Malware

Generic.MSIL.Bladabindi.E7ECF7F2 (file analysis)

Malware Removal

The Generic.MSIL.Bladabindi.E7ECF7F2 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.MSIL.Bladabindi.E7ECF7F2 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • CAPE detected the njRat malware family
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Generic.MSIL.Bladabindi.E7ECF7F2?



File Info:

name: 60B75B6A49B6683A0980.mlw
path: /opt/CAPEv2/storage/binaries/61e44c9323ed0a34ac58bec74e8be8a0d96109f1f82e2e2b251ecd2803ab6e9c
crc32: E1F8904B
md5: 60b75b6a49b6683a098001b036523986
sha1: ffeb34292ac2ca3348d9748e622d3cb2223cac44
sha256: 61e44c9323ed0a34ac58bec74e8be8a0d96109f1f82e2e2b251ecd2803ab6e9c
sha512: 06c617f20fb3033fd036b44ba8aa17d9d7dcb4ecc1d74ebc19e1034b7258a313eb0140fdc040720dee404be589f2badcb9e050732f7fa2e774007b80e62342f6
ssdeep: 384:IyTMUiDHblmJEpRGyEfBffXuKCYyEAnrAF+rMRTyN/0L+EcoinblneHQM3epzX5W:FTqHpR9EfBfWKClEOrM+rMRa8NuDVYt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11D03294D7FE18168C5FD057B05B2D41207BBE04B6E23D90E8EF564AA37636C18B94AF2
sha3_384: bd36732ffeee8dd19df3d74223ad13e27256adcc540e357583330ba3b4476157cd2f34f18eace6d9b8dcd3c0b5247199
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-08-06 10:26:56


Version Info:

0: [No Data]

Generic.MSIL.Bladabindi.E7ECF7F2 also known as:

BkavW32.AIDetectNet.01
ElasticWindows.Trojan.Njrat
CynetMalicious (score: 100)
FireEyeGeneric.mg.60b75b6a49b6683a
CAT-QuickHealBackdoor.Bladabindi.B3
McAfeeTrojan-FIGN
CylanceUnsafe
ZillyaTrojan.Bladabindi.Win32.72266
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
AlibabaBackdoor:MSIL/Bladabindi.bdc9d358
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduMSIL.Backdoor.Bladabindi.a
VirITTrojan.Win32.DownLoader21.BPQW
CyrenW32/MSIL_Troj.AP.gen!Eldorado
SymantecBackdoor.Ratenjay!gen3
ESET-NOD32a variant of MSIL/Bladabindi.AR
APEXMalicious
ClamAVWin.Packed.Bladabindi-7994427-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGeneric.MSIL.Bladabindi.E7ECF7F2
NANO-AntivirusTrojan.Win32.Autoruner2.ebrjyu
MicroWorld-eScanGeneric.MSIL.Bladabindi.E7ECF7F2
AvastMSIL:Bladabindi-JK [Trj]
TencentTrojan.Msil.Bladabindi.fa
Ad-AwareGeneric.MSIL.Bladabindi.E7ECF7F2
SophosML/PE-A + Troj/Bbindi-W
ComodoTrojWare.MSIL.Spy.Agent.CP@4pqytu
DrWebTrojan.DownLoader20.55401
VIPREGeneric.MSIL.Bladabindi.E7ECF7F2
TrendMicroBKDR_BLADABI.SMC
McAfee-GW-EditionBehavesLike.Win32.Trojan.nm
Trapminemalicious.high.ml.score
EmsisoftWorm.Bladabindi (A)
IkarusTrojan.MSIL.Bladabindi
GDataMSIL.Trojan-Spy.Bladabindi.BQ
JiangminTrojanDropper.Autoit.dce
AviraTR/ATRAPS.Gen
Antiy-AVLTrojan/Generic.ASBOL.A8F4
ArcabitGeneric.MSIL.Bladabindi.E7ECF7F2
ViRobotBackdoor.Win32.Agent.37888.AL
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftBackdoor:MSIL/Bladabindi.B
TACHYONBackdoor/W32.DN-Bladabindi.37888.B
AhnLab-V3Trojan/Win32.Korat.R207428
Acronissuspicious
BitDefenderThetaGen:NN.ZemsilF.34582.cmW@a8uSb9i
ALYacGeneric.MSIL.Bladabindi.E7ECF7F2
MAXmalware (ai score=82)
VBA32Trojan.Downloader
MalwarebytesBackdoor.NJRat.MSIL
RisingBackdoor.njRAT!1.9E49 (CLASSIC)
YandexTrojan.AvsMofer.dd6520
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Bladabindi.AS!tr
AVGMSIL:Bladabindi-JK [Trj]
Cybereasonmalicious.a49b66
PandaTrj/GdSda.A

How to remove Generic.MSIL.Bladabindi.E7ECF7F2?

Generic.MSIL.Bladabindi.E7ECF7F2 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment