Categories: Backdoor

Backdoor.VB.Agent.ABT (B) (file analysis)

The Backdoor.VB.Agent.ABT (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.VB.Agent.ABT (B) virus can do?

Behavioural detection: Executable code extraction – unpacking
Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Installs itself for autorun at Windows startup
Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Backdoor.VB.Agent.ABT (B)?


File Info:
name: 4B49F4D299FDAAF20D43.mlwpath: /opt/CAPEv2/storage/binaries/b7058df5c98bf1180463b717629972233e7cfebf5bc33f279e62edd69cd81cbdcrc32: 8F908C91md5: 4b49f4d299fdaaf20d4340695ed02973sha1: b10d6823115fd3259b066fceddb8b2e1246ca962sha256: b7058df5c98bf1180463b717629972233e7cfebf5bc33f279e62edd69cd81cbdsha512: a17f16f92720c7a726aee6ec0a9b41abc5b79af1c9c27d7e0735e4e97beba9d580c09b3c33fae36cb59c329d7096e8a225eaac323511be65dcc1b73b0f6ad30assdeep: 3072:9VMKsWKxlGxE07ABigCFHdLYyBvzyBHNGqXgvnHZyzi0zslLFa/FzKsR:D3sWKxQ52CFHdLYKvzyZNGX/IupG2stype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1B014216BF521C054E59240B8742CEA8AF45C7E7305446972FB81BB5939B27EFA0F6B03sha3_384: 9871e983a21f251b871da5d91b718c671a886e32ff7bedbb90579e739036b5754149556c815320b384507542346becb0ep_bytes: 6868784000e8f0ffffff000000000000timestamp: 2008-12-07 04:12:59
Version Info:
Translation: 0x0409 0x04b0ProductName: Project1FileVersion: 1.00ProductVersion: 1.00InternalName: DOCUMENTOriginalFilename: DOCUMENT.exe

Backdoor.VB.Agent.ABT (B) also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen6.19362
MicroWorld-eScan	Backdoor.VB.Agent.ABT
FireEye	Generic.mg.4b49f4d299fdaaf2
CAT-QuickHeal	Worm.Copali.OD3
McAfee	W32/Worm-GAM!4B49F4D299FD
Cylance	Unsafe
VIPRE	Trojan.Win32.Swisyn.dfkc (fs)
K7AntiVirus	P2PWorm ( 00486ea71 )
K7GW	P2PWorm ( 00486ea71 )
Cybereason	malicious.299fda
BitDefenderTheta	AI:Packer.254A2CEF15
Cyren	W32/S-a42f8a3c!Eldorado
Symantec	W32.SillyFDC
ESET-NOD32	Win32/VB.OLE
TrendMicro-HouseCall	WORM_COPALI_EJ200083.UVPM
ClamAV	Win.Dropper.Cerber-7134131-0
Kaspersky	Trojan.Win32.Agentb.btmh
BitDefender	Backdoor.VB.Agent.ABT
NANO-Antivirus	Trojan.Win32.TrjGen.deyzgg
SUPERAntiSpyware	Trojan.Agent/Gen-Symmi
Avast	Win32:Vitro [Inf]
Tencent	Malware.Win32.Gencirc.10b0cd1f
Ad-Aware	Backdoor.VB.Agent.ABT
TACHYON	Trojan/W32.Agent.196608
Emsisoft	Backdoor.VB.Agent.ABT (B)
Comodo	TrojWare.Win32.Swisyn.DFX@5ci87q
Baidu	Win32.Worm.VB.bf
Zillya	Trojan.Swisyn.Win32.32299
TrendMicro	WORM_COPALI_EJ200083.UVPM
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.cm
Sophos	ML/PE-A + Troj/VB-HTM
Ikarus	Worm.Win32.VB
Jiangmin	Trojan/Swisyn.wsw
Avira	TR/Beebone.rhwnabs
Antiy-AVL	Trojan/Generic.ASMalwS.93BFFC
Microsoft	Worm:Win32/Copali.B
ViRobot	Trojan.Win32.Zbot.184320.D
GData	Backdoor.VB.Agent.ABT
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.HDC.C436931
Acronis	suspicious
VBA32	Trojan.Agentb
ALYac	Backdoor.VB.Agent.ABT
MAX	malware (ai score=80)
Malwarebytes	Trojan.Agent
APEX	Malicious
Rising	Worm.Copali!1.A2C3 (CLASSIC)
Yandex	Trojan.GenAsa!UB1ZEjQvu58
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/CoinMiner.F
AVG	Win32:Vitro [Inf]
Panda	Generic Malware
CrowdStrike	win/malicious_confidence_100% (D)