Malware

About “SFX:Runner-C [Bd]” infection

Malware Removal

The SFX:Runner-C [Bd] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What SFX:Runner-C [Bd] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • A script process created a new process
  • Network activity detected but not expressed in API logs
  • Appears to use command line obfuscation
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

Related domains:

wpad.local-net

How to determine SFX:Runner-C [Bd]?



File Info:

name: 311B12A43C8AF6A6A9E9.mlw
path: /opt/CAPEv2/storage/binaries/6d77d6c055e6a222844f6d7cc2d2cbdc1f0d2dffe483ca6a6bc2cb3fc82a8933
crc32: FF7A1780
md5: 311b12a43c8af6a6a9e97588b7735e3e
sha1: 51e3bc7c861d8d4e58b2c2ee2f502b35c1b0eb7f
sha256: 6d77d6c055e6a222844f6d7cc2d2cbdc1f0d2dffe483ca6a6bc2cb3fc82a8933
sha512: 3d48bc2827fde0b1785ea6a30f04f9fa2fd31ced03a70999a373ebf8fc528db453c62c6704e6d6cdefec436d542cdee7aa4938d5a6fcea22464b34e220d6cef4
ssdeep: 24576:4ny/f9u3diuiDep9s7w0lUGSjbD9Zj2/kyV2bWsRxXJ87BDFkom5yo7/oH1lD9wZ:BFsiuEepG7FlU/9ZmVUhJSbWe/+SosM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BE7523A136A0D035D5335C3AE27C8772ADE472396577AA0CF7945F6EAF31A11C362B02
sha3_384: cd6f434cdcb37066f1107f01e84141feef75c2ae65d0229b500d30fcb56d21ef23217f8b15b03a87549d5692a59ad805
ep_bytes: e885630000e978feffff8bff558bec56
timestamp: 2015-02-15 08:00:31


Version Info:

0: [No Data]

SFX:Runner-C [Bd] also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
DrWebTrojan.MulDrop19.3724
MicroWorld-eScanTrojan.GenericKD.47558785
McAfeeArtemis!311B12A43C8A
CylanceUnsafe
SangforRiskware.Win32.Agent.ky
K7AntiVirusTrojan ( 00581bcf1 )
AlibabaTrojan:Win32/Cryprar.eeaf9fdc
K7GWTrojan ( 00581bcf1 )
SymantecTrojan.Gen.MBT
ESET-NOD32RAR/Agent.DQ
ZonerProbably Heur.RARAutorun
TrendMicro-HouseCallTROJ_GEN.R002H0DKM21
AvastSFX:Runner-C [Bd]
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderTrojan.GenericKD.47558785
Ad-AwareTrojan.GenericKD.47558785
FireEyeTrojan.GenericKD.47558785
EmsisoftTrojan.GenericKD.47558785 (B)
Paloaltogeneric.ml
GDataWin32.Trojan.Kryptik.XUIGNR
AviraTR/Agent.yyiqw
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D2D5B081
ViRobotTrojan.Win32.Z.Agent.1673071
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
ALYacTrojan.GenericKD.47558785
MAXmalware (ai score=83)
MalwarebytesTrojan.Dropper.VBS
APEXMalicious
RisingMalware.AbnormalScript/SFX!1.D9B9 (CLASSIC)
IkarusTrojan.Agent
MaxSecureWin.MxResIcn.Heur.Gen
WebrootTrojan.Dropper.Gen
AVGSFX:Runner-C [Bd]

How to remove SFX:Runner-C [Bd]?

SFX:Runner-C [Bd] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment