Trojan

About “Trojan.Downloader.VB.VNL” infection

Malware Removal

The Trojan.Downloader.VB.VNL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Downloader.VB.VNL virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • A process created a hidden window
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Collects information about installed applications
  • Attempts to modify proxy settings
  • Binary compilation timestomping detected

How to determine Trojan.Downloader.VB.VNL?



File Info:

name: E35981DDE2F9E6D1CE7E.mlw
path: /opt/CAPEv2/storage/binaries/6740b16570841765c77d8b9be8119385ecbe8270d5f0d7ba46db3167a02f440f
crc32: BB7858DC
md5: e35981dde2f9e6d1ce7e7716f72bc447
sha1: afb7c0ac3a5f554d19aca31a97a4ef628f3b1460
sha256: 6740b16570841765c77d8b9be8119385ecbe8270d5f0d7ba46db3167a02f440f
sha512: abebdf69b3806cb51f96bfcb1c88b86dd45aea33d31c742fd4879dbb3765e1573433227e3af0b673e9b833915119da8dba869c42145f25ebf715b64f51ebc307
ssdeep: 768:E6d4qazdJKvn+tN5ed4ywiI0/SmSBoW91I2XhLOd:VdmJKvn+tVywiI0/Sm6XP4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F2E2D198F7758FA8E756497A9D1B83774F11BCA04A3B6B1990907B3F3C357089E0A051
sha3_384: 5b1be4279058d92acfe5ee062f7d642986ac4af544ebbe5101f4006f713a604ed1c0c813df0bda94883cc29477ccdf47
ep_bytes: 60be006041008dbe00b0feff5783cdff
timestamp: 2055-05-25 18:10:40


Version Info:

Translation: 0x0409 0x04b0
ProductName: Project1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: dwnldr
OriginalFilename: dwnldr.exe

Trojan.Downloader.VB.VNL also known as:

tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Downloader.VB.VNL
FireEyeGeneric.mg.e35981dde2f9e6d1
ALYacTrojan.Downloader.VB.VNL
CylanceUnsafe
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderTrojan.Downloader.VB.VNL
K7GWTrojan-Downloader ( 004cc4ff1 )
K7AntiVirusTrojan-Downloader ( 004cc4ff1 )
BitDefenderThetaGen:NN.ZevbaF.34638.bmKfaut92Cni
VirITTrojan.Win32.DownLoad2.BRE
CyrenW32/Downloader.UYPE-7741
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.VB.QBY
ClamAVWin.Downloader.31502-1
KasperskyTrojan-Downloader.Win32.VB.drq
NANO-AntivirusTrojan.Win32.VB.fgqhnb
Ad-AwareTrojan.Downloader.VB.VNL
SophosMal/Generic-R + Troj/FakMSA-Gen
ZillyaDownloader.VB.Win32.78780
McAfee-GW-EditionBehavesLike.Win32.Generic.nc
EmsisoftTrojan.Downloader.VB.VNL (B)
APEXMalicious
GDataTrojan.Downloader.VB.VNL
JiangminTrojanDownloader.VB.dhpn
AviraBDS/Backdoor.Gen
SUPERAntiSpywareTrojan.Unclassified/DwnLdr
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Cospet.C24156
McAfeeRDN/Generic Downloader.x
MAXmalware (ai score=82)
VBA32Trojan.VBRA.012344
IkarusBackdoor.Win32.VB
RisingTrojan.Generic@AI.97 (RDMK:cmRtazoznFWaE0dTIp9Qg9ZP/cjf)
YandexTrojan.GenAsa!U6LWct/ZNHI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.DRQ!tr.dldr
AVGFileRepMalware [Misc]
Cybereasonmalicious.de2f9e
AvastFileRepMalware [Misc]

How to remove Trojan.Downloader.VB.VNL?

Trojan.Downloader.VB.VNL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment