Home / malware Backdoor:MSIL/Bladabindi.AJ
First posted on 26 February 2019.
Source: MicrosoftAliases :
There are no other names known for Backdoor:MSIL/Bladabindi.AJ.
Explanation :
Installation Backdoor:MSIL/Bladabindi.AJ copies itself to the following locations:
c:documents and settingsadministratorapplication dataflashplayerplugin.exe c:documents and settingsadministratorstart menuprogramsstartupec75da55df7bc76b2f5430df05849464.exe The malware changes the following registry entries so that it runs each time you start your PC:
In subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
Sets value: "ec75da55df7bc76b2f5430df05849464"
With data: ""c:documents and settingsadministratorapplication dataflashplayerplugin.exe" .." Payload Changes system security settings Backdoor:MSIL/Bladabindi.AJ adds itself to the list of applications that can access the Internet without being stopped by your firewall. It does this by making the following registry modification:
Adds value: "C:Documents and SettingsAdministratorApplication DataFlashPlayerPlugin.exe"
With data: "c:documents and settingsadministratorapplication dataflashplayerplugin.exe:*:enabled:flashplayerplugin.exe"
To subkey: HKLMSYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList Allows backdoor access and control The malware gives a hacker access and control of your PC. They can then perform a number of different actions, including:
Downloading and running filesUploading filesSpreading malware to other PCsLogging your keystrokes or stealing your sensitive dataModifying your system settingsRunning or stopping applicationsDeleting files
This malware description was produced and published using automated analysis of file SHA1 4b14613f52018a8e5372a0febd27e8fcddfadec0.Last update 26 February 2019
