Trojan.Bladabindi.CA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	9,673
Threat Level:	80 % (High)
Infected Computers:	225

First Seen:	September 7, 2023
Last Seen:	October 24, 2025
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Bladabindi.CA
Signature status:	No Signature

Known Samples

MD5: a3fadf4a35fd4d6649b022f2ba52c368

SHA1: 79d868b08cf74410585f5ad3ea7d2aec54b2847d

SHA256: 7EB3BD29CE2EC4968A1DA59F6E7871B03CBB071F192E60814CAA7CA2ACB0F3F7

File Size: 386.05 KB, 386048 bytes

MD5: 1118c1342e23d1c9b7756d8b21c69513

SHA1: 96d2b5b429df8795f40566d13a2fe5ff90dc2c32

SHA256: 2A49C9949FB1D4844A55F39B4ACD4A022FD25328DB33444B0A71E31B863448C3

File Size: 442.37 KB, 442368 bytes

MD5: 86dde1af0d435f363efa0696911193cf

SHA1: 508c302bc378666d8ecf34621e907612c76bc344

SHA256: 92BB517B9A780A1EBFC96E80022D513D1439ACC19A84013EAC9B0F22144C8208

File Size: 985.60 KB, 985600 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0
File Description	GameExecuter [HOG] Trainer
File Version	1.0.0.0
Internal Name	EuroTruckSimulator.exe GameExecuter.exe Orcus.exe
Legal Copyright	Copyright © 2006 Copyright © Hatschi
Original Filename	EuroTruckSimulator.exe GameExecuter.exe Orcus.exe
Product Name	GameExecuter
Product Version	1.0.0.0

File Traits

HighEntropy
x86

Block Information

Total Blocks:	343
Potentially Malicious Blocks:	13
Whitelisted Blocks:	330
Unknown Blocks:	0

Visual Map

0 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x 0 x x x 0 0 0 0 0 0 0 0 2 0 1 0 0 0 0 1 1 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 0 0 2 0 0 0 0 0 0 0 0 0 2 0 0 1 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 1 0 1 2 0 0 2 2 0 0 0 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:\users\user\appdata\roaming\microsoft\speech\audiodriver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\microsoft\speech\audiodriver.exe	Synchronize,Write Attributes
c:\windows\assembly	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows nt\currentversion\windows::load	C:\Users\Ubofsewy\AppData\Roaming\Microsoft\Speech\AudioDriver.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey

Windows API Usage

Category	API
User Data Access	GetUserObjectInformation
Anti Debug	IsDebuggerPresent
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	ShellExecuteEx

Shell Command Execution


							(NULL) C:\Users\Ubofsewy\AppData\Roaming\Microsoft\Speech\AudioDriver.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Bladabindi.CA

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

My Weather Tab Browser Extension

Mega Ad Blocker

American Express - Sign-in Attempt Was Blocked Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen