Malware

Should I remove “ML/PE-A + Mal/VB-F”?

Malware Removal

The ML/PE-A + Mal/VB-F is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Mal/VB-F virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Expresses interest in specific running processes
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Attempts to disable or modify Explorer Folder Options
  • Attempts to disable System Restore
  • Attempts to modify Explorer settings to prevent file extensions from being displayed
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine ML/PE-A + Mal/VB-F?



File Info:

name: 4D4936A23BB09D2837AB.mlw
path: /opt/CAPEv2/storage/binaries/988d93ec279e62476ffa4038de8e6ffbf352f73d61fa45225c8ad4f308c2712a
crc32: 6C0D13FC
md5: 4d4936a23bb09d2837aba6984ccd5996
sha1: b5178a365a20430cbbad9bebffb52ec7c325114f
sha256: 988d93ec279e62476ffa4038de8e6ffbf352f73d61fa45225c8ad4f308c2712a
sha512: a76b282a3f2f4971d1ba10ab9dc22a19ac9f6c5d580171a7e89472934251a3cf55600041e179ee9852bcd20701872265793dbee6324ad5763c5e6bb1679b1f3d
ssdeep: 6144:mj1jtjFjrjQjtjFjrjUjQjtjFjrjQjtjFjrjUj8j1jtjFjrjQjtjFjrjUjQjtjF3:p
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T180569D037B17E01DF624C9395A0645AD63857EA18E037E6BA2213E7B3E375C62E17732
sha3_384: 12f6b049b35b98f038ee8b93dc9507a0a676a1221e0a482f38b787baab0a72e37ecfd89401cbb2485644cc42cd81b0c6
ep_bytes: 60be007041008dbe00a0feff5783cdff
timestamp: 2006-07-15 11:26:47


Version Info:

Translation: 0x0409 0x04b0
ProductName: 4k51k4
FileVersion: 1.12.1985
ProductVersion: 1.12.1985
InternalName: 4K51K4
OriginalFilename: 4K51K4.exe

ML/PE-A + Mal/VB-F also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebWin32.HLLM.Generic.411
MicroWorld-eScanGen:Trojan.Heur.@pNfrfA5ltpib
FireEyeGeneric.mg.4d4936a23bb09d28
CAT-QuickHealWorm.Ludbaruma.A3
McAfeeW32/YahLover.worm.gen.b
CylanceUnsafe
ZillyaWorm.Brontok.Win32.1192
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0040f6141 )
K7GWTrojan ( 0040f6141 )
Cybereasonmalicious.23bb09
BitDefenderThetaAI:Packer.F0175E5C1D
CyrenW32/A-b40369a2!Eldorado
SymantecTrojan Horse
ESET-NOD32a variant of Win32/VB.ET
TrendMicro-HouseCallWORM_BRONTOK.W
ClamAVLegacy.Trojan.Agent-1388589
KasperskyEmail-Worm.Win32.Brontok.w
BitDefenderGen:Trojan.Heur.@pNfrfA5ltpib
NANO-AntivirusTrojan.Win32.Brontok.eultyo
SUPERAntiSpywareWorm.Brontok
AvastWin32:Brontok-BW [Wrm]
TencentWorm.Win32.Brontok.d
Ad-AwareGen:Trojan.Heur.@pNfrfA5ltpib
EmsisoftGen:Trojan.Heur.@pNfrfA5ltpib (B)
ComodoTrojWare.Win32.Regrun.Q@1gs3xh
BaiduWin32.Worm.VB.k
VIPREWorm.Win32.Ludbaruma.a (v)
TrendMicroWORM_BRONTOK.W
McAfee-GW-EditionBehavesLike.Win32.Rontokbro.th
SophosML/PE-A + Mal/VB-F
IkarusTrojan.Win32.KillAV
GDataGen:Trojan.Heur.@pNfrfA5ltpib
JiangminWorm/Brontok.kd
AviraWORM/Brontok.W.2
Antiy-AVLTrojan/Generic.ASMalwS.9652B5
ArcabitTrojan.Heur.ECF230
ViRobotI-Worm.Win32.A.Brontok.93802[UPX]
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.VB.R42952
VBA32Worm.Brontok
ALYacGen:Trojan.Heur.@pNfrfA5ltpib
MAXmalware (ai score=81)
MalwarebytesWorm.Brontok
APEXMalicious
RisingWorm.VBInjectEx!1.99E6 (RDMK:cmRtazqGO6ZWCWyIryIocBP1AcPO)
YandexI-Worm.Brontok!4gJwN60hfZM
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_88%
FortinetW32/Brontok.W!worm
AVGWin32:Brontok-BW [Wrm]
PandaTrj/Vilsel.AF

How to remove ML/PE-A + Mal/VB-F?

ML/PE-A + Mal/VB-F removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment