06b289df21c27751b22d1ab746
crc32: E008748B
md5: 6c9b586894a16823fa1d3100ab1a8bef
sha1: e1015e497546274eb0bc32d0a0d1212875577e33
sha256: f1c304ef79d0e12da9872dbc070807fc8bb23a06b289df21c27751b22d1ab746
sha512: 8c6456ed3e238dd3118edc437257783520ea87a4d84e425a9cbdb89b0b34a07e0d0243e1f3291329f95f1a14993d65f6811be59658ceeefbeb1839b5c05dc131
ssdeep: 1536:huLeuLXtLwbKCEAj5d11tpjEwzGi1dDOD7gS:huLeiwbKCEo5P/mi1dw0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC93E88977E96524E4BF56F75471F2004F34B48B1642E39D98F118AB0A33AC44F85FEA
sha3_384: ff93899e4243f7fead879c3e15ed0da9a34b17c822e9973d48e56ff90b219e72ec3774ac52a77815914217f921d5a1ca
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-09-24 19:18:32

Version Info:

0: [No Data]

Generic.MSIL.Bladabindi.661DB8CF also known as:

BkavW32.PrimeaClefAF.Trojan
LionicHeuristic.File.Generic.00×1!p
DrWebTrojan.MulDrop7.62625
MicroWorld-eScanGeneric.MSIL.Bladabindi.661DB8CF
FireEyeGeneric.mg.6c9b586894a16823
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacGeneric.MSIL.Bladabindi.661DB8CF
CylanceUnsafe
VIPREGeneric.MSIL.Bladabindi.661DB8CF
SangforSuspicious.Win32.Save.a
K7AntiVirusEmailWorm ( 00555f371 )
AlibabaMalware:Win32/Dorpal.ali1000029
K7GWEmailWorm ( 00555f371 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34682.fiW@aeBbeBb
VirITTrojan.Win32.MulDrop7.DOQR
CyrenW32/Trojan.BVX.gen!Eldorado
SymantecML.Attribute.HighConfidence
ElasticWindows.Trojan.Njrat
ESET-NOD32a variant of MSIL/Autorun.Spy.Agent.R
APEXMalicious
TrendMicro-HouseCallBackdoor.MSIL.BLADABINDI.SMJJ
Paloaltogeneric.ml
ClamAVWin.Packed.Generic-9795615-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGeneric.MSIL.Bladabindi.661DB8CF
NANO-AntivirusTrojan.Win32.TrjGen.dkmeat
AvastWin32:KeyloggerX-gen [Trj]
TencentTrojan.Win32.Bladabindi.16000442
Ad-AwareGeneric.MSIL.Bladabindi.661DB8CF
SophosML/PE-A + Mal/MsilPKill-C
TrendMicroBackdoor.MSIL.BLADABINDI.SMJJ
McAfee-GW-EditionBehavesLike.Win32.Generic.nm
Trapminemalicious.moderate.ml.score
EmsisoftGeneric.MSIL.Bladabindi.661DB8CF (B)
SentinelOneStatic AI – Malicious PE
GoogleDetected
AviraTR/Dropper.Gen
MAXmalware (ai score=84)
MicrosoftBackdoor:MSIL/Bladabindi.BN
ArcabitGeneric.MSIL.Bladabindi.661DB8CF
ZoneAlarmHEUR:Trojan.Win32.Agent.gen
GDataMSIL.Backdoor.Agent.AXJ
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Bladabindi.R295982
Acronissuspicious
McAfeeTrojan-FIDH!6C9B586894A1
VBA32Trojan.MSIL.Bladabindi.Heur
MalwarebytesGeneric.Worm.Autorun.DDS
RisingBackdoor.njRAT!1.A096 (CLASSIC)
IkarusTrojan.MSIL.Bladabindi
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Bladabindi.LX!tr
AVGWin32:KeyloggerX-gen [Trj]
Cybereasonmalicious.894a16
PandaTrj/CI.A

How to remove Generic.MSIL.Bladabindi.661DB8CF?

Generic.MSIL.Bladabindi.661DB8CF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment