Malware

Mal/VProtPck-B removal tips

Malware Removal

The Mal/VProtPck-B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Mal/VProtPck-B virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • NtSetInformationThread: attempt to hide thread from debugger
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Mal/VProtPck-B?


File Info:

name: 1AC1869F01CD8C1E162E.mlw
path: /opt/CAPEv2/storage/binaries/48a2702a3febb35f530e0fdd11653c08480736ba9af5df28545563f8c62b1745
crc32: 7385F874
md5: 1ac1869f01cd8c1e162e0d56dce85a33
sha1: 9d680534803b9e662c29fca3682394679fd3d232
sha256: 48a2702a3febb35f530e0fdd11653c08480736ba9af5df28545563f8c62b1745
sha512: 95bec4fb9ddf600c120dd505684d326bd03df991573c0a228f99476e49ee4fde9cf3310989fa441b7fecc86743bc048754af13ccf5355ddae6e3d1986f48eada
ssdeep: 49152:mXloIwWZuF/IPFaFPNAN1jQsy0y9r8r6b9V+e2IsYj8MLO5YFfjp1GHmFZNbKbXY:mVwFlIPFgPNAHMRI6pVkInIRMtkGQbli
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BFD5023E7EF5891AF495193404AA0A99E3D99C43FD20266FF0207E0DDC32DD46AA725F
sha3_384: a26d5075901f4cd1920f41d5dfc9c1e9bceab208edca4e7455380fa5bcc75a772976ee31ff8330f856af4a40a3eea44b
ep_bytes: 3bc07421eb00db2dcc0a6400ffffffff
timestamp: 1970-01-01 00:00:00

Version Info:

FileVersion: 1.2.3.0
FileDescription: 小宝企点QQ群发器 - Up_date
ProductName: 小宝企点QQ群发器
ProductVersion: 1.2.3.0
CompanyName: 易优软件
LegalCopyright: 本软件版权归作者所有
Comments: 作者QQ:80016630
Translation: 0x0804 0x04b0

Mal/VProtPck-B also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
FireEyeGeneric.mg.1ac1869f01cd8c1e
McAfeeGenericRXAA-AA!1AC1869F01CD
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004b94951 )
K7GWTrojan ( 004b94951 )
Cybereasonmalicious.4803b9
CyrenW32/ABRisk.IEEF-4548
ESET-NOD32a variant of Win32/Packed.VProtect.B suspicious
APEXMalicious
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:TrojanX-gen [Trj]
SophosMal/VProtPck-B
ComodoPacked.Win32.VProtect.A@4xq3f8
DrWebTrojan.Packed.1936
McAfee-GW-EditionBehavesLike.Win32.CoinMiner.vc
Trapminemalicious.high.ml.score
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.Agent.M5839T
MicrosoftTrojan:Win32/Wacatac.A!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R276706
BitDefenderThetaGen:NN.ZexaF.34742.WE0@aOOzw@pb
VBA32BScope.Trojan.Packed
MalwarebytesTrojan.MalPack.FlyStudio
RisingStealer.QQPass!1.648F (CLASSIC)
IkarusBackdoor.Win32.Hupigon
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Application
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Mal/VProtPck-B?

Mal/VProtPck-B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment