Malware

Mal/Generic-R + Mal/VB-GI information

Malware Removal

The Mal/Generic-R + Mal/VB-GI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-R + Mal/VB-GI virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Anomalous binary characteristics

How to determine Mal/Generic-R + Mal/VB-GI?



File Info:

name: 90CCBF94EB4DF66D9426.mlw
path: /opt/CAPEv2/storage/binaries/5b5370763ac2ddcf65bc36920b67acc783991dcee0466ee476b3a81c706644e3
crc32: 2A066F37
md5: 90ccbf94eb4df66d9426096ff8e3b342
sha1: 2985df5d2849479381bb54de2c7afd182a99bae8
sha256: 5b5370763ac2ddcf65bc36920b67acc783991dcee0466ee476b3a81c706644e3
sha512: 01b2af3aa0f4dfc1c6b0056df52095747927fcfcf301c0d23f77612efda48e2fe2c4a0f55b6d53cafe30a099455bc20cdb8cf5f5c4484202edc02aa2a247e909
ssdeep: 98304:bT4R9xXsNi9Xwgwfo3hv7SttYOXwnS4rV:bT4TYi9XwgwAxvUCI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CEF57C0EFEE58D35E6B212309D79932D5636BD701B35998B63943A0ED8B0FC0A935723
sha3_384: e919cdddea55ac24e46a2a99e4610bbf9547f1840d8bf2c966b4311201a0e5301fae0a79bfa988c05ca651c155cac102
ep_bytes: 68988f4000e8f0ffffff000000000000
timestamp: 2008-06-09 03:48:26


Version Info:

Translation: 0x0804 0x04b0
CompanyName: 2146
ProductName:  
FileVersion: 1.00
ProductVersion: 1.00
InternalName: avp
OriginalFilename: avp.exe

Mal/Generic-R + Mal/VB-GI also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Worm.SoulClose.C
FireEyeGeneric.mg.90ccbf94eb4df66d
McAfeeW32/HLLP.Soul
MalwarebytesMalware.AI.4289551135
VIPREVirus.Win32.Soulclose.a (v)
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004bcce41 )
BitDefenderWin32.Worm.SoulClose.C
K7GWP2PWorm ( 004f6ea61 )
Cybereasonmalicious.4eb4df
ArcabitWin32.Worm.SoulClose.C
BaiduWin32.Worm.VB.bc
CyrenW32/Worm.Soul.gen!Eldorado
SymantecW32.Fujacks.C
ESET-NOD32Win32/VB.NOY
APEXMalicious
KasperskyVirus.Win32.VB.lc
NANO-AntivirusVirus.Win32.VB.bpcbgk
RisingSpyware.Zbot!1.648A (CLASSIC)
Ad-AwareWin32.Worm.SoulClose.C
SophosMal/Generic-R + Mal/VB-GI
ComodoWorm.Win32.VB.NOY@bf0m
DrWebWin32.HLLP.Soul
ZillyaVirus.VB.Win32.177
McAfee-GW-EditionBehavesLike.Win32.Generic.wh
EmsisoftWin32.Worm.SoulClose.C (B)
IkarusVirus.Win32.VB.lc
JiangminWorm.Generic.vk
MaxSecureVirus.W32.VB.lc
AviraTR/VB.dek.3
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASBOL.21
GDataWin32.Worm.SoulClose.C
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.VB.C49023
Acronissuspicious
BitDefenderThetaGen:NN.ZevbaF.34114.Ep3@aqur!!jb
ALYacWin32.Worm.SoulClose.C
CylanceUnsafe
TencentWorm.Win32.Soulclose.wa
YandexTrojan.GenAsa!Bx8Fg9B1WP8
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_100%
FortinetW32/OpenSoul.A
AVGWin32:VB-JGI
AvastWin32:VB-JGI
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Mal/Generic-R + Mal/VB-GI?

Mal/Generic-R + Mal/VB-GI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment