Malware

Win32:Blakamba-C [Trj] removal

Malware Removal

The Win32:Blakamba-C [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Blakamba-C [Trj] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A file with an unusual extension was attempted to be loaded as a DLL.
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32:Blakamba-C [Trj]?



File Info:

name: 35BD825D74C774163348.mlw
path: /opt/CAPEv2/storage/binaries/1a104e558c9ec77b153c5933e2921c4719078516786c2172ad4b4d2d7b9b120c
crc32: 84730A22
md5: 35bd825d74c774163348e624cdced652
sha1: 9ce2f239d7f675bdbb9b89d3baad3683d0410e4b
sha256: 1a104e558c9ec77b153c5933e2921c4719078516786c2172ad4b4d2d7b9b120c
sha512: 152313dcc93b428ac7812a1c7765ee98539acb0908f537072edde8b60ca19cb8ce3381d1c346d38bc045cb0c87220f4e2b8123e9a392ac93ef79c44855eb2ad1
ssdeep: 98304:N/kQHjkHJxQINy9KPPb5HGxvwMTSgaqH0O4dTw0W9qW:N/XkpxQIY9KPwxZETw0W9qW
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15C761290EA46D0B1CD9D09F8607A96B62F708E10BB23B5D385A87D88D5732F0577E38D
sha3_384: 65c27ea1b11c3f26a46dfa13c77419bf031949267fc15f136172a46bd1ac85000b7da32df45128b9ddf155e6ab2982ef
ep_bytes: e872030000e936fdffff8bff558bec8b
timestamp: 2008-11-10 09:40:35


Version Info:

0: [No Data]

Win32:Blakamba-C [Trj] also known as:

BkavW32.FamVT.MambaAHQc.Trojan
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005654601 )
K7GWTrojan ( 005654601 )
CrowdStrikewin/malicious_confidence_100% (D)
CyrenW32/Blakamba.A.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Python/Mamba.G
APEXMalicious
AvastWin32:Blakamba-C [Trj]
RisingTrojan.Mamba!1.A3C5 (CLASSIC)
SophosML/PE-A + Troj/Blakamba-A
ZillyaTrojan.BlackGen.Win32.13
TrendMicroTROJ_AGENT_EK24001A.UVPM
Trapminemalicious.high.ml.score
IkarusTrojan.Win32.Blakamba
AviraTR/Blakamba.Gen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Blakamba.Gen
TrendMicro-HouseCallTROJ_AGENT_EK24001A.UVPM
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetPython/Mamba.G!tr
AVGWin32:Blakamba-C [Trj]
Cybereasonmalicious.9d7f67

How to remove Win32:Blakamba-C [Trj]?

Win32:Blakamba-C [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment