Categories: Malware

About “Generic.MSIL.Bladabindi.AE4D29E9” infection

The Generic.MSIL.Bladabindi.AE4D29E9 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.MSIL.Bladabindi.AE4D29E9 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The executable is likely packed with VMProtect
Authenticode signature is invalid
Anomalous .NET characteristics
CAPE detected the njRat malware family

How to determine Generic.MSIL.Bladabindi.AE4D29E9?


File Info:
name: 42904532E3601D9C5E91.mlwpath: /opt/CAPEv2/storage/binaries/f0fb27c9a62d7bddbcf47e2baeea8da130372420889fb8d4e53871916e778fb7crc32: 6A755246md5: 42904532e3601d9c5e9171ba82af98d9sha1: fdaf149dccdbf83b6bf8601aef1dab04a60b91b9sha256: f0fb27c9a62d7bddbcf47e2baeea8da130372420889fb8d4e53871916e778fb7sha512: fcd69f2e75936ac35837832d8cecadc40f8fd476664872902dffcd002099ececa122b4d70622d86a82a219c44830783e147f1d1c8d6783d1bd0b2aadcb17a3e5ssdeep: 3072:4M4dAda2qtYLyuRKfLP2Mr6SDwQFY0kSKUITojMVA:4MVaZzfT2MFwQGSttype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D3F38D282EDC5642C3CC5774C0C942946FF49905BAC3DF6AD91E2AB21FA73D92C0A59Fsha3_384: 0557420eb48d610b047fceef613000e650d5262dc314d758432df9165579a1674ed4d2518e119cfe102d76cbdd53a370ep_bytes: ff250040410000000013300800120000timestamp: 2022-07-13 21:23:13
Version Info:
Translation: 0x0000 0x04b0FileDescription:  FileVersion: 0.0.0.0InternalName: k.exeLegalCopyright:  OriginalFilename: k.exeProductVersion: 0.0.0.0Assembly Version: 0.0.0.0

Generic.MSIL.Bladabindi.AE4D29E9 also known as:

Bkav	W32.AIDetectNet.01
Cynet	Malicious (score: 100)
FireEye	Generic.mg.42904532e3601d9c
McAfee	Trojan-FIKA!42904532E360
Malwarebytes	Backdoor.NJRat
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 7000001c1 )
K7GW	Trojan ( 7000001c1 )
Cybereason	malicious.2e3601
Baidu	MSIL.Backdoor.Bladabindi.a
Cyren	W32/MSIL_Agent.CP.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Trojan.Njrat
ESET-NOD32	a variant of MSIL/Autorun.Spy.Agent.DF
APEX	Malicious
ClamAV	Win.Trojan.B-468
BitDefender	Generic.MSIL.Bladabindi.AE4D29E9
MicroWorld-eScan	Generic.MSIL.Bladabindi.AE4D29E9
Avast	MSIL:Agent-CIB [Trj]
Tencent	Trojan.Win32.Bladabindi.16000442
Ad-Aware	Generic.MSIL.Bladabindi.AE4D29E9
Emsisoft	Generic.MSIL.Bladabindi.AE4D29E9 (B)
F-Secure	Trojan.TR/Dropper.MSIL.Gen
VIPRE	Generic.MSIL.Bladabindi.AE4D29E9
TrendMicro	BKDR_BLADABI.SMC
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
Sophos	ML/PE-A + Mal/VMProtBad-A
SentinelOne	Static AI – Malicious PE
GData	Generic.MSIL.Bladabindi.AE4D29E9
Avira	TR/Dropper.MSIL.Gen
MAX	malware (ai score=88)
Arcabit	Generic.MSIL.Bladabindi.AE4D29E9
Microsoft	Backdoor:MSIL/Bladabindi.BO
AhnLab-V3	Backdoor/Win32.RL_Bladabi.C4331342
Acronis	suspicious
ALYac	Generic.MSIL.Bladabindi.AE4D29E9
Cylance	Unsafe
Rising	Backdoor.njRAT!1.D4D6 (CLASSIC)
Ikarus	Worm.MSIL.Bladabindi
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.LI!tr
BitDefenderTheta	Gen:NN.ZemsilF.34786.ku0@aq!7S1h
AVG	MSIL:Agent-CIB [Trj]
CrowdStrike	win/malicious_confidence_100% (D)