home

bifrost.exe

The executable bifrost.exe has been detected as malware by 40 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘{9D71D88C-C598-4935-C5D1-43AA4DB90836}’.
MD5:
54cab3812b89c8aabbb5d839860e6b22

SHA-1:
22d5e683b5c0665a52a7818069a73727e8bced2b

SHA-256:
da55dc9319328811b53f437190d5bf89a6c037dd2cc1f92766e7ae22ec5091ab

Scanner detections:
40 / 68

Status:
Malware

Analysis date:
4/1/2025 7:14:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Backdoor.Generic.704371
-40

Agnitum Outpost
Trojan.Midgare.IQ
7.1.1

AhnLab V3 Security
Backdoor/Win32.Bifrose
2014.01.30

Avira AntiVirus
BDS/Bifrose.aec
7.11.128.0

avast!
Win32:Bifrose-DYN [Trj]
2014.9-170315

AVG
BackDoor.Generic12
2018.0.2438

Baidu Antivirus
Backdoor.Win32.Bifrose
4.0.3.17315

Bitdefender
Backdoor.Generic.704371
1.0.20.370

Bkav FE
W32.Ise32NO
1.3.0.4923

Clam AntiVirus
W32.Trojan.Bifrose-37
0.98/18155

Comodo Security
Backdoor.Win32.Bifrost.~Q
17699

Dr.Web
Trojan.DownLoader8.45140
9.0.1.074

Emsisoft Anti-Malware
Backdoor.Generic.704371
8.17.03.15.11

ESET NOD32
Win32/Bifrose.NEL
11.9356

Fortinet FortiGate
W32/Bifrose.NTA2!tr
3/15/2017

F-Prot
W32/Backdoor2.CBJB
v6.4.7.1.166

F-Secure
Backdoor:W32/Bifrose.gen!E
11.2017-15-03_4

G Data
Backdoor.Generic.704371
17.3.24

IKARUS anti.virus
Virus.Trojan.Win32.Midgare
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.11003

Kaspersky
Backdoor.Win32.Bifrose
14.0.0.-1315

Malwarebytes
Backdoor.Bifrose
v2017.03.15.11

McAfee
Generic BackDoor.aab
5600.6094

Microsoft Security Essentials
Backdoor:Win32/Bifrose.AE
1.165.247.01

MicroWorld eScan
Backdoor.Generic.704371
18.0.0.222

NANO AntiVirus
Trojan.Win32.Bifrose.chutkd
0.28.0.57473

Norman
Bifrose.CGZV
11.20170315

nProtect
Backdoor/W32.Bifrose.54653.B
14.01.30.01

Panda Antivirus
Bck/Bifrose.AKL
17.03.15.11

Qihoo 360 Security
Win32/Backdoor.49d
1.0.0.1015

Quick Heal
Backdoor.Bifrose.AE
3.17.12.00

Rising Antivirus
PE:Trojan.Win32.Midgare.hhn!1075147275
23.00.65.17313

Sophos
Mal/Bifrose-X
4.97

SUPERAntiSpyware
Trojan.Agent/Gen-FraudPack
8533

Total Defense
Win32/Backdrop.D
37.0.10498

Trend Micro House Call
BKDR_BIFROSE.SMA
7.2.74

Trend Micro
TROJ_GEN.F0C2C00LE13
10.465.15

Vba32 AntiVirus
SScope.Trojan.Buzus.ak
3.12.24.3

VIPRE Antivirus
Backdoor.Win32.Bifrose.ae
25958

ViRobot
Backdoor.Win32.A.Bifrose.32637.KZ
2011.4.7.4223

File size:
53.4 KB (54,653 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\bifrost\bifrost.exe

File PE Metadata
Compilation timestamp:
12/28/2007 4:11:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x7C89

Entry point:
55, 8B, EC, 83, EC, 44, 56, FF, 15, 18, 10, 40, 00, 8B, F0, 8A, 06, 3C, 22, 75, 14, 8A, 46, 01, 46, 84, C0, 74, 04, 3C, 22, 75, F4, 80, 3E, 22, 75, 0D, 46, EB, 0A, 3C, 20, 7E, 06, 46, 80, 3E, 20, 7F, FA, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E9, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 14, 10, 40, 00, E8, 5D, 00, 00, 00, 68, 30, 10, 40, 00, 68, 2C, 10, 40, 00, E8, 34, 00, 00, 00, F6, 45, E8, 01, 59, 59, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF, 15, 04, 10, 40, 00, 50, E8, BB, FC...
 
[+]

Entropy:
7.1928

Developed / compiled with:
Microsoft Visual C++

Code size:
28 KB (28,672 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
{9D71D88C-C598-4935-C5D1-43AA4DB90836}

Command:
C:\users\{user}\appdata\roaming\bifrost\bifrost.exe


Remove bifrost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.