Categories: Malware

What is “Heur.VB.Krypt.13 (B)”?

The Heur.VB.Krypt.13 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Heur.VB.Krypt.13 (B) virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Creates RWX memory
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Spanish (Peru)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Behavioural detection: Injection (inter-process)
Created a process from a suspicious location
Anomalous binary characteristics

How to determine Heur.VB.Krypt.13 (B)?


File Info:
name: 28F4FEEDBE1230708C03.mlwpath: /opt/CAPEv2/storage/binaries/9ba800e110ccffeda8e66d345091b7464e302da13b33870d16efae12c5293dc9crc32: B2FBBD8Emd5: 28f4feedbe1230708c03cd6f9bd191d5sha1: d32215ecc919d763e34d38a65ef1acf8248b14easha256: 9ba800e110ccffeda8e66d345091b7464e302da13b33870d16efae12c5293dc9sha512: c0596c01088fd936675b0bd77a989319e2cd0b23dabc53afdb1ba8a4f84bf9e98eb4ac4cd07a708e9139b9cc85798a2bca8d6ffedda741baf9bffede0f7c4f03ssdeep: 1536:nSQwevURdDuRcZTtYeD9W8x1GBeK30u4HLBxXvUodgnpwGWefPSWnN4wQt6w6Ah/:affM8SIKku4HtWoopyYPSI4wQtSOtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T10A159CD26BD5E431D433ACB917E1B13E70839858E9DFF943A760DB232D50D98BA24839sha3_384: 3f3c570cb4cae33b884da45daac67d73166b69387d82db6d5711266a7ad5b46c7165897a8e2ce9fabc8637ec11e2ee4bep_bytes: 68d8114000e8f0ffffff000000000000timestamp: 2013-03-12 18:34:35
Version Info:
0: [No Data]

Heur.VB.Krypt.13 (B) also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.VB.Krypt.13
FireEye	Generic.mg.28f4feedbe123070
ALYac	Gen:Heur.VB.Krypt.13
Cylance	Unsafe
VIPRE	Gen:Heur.VB.Krypt.13
Sangfor	[MICROSOFT VISUAL BASIC V6.0]
K7AntiVirus	Riskware ( 00584baa1 )
K7GW	Riskware ( 00584baa1 )
Cybereason	malicious.dbe123
VirIT	Worm.Win32.Generic.DUG
Cyren	W32/S-efe09638!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	Win32/AutoRun.VB.XW
APEX	Malicious
ClamAV	Win.Trojan.Generic-9763885-0
Kaspersky	Trojan-Dropper.Win32.Injector.hsnr
BitDefender	Gen:Heur.VB.Krypt.13
NANO-Antivirus	Trojan.Win32.Inject.dzhbdf
Avast	Win32:DangerousSig [Trj]
Ad-Aware	Gen:Heur.VB.Krypt.13
Sophos	ML/PE-A
Comodo	TrojWare.Win32.Injector.ADYA@4vi9it
DrWeb	Trojan.MulDrop4.61388
Zillya	Dropper.Injector.Win32.52585
TrendMicro	TROJ_SPNR.30DK13
McAfee-GW-Edition	BehavesLike.Win32.Trojan.dz
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Heur.VB.Krypt.13 (B)
Ikarus	Trojan.Win32.Injector
GData	Gen:Heur.VB.Krypt.13
Jiangmin	TrojanDropper.Injector.asde
Avira	TR/Dropper.Gen
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Generic.ASMalwS.177
Arcabit	Trojan.VB.Krypt.13
ZoneAlarm	Trojan-Dropper.Win32.Injector.hsnr
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
McAfee	GenericRXOI-QY!28F4FEEDBE12
VBA32	TScope.Trojan.VB
TrendMicro-HouseCall	TROJ_SPNR.30DL13
Yandex	Trojan.DR.Injector!0W/4T4YIgBA
SentinelOne	Static AI – Malicious PE
BitDefenderTheta	AI:Packer.C31932C01E
AVG	Win32:DangerousSig [Trj]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (D)