Malware

Win32/Bflient.Z (file analysis)

Malware Removal

The Win32/Bflient.Z is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Bflient.Z virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Creates a copy of itself

How to determine Win32/Bflient.Z?



File Info:

name: 7BED504275630D8F60D9.mlw
path: /opt/CAPEv2/storage/binaries/061f8d84276f40371d0a77c66a419ec0575dda111093337ac08b0a8d6bacca80
crc32: EF12EAAD
md5: 7bed504275630d8f60d91d6f3664100f
sha1: 07419246fdcf5d84777a193a09e4a93fb9eeb824
sha256: 061f8d84276f40371d0a77c66a419ec0575dda111093337ac08b0a8d6bacca80
sha512: 51d182d326d6ea893c606e4c5b9fb9bafa3e1037ff5656d750b4f363551c864f1e8138621064438222d913ee239c6f70177ba62a1b511b4028f177b3344dc8d1
ssdeep: 3072:1mwu2b4CLCwTfvmrXTXMKB1riVOAb1cuwYL6oPv+T6cYUUvEQBBh:zu2/COgXM+Q9MbGjcY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15BF37D10B7EA824CF1B79E762DA0B6924D2BFF737A35919A1740250F4932681CE74F27
sha3_384: e8f1ea64dad9b82db46aa797a588aa04c6b7dc2d8ff533c1a37c6b94fc328e8b02970133e122859ab7f9177d4a543a96
ep_bytes: 8bff558bec81ece401000053575685f3
timestamp: 2008-12-19 21:43:12


Version Info:

0: [No Data]

Win32/Bflient.Z also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
DrWebTrojan.Packed.21635
MicroWorld-eScanGen:Variant.Razy.99498
FireEyeGeneric.mg.7bed504275630d8f
McAfeeW32/Rimecud.gen.dt
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 002014c11 )
K7GWTrojan ( 002014c11 )
Cybereasonmalicious.275630
BitDefenderThetaGen:NN.ZexaF.34742.kyW@amXOd5ii
CyrenW32/SmallTrojan.V.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Bflient.Z
TrendMicro-HouseCallWORM_PALEVO.SMGL
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.99498
AvastWin32:Morphex [Cryp]
Ad-AwareGen:Variant.Razy.99498
EmsisoftGen:Variant.Razy.99498 (B)
ComodoTrojWare.Win32.Kryptik.KAU@2nssd5
ZillyaWorm.Palevo.Win32.91792
TrendMicroWORM_PALEVO.SMGL
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/Palevo-A
IkarusTrojan.Win32.Rimecud
GDataGen:Variant.Razy.99498
JiangminPack.Mal.AntiVM
WebrootW32.Rogue.Gen
AviraTR/Crypt.ZPACK.Gen
ArcabitTrojan.Razy.D184AA
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Win32/Palevo14.worm.Gen
VBA32BScope.Trojan.Diple
ALYacGen:Variant.Razy.99498
APEXMalicious
RisingTrojan.Generic@AI.90 (RDML:L5612UZaodFAF364H/LUYA)
YandexTrojan.GenAsa!rqtDfK/xZmo
MAXmalware (ai score=88)
FortinetW32/Palevo.AJ!tr
AVGWin32:Morphex [Cryp]
PandaTrj/Rimecud.a
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Bflient.Z?

Win32/Bflient.Z removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment