Categories: Malware

Should I remove “Generic.MSIL.Bladabindi.F7A40A30”?

The Generic.MSIL.Bladabindi.F7A40A30 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.MSIL.Bladabindi.F7A40A30 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (1 unique times)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
The executable is likely packed with VMProtect
Authenticode signature is invalid
Anomalous .NET characteristics
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Sniffs keystrokes
Created a process from a suspicious location
Installs itself for autorun at Windows startup
Attempts to move, copy or rename a command line or scripting utility likely for evasion
CAPE detected the njRat malware family
Creates a copy of itself
Creates known Njrat/Bladabindi RAT registry keys

How to determine Generic.MSIL.Bladabindi.F7A40A30?


File Info:
name: EF27FD9FFB7DF66B5E0A.mlwpath: /opt/CAPEv2/storage/binaries/bd6dd994c55b2dfcb1fcba374e75c048b0bea0513b2f7777363924ede5aa299ecrc32: 856B8F52md5: ef27fd9ffb7df66b5e0aa1e95d755680sha1: 3b1216ac421adda13aa19bf3c0207daaec24411dsha256: bd6dd994c55b2dfcb1fcba374e75c048b0bea0513b2f7777363924ede5aa299esha512: 533f8fa487668d272ad3361191bfe421e6b636159ba2a6a2fd0416673732b86d75e8bcc73ba27dcb6567640d4964a944839833804eae5b76765e6378e83380e1ssdeep: 3072:ak3v/ERt4YMwnEaGIqcg/b9pk6s04Lj/QMaG2Nnw:7sH3Kauvbkr0kEtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T153F37C387F9D958AC5C993B5B8E941F466B1BD01B583E7AB10582EEE37873C08D0325Bsha3_384: d7b8558beba8e322ce0a7900c42bb2aa302c95b1a45df8ad4be074ba3225a0be20b7228680338481a0262632110b8c2aep_bytes: ff250060410033e0000006b733420000timestamp: 2022-01-31 19:21:52
Version Info:
0: [No Data]

Generic.MSIL.Bladabindi.F7A40A30 also known as:

Elastic	malicious (high confidence)
ClamAV	Win.Dropper.njRAT-7436651-0
ALYac	Generic.MSIL.Bladabindi.F7A40A30
Malwarebytes	Malware.AI.1951160032
Sangfor	Worm.Win32.Save.a
K7AntiVirus	Trojan ( 7000001c1 )
BitDefender	Generic.MSIL.Bladabindi.F7A40A30
K7GW	Trojan ( 7000001c1 )
Cybereason	malicious.ffb7df
Baidu	MSIL.Backdoor.Bladabindi.a
Cyren	W32/MSIL_Troj.AP.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Bladabindi.LX
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
MicroWorld-eScan	Generic.MSIL.Bladabindi.F7A40A30
Rising	Backdoor.Njrat!1.9E49 (CLASSIC)
Ad-Aware	Generic.MSIL.Bladabindi.F7A40A30
Emsisoft	Generic.MSIL.Bladabindi.F7A40A30 (B)
TrendMicro	BKDR_BLADABI.SMC
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
FireEye	Generic.mg.ef27fd9ffb7df66b
Sophos	ML/PE-A + Troj/Bbindi-W
SentinelOne	Static AI – Malicious PE
GData	MSIL.Trojan-Spy.Bladabindi.BQ
Jiangmin	TrojanDropper.Autoit.dce
Avira	HEUR/AGEN.1142283
MAX	malware (ai score=89)
Arcabit	Generic.MSIL.Bladabindi.F7A40A30
Microsoft	Backdoor:MSIL/Bladabindi.AJ
Acronis	suspicious
McAfee	BackDoor-FDNN!EF27FD9FFB7D
Cylance	Unsafe
TrendMicro-HouseCall	BKDR_BLADABI.SMC
Ikarus	Backdoor.MSIL.Bladabindi
MaxSecure	Trojan.Malware.300983.susgen
BitDefenderTheta	Gen:NN.ZemsilF.34182.kuW@a8jzwle
AVG	Win32:RATX-gen [Trj]
Avast	Win32:RATX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)