Trojan

Trojan.Win32.Inject.bgnn (file analysis)

Malware Removal

The Trojan.Win32.Inject.bgnn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Inject.bgnn virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Win32.Inject.bgnn?



File Info:

name: 377A402D8466523E9657.mlw
path: /opt/CAPEv2/storage/binaries/70f8227a143467d6389c4092de591301910a4cc0a0e05b1ccd3567041a311e31
crc32: B7D5174B
md5: 377a402d8466523e9657f7a0fbe9fa1e
sha1: 0f5e572cf2b68ed346e1b082f84da8e522c86dad
sha256: 70f8227a143467d6389c4092de591301910a4cc0a0e05b1ccd3567041a311e31
sha512: f7708d2a4d036385fada78ff17779b30f0e7904f6ed8ead376251fbeeeecaa1f0f99a3645bda3cc2f1f42f8e12b0386563763def5ed524ec9e50bd824d3db2d3
ssdeep: 3072:DmRiCRhRT+i5/vwOV/FB671omXB1Gt87n:DmRJRT+i5rYo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T146D3A42E7790F67EC525C6F43D1A43A0903AAD3521D2AD03F7C61B16B6F1EAB9220747
sha3_384: 0dced4cb54444950dac67127a69bb5c4afb1574c433cf3298ced5aff7c62a8f7c752fd0973ef85da3163482e3264a65c
ep_bytes: 68c8384000e8f0ffffff000000000000
timestamp: 2011-07-27 00:54:59


Version Info:

Translation: 0x0409 0x04b0
ProductName: WLTaYOmfcZkmOFwNPXVm
FileVersion: 1.00
ProductVersion: 1.00
InternalName: VHwccGFKczzc
OriginalFilename: VHwccGFKczzc.exe

Trojan.Win32.Inject.bgnn also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Inject.1b!c
MicroWorld-eScanGen:Variant.VBKrypt.55
ClamAVWin.Trojan.Changeup-6169544-0
CAT-QuickHealTrojan.Vobfus.gen
McAfeeVBObfus.g
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Inject.Win32.335254
SangforTrojan.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
AlibabaMalware:Win32/km_2ff14.None
K7GWEmailWorm ( 0054d10f1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.D62E527720
VirITWorm.Win32.Generic.AVYA
CyrenW32/Vobfus.W.gen!Eldorado
SymantecW32.Changeup
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.AIY
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Inject.bgnn
BitDefenderGen:Variant.VBKrypt.55
NANO-AntivirusTrojan.Win32.Inject.dxqgeq
AvastWin32:VB-WVF [Trj]
TencentTrojan.Win32.Inject.km
TACHYONTrojan/W32.VB-Inject.135168.O
EmsisoftGen:Variant.VBKrypt.55 (B)
BaiduWin32.Worm.VB.lk
F-SecureWorm.WORM/Vobfus.dazrc
DrWebTrojan.VbCrypt.60
VIPREGen:Variant.VBKrypt.55
TrendMicroMal_VBNA-7
McAfee-GW-EditionBehavesLike.Win32.VBObfus.cm
FireEyeGeneric.mg.377a402d8466523e
SophosW32/Vobfus-P
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.VBKrypt.55
AviraWORM/Vobfus.dazrc
Antiy-AVLWorm/Win32.WBNA.gen
XcitiumWorm.Win32.Vobfus.DG@5q5mo0
ArcabitTrojan.VBKrypt.55
ZoneAlarmTrojan.Win32.Inject.bgnn
MicrosoftWorm:Win32/Vobfus.DA
GoogleDetected
AhnLab-V3Trojan/Win32.VBKrypt.R19677
VBA32BScope.Worm.VBNA
ALYacGen:Variant.VBKrypt.55
MAXmalware (ai score=80)
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallMal_VBNA-7
RisingWorm.VobfusEx!1.99E0 (CLASSIC)
IkarusWorm.Gamarue
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.CNE!worm
AVGWin32:VB-WVF [Trj]
Cybereasonmalicious.d84665
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Inject.bgnn?

Trojan.Win32.Inject.bgnn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment