Backdoor

Backdoor:Win32/VB.UN (file analysis)

Malware Removal

The Backdoor:Win32/VB.UN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/VB.UN virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Authenticode signature is invalid
  • Created a service that was not started
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:Win32/VB.UN?



File Info:

name: 01DC9DB462476DE70592.mlw
path: /opt/CAPEv2/storage/binaries/1cceddca2f1b5631895bac017cc8920337eae2d5b50023c4e97d0d073cae47e5
crc32: 3801EF04
md5: 01dc9db462476de705926241350ad5bb
sha1: f59970ae175a27aab1f906ac2359450cdef5e886
sha256: 1cceddca2f1b5631895bac017cc8920337eae2d5b50023c4e97d0d073cae47e5
sha512: 0f86039fb1014f3814f867f3ebb1e95ad94a73e725779c262e845a927d4963e5c23a6b9d8ba8571277301d98a359e7d3b480b5c2a5f52cddd0b4be51519a0312
ssdeep: 1536:myi9qQguQc0TB/H3EF5ilWNmsLmxGcHCeh76hV:Fi9qQgudIv3EF5ilScxvHCY76
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T115342A17631888C4F6D4A9310A97CCB586F2FC235AD77B9316C02A7E3C33E51E925A5E
sha3_384: 23d69831efab38c1af325142c1a4b993550a94b3ab719ea53336ca92f6017323933db13424a5a4d132118ef5b78d63a3
ep_bytes: 6840134000e8eeffffff000000000000
timestamp: 2004-02-12 15:43:54


Version Info:

0: [No Data]

Backdoor:Win32/VB.UN also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.VB.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanMemScan:Trojan.GenericKDZ.99403
ClamAVWin.Trojan.Redjunk-6817436-0
FireEyeGeneric.mg.01dc9db462476de7
CAT-QuickHealBackdoor.Pcclient.9421
ALYacMemScan:Trojan.GenericKDZ.99403
Cylanceunsafe
ZillyaTrojan.VB.Win32.923124
K7AntiVirusP2PWorm ( 0000f53f1 )
BitDefenderMemScan:Trojan.GenericKDZ.99403
K7GWP2PWorm ( 0000f53f1 )
Cybereasonmalicious.462476
ArcabitTrojan.Generic.D1844B
BitDefenderThetaAI:Packer.BC437D5515
CyrenW32/Backdoor.KAPY-0306
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/VB.UN
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.VB.un
AlibabaWorm:Win32/vobfus.1030
NANO-AntivirusTrojan.Win32.VB.eyodli
ViRobotBackdoor.Win32.A.VB.239583
RisingBackdoor.VB.nin (CLASSIC)
TACHYONBackdoor/W32.VB-Agent.239583
SophosMal/Generic-S
F-SecureTrojan.TR/Patched.Ren.Gen
DrWebBackDoor.Netian
VIPREMemScan:Trojan.GenericKDZ.99403
TrendMicroWORM_WATSOON.C
McAfee-GW-EditionBehavesLike.Win32.Generic.dz
EmsisoftMemScan:Trojan.GenericKDZ.99403 (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/VB.nmd
AviraTR/Patched.Ren.Gen
Antiy-AVLTrojan[Backdoor]/Win32.VB
XcitiumBackdoor.Win32.VB.UN@3wmt
MicrosoftBackdoor:Win32/VB.UN
ZoneAlarmBackdoor.Win32.VB.un
GDataMemScan:Trojan.GenericKDZ.99403
GoogleDetected
AhnLab-V3Trojan/Win32.Xema.C36261
McAfeeGenericRXAA-AA!01DC9DB46247
MAXmalware (ai score=84)
DeepInstinctMALICIOUS
VBA32Backdoor.VB
MalwarebytesMalware.AI.3518317298
PandaBck/Iroffer.BG
TrendMicro-HouseCallWORM_WATSOON.C
TencentMalware.Win32.Gencirc.10beb31c
IkarusTrojan.Win32.VB
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.UN!tr.bdr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:Win32/VB.UN?

Backdoor:Win32/VB.UN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment