Seeing the Backdoor:Win32/Poison.BN detection means that your PC is in big danger. This computer virus can correctly be named as ransomware – virus which ciphers your files and forces you to pay for their decryption. Removing it requires some peculiar steps that must be taken as soon as possible.
Backdoor:Win32/Poison.BN detection is a virus detection you can spectate in your computer. It generally shows up after the preliminary actions on your computer – opening the untrustworthy e-mail, clicking the advertisement in the Web or mounting the program from unreliable sources. From the second it shows up, you have a short time to do something about it before it starts its destructive activity. And be sure – it is far better not to wait for these destructive actions.
What is Backdoor:Win32/Poison.BN virus?
Backdoor:Win32/Poison.BN Summary
In total, Backdoor:Win32/Poison.BN ransomware actions in the infected system are next:
- Behavioural detection: Executable code extraction – unpacking;
- Dynamic (imported) function loading detected;
- Reads data out of its own binary image;
- Unconventionial language used in binary resources: Sutu;
- The binary contains an unknown PE section name indicative of packing;
- The binary likely contains encrypted or compressed data.;
- Authenticode signature is invalid;
- Anomalous binary characteristics;
- Ciphering the files kept on the victim’s disk drives — so the victim cannot use these files;
- Blocking the launching of .exe files of anti-virus apps
- Blocking the launching of installation files of anti-virus programs
Ransomware has been a headache for the last 4 years. It is difficult to imagine a more hazardous virus for both individuals and organizations. The algorithms utilized in Backdoor:Win32/Poison.BN (typically, RHA-1028 or AES-256) are not hackable – with minor exclusions. To hack it with a brute force, you need more time than our galaxy currently exists, and possibly will exist. However, that virus does not do all these horrible things instantly – it may take up to several hours to cipher all of your files. Thus, seeing the Backdoor:Win32/Poison.BN detection is a clear signal that you need to start the elimination process.
Where did I get the Backdoor:Win32/Poison.BN?
Usual methods of Backdoor:Win32/Poison.BN distribution are typical for all other ransomware variants. Those are one-day landing websites where users are offered to download the free program, so-called bait emails and hacktools. Bait e-mails are a relatively modern method in malware spreading – you get the email that mimics some routine notifications about deliveries or bank service conditions changes. Within the e-mail, there is a malicious MS Office file, or a web link which leads to the exploit landing page.
Malicious email message. This one tricks you to open the phishing website.
Preventing it looks quite easy, however, still requires a lot of attention. Malware can hide in various spots, and it is better to prevent it even before it invades your system than to rely upon an anti-malware program. Simple cybersecurity knowledge is just an important item in the modern-day world, even if your relationship with a computer stays on YouTube videos. That can save you a lot of time and money which you would spend while looking for a solution.
Backdoor:Win32/Poison.BN malware technical details
File Info:
name: D4B934356463943A4263.mlwpath: /opt/CAPEv2/storage/binaries/c75b84b9c9e2f7e1077b4eb9573cbb61e7fd0584a64106d9cbc1969a5051aa32crc32: 21B629BBmd5: d4b934356463943a42633ce060d21500sha1: 41e3712e3eaab336cfe17421bd887223800de823sha256: c75b84b9c9e2f7e1077b4eb9573cbb61e7fd0584a64106d9cbc1969a5051aa32sha512: 4998c6bfec81f61769d57b72f0ddf7e64bc9c70860b58f6fe4bc26ee5ce4d32e62a4e445ad27098aa22ce33f1d8977d155491e89eb0135031a16db17beee33afssdeep: 6144:uqiic+1U25W/MXddY3VFLV/kVWOOFeaLQd1:wicdE0FFLFIOFeagtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1BD54025F1FA75A03F11AA7B48A67FB9557B83C473962720FCBC0311256B229446A2FF0sha3_384: 65a259a71262a05b9580a9ffff44c9691d3d1daf2701abfdbd242fe550b6bcc1f170a175a57afac8e1390da93e58ccceep_bytes: e959e4ffff0000000000000007c7f6fbtimestamp: 2012-03-13 19:54:44Version Info:
CompanyName: Аdobe Systems, Inc.FileDescription: Аdobe® Flаsh® Player Installer/Uninstaller 11.1 r103FileVersion: 11,1,103,55InternalName: Аdobe® Flаsh® Plаyer Installer/Uninstaller 11.1LegalCopyright: Copyright © 1996-2011 Аdobe, Inc.LegalTrademarks: Аdobe® Flash® PlayerOriginalFilename: FlаshUtil.exeProductName: Flаsh® Player Installer/UninstallerProductVersion: 11,1,103,55Translation: 0x0409 0x04b0
Backdoor:Win32/Poison.BN also known as:
| Bkav | W32.AIDetect.malware1 |
| Lionic | Trojan.Win32.Xorist.tq1X |
| Elastic | malicious (high confidence) |
| ClamAV | Win.Trojan.Agent-356074 |
| FireEye | Generic.mg.d4b934356463943a |
| McAfee | GenericRXAA-AA!D4B934356463 |
| Cylance | Unsafe |
| Sangfor | Suspicious.Win32.Save.a |
| K7AntiVirus | Trojan ( 0055e3991 ) |
| Alibaba | Ransom:Win32/Xorist.76f5437b |
| K7GW | Trojan ( 0055e3991 ) |
| Cybereason | malicious.564639 |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | Win32/Spy.KeyLogger.NTE |
| APEX | Malicious |
| Cynet | Malicious (score: 100) |
| Kaspersky | Trojan-Ransom.Win32.Xorist.gb |
| BitDefender | Gen:Variant.Barys.158895 |
| NANO-Antivirus | Trojan.Win32.Xorist.bttmro |
| MicroWorld-eScan | Gen:Variant.Barys.158895 |
| Avast | Win32:Malware-gen |
| Tencent | Malware.Win32.Gencirc.1149242c |
| Ad-Aware | Gen:Variant.Barys.158895 |
| Comodo | Malware@#2u8gaphzxciwx |
| DrWeb | Trojan.Fakealert.29348 |
| VIPRE | Trojan.Win32.Generic!BT |
| TrendMicro | TROJ_FRS.0NA103BL20 |
| Ikarus | Backdoor.Poison |
| GData | Gen:Variant.Barys.158895 |
| Jiangmin | Trojan/Xorist.bn |
| eGambit | Unsafe.AI_Score_100% |
| Avira | TR/Dropper.VB.Gen |
| Kingsoft | Win32.Troj.Undef.(kcloud) |
| Arcabit | Trojan.Barys.D26CAF |
| ViRobot | Trojan.Win32.A.Xorist.316416 |
| Microsoft | Backdoor:Win32/Poison.BN |
| AhnLab-V3 | Trojan/Win32.Xorist.C2500990 |
| BitDefenderTheta | AI:Packer.EC6313E31F |
| ALYac | Gen:Variant.Barys.158895 |
| MAX | malware (ai score=100) |
| VBA32 | Trojan.VB.FlyCryptor |
| TrendMicro-HouseCall | TROJ_FRS.0NA103BL20 |
| Rising | Ransom.Xorist!8.4A0 (CLOUD) |
| Yandex | Trojan.Xorist!FsF7xZh9Nk8 |
| SentinelOne | Static AI – Suspicious PE |
| Fortinet | W32/Refroso.DZP!tr |
| Webroot | W32.Trojan.Gen |
| AVG | Win32:Malware-gen |
| Panda | Generic Malware |
| CrowdStrike | win/malicious_confidence_100% (W) |
Leave a Comment