Trojan:Win32/Bluteal.B!rfn on Microsoft CRM False Positive?


  • Just starting yesterday and mostly today, a bunch of computers in our organization have been receiving this malware alert. Wondering if anyone else has been getting these.

    Malware Name: Trojan:Win32/Bluteal.B!rfn Number of infections: 14 Last detection time(UTC time): 6/1/2018 1:29:02 PM

    These are the infections of this malware:

    Detection time(UTC time): 6/1/2018 1:29:02 PM Malware file path: file:_C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ccffd7ec0#\b79d96560cbe930cb6fd07819678953d\

    Remediation action: Quarantine

    Action status: Succeeded

    Friday, June 1, 2018 2:07 PM

All replies

  • Yes!  We just started to get these as well.  I'm glad to hear i'm not alone.
    Monday, June 4, 2018 6:07 PM


    Monday, June 4, 2018 6:18 PM
  • If your automatic sample submission and cloud protection is on, this sample will be shared with Microsoft Anti-Malware team and they will investigate it. But if you want to check it manually, try submit sample to Microsoft Anti-Malware team:

    And you may use submission ID to contact Microsoft support and check with them or wait for response from support engineers. Just with the name and location, we won't know whether it is safe or not and we need actual sample.

    Monday, June 18, 2018 5:46 PM