Categories: Malware

Generic.MSIL.Bladabindi.80D07E88 (file analysis)

The Generic.MSIL.Bladabindi.80D07E88 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.MSIL.Bladabindi.80D07E88 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
Anomalous .NET characteristics
Uses Windows utilities for basic functionality
Sniffs keystrokes
Created a process from a suspicious location
Installs itself for autorun at Windows startup
CAPE detected the njRat malware family
Creates a copy of itself
Creates known Njrat/Bladabindi RAT registry keys

How to determine Generic.MSIL.Bladabindi.80D07E88?


File Info:
name: 360D6880DFE8A04982BF.mlwpath: /opt/CAPEv2/storage/binaries/3371b81f78f66a20e7b276369541694fb9e34c6c446488b7842e0439bf16277dcrc32: FCCEAAFDmd5: 360d6880dfe8a04982bf470889f25ab0sha1: 2c37294bd9f0473356eae9251e3c2b31b437eef6sha256: 3371b81f78f66a20e7b276369541694fb9e34c6c446488b7842e0439bf16277dsha512: 43a6575db70a6be45464e4bdf7e8c2dbe9987de283e3f429e19a81df504058a8ea156308aab50bef567188b47b7801cda65c7526b2f9126de40de8941f688a6dssdeep: 384:fMKFYuEEhERvoBG16Xuy0MHNw6Tg1Y+75JTFmRvR6JZlbw8hqIusZzZaE:0W4V6+yDRpcnu0type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T16FB21A0E3FA98856C5BC1B7486A5965003B491870413EE2FCDC554CBAFB3BD91D4CAF9sha3_384: 0c4614f4acff44376a1b9ff843c16c873196715391b84813712b1f3e95b8682a20a80dde6b5d83223502e6ca2a4d7081ep_bytes: ff250020400000000000000000000000timestamp: 2022-05-04 17:12:18
Version Info:
0: [No Data]

Generic.MSIL.Bladabindi.80D07E88 also known as:

Bkav	W32.FamVT.binANHb.Worm
MicroWorld-eScan	Generic.MSIL.Bladabindi.80D07E88
FireEye	Generic.mg.360d6880dfe8a049
CAT-QuickHeal	Trojan.Generic.TRFH5
McAfee	Trojan-FIGN
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
BitDefender	Generic.MSIL.Bladabindi.80D07E88
K7GW	Trojan ( 700000121 )
Cybereason	malicious.0dfe8a
Baidu	MSIL.Backdoor.Bladabindi.a
VirIT	Backdoor.Win32.Generic.AWM
Cyren	W32/MSIL_Bladabindi.AU.gen!Eldorado
Symantec	Backdoor.Ratenjay
Elastic	malicious (high confidence)
ESET-NOD32	MSIL/Bladabindi.BC
APEX	Malicious
ClamAV	Win.Dropper.njRAT-7436651-0
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.Disfa.dtznyx
ViRobot	Backdoor.Win32.Bladabindi.Gen.A
Rising	Backdoor.njRAT!1.9E49 (CLASSIC)
Ad-Aware	Generic.MSIL.Bladabindi.80D07E88
Emsisoft	Trojan.Bladabindi (A)
Comodo	Backdoor.MSIL.Bladabindi.A@566ygc
DrWeb	Trojan.DownLoader23.12367
Zillya	Backdoor.Agent.Win32.55242
TrendMicro	BKDR_BLADABI.SMC
McAfee-GW-Edition	BehavesLike.Win32.BackdoorNJRat.mm
Sophos	ML/PE-A + Troj/DotNet-P
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDropper.Autoit.dce
Avira	BDS/Bladabindi.uppj
MAX	malware (ai score=89)
Microsoft	Backdoor:MSIL/Bladabindi
GData	MSIL.Backdoor.Bladabindi.AV
Cynet	Malicious (score: 100)
AhnLab-V3	Backdoor/Win32.Bladabindi.R91438
Acronis	suspicious
VBA32	Trojan.MSIL.Disfa
ALYac	Generic.MSIL.Bladabindi.80D07E88
Malwarebytes	Generic.Trojan.Malicious.DDS
Panda	Generic Malware
TrendMicro-HouseCall	BKDR_BLADABI.SMC
Tencent	Trojan.Msil.Bladabindi.za
Ikarus	Trojan.MSIL.Bladabindi
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.LI!tr
BitDefenderTheta	Gen:NN.ZemsilF.34666.bmW@aqSfUIo
AVG	MSIL:Agent-DRD [Trj]
Avast	MSIL:Agent-DRD [Trj]
CrowdStrike	win/malicious_confidence_100% (D)