Trojan

Should I remove “Trojan.Win32.VB.axk”?

Malware Removal

The Trojan.Win32.VB.axk is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win32.VB.axk virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Network anomalies occured during the analysis.
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with NsPack
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality

How to determine Trojan.Win32.VB.axk?


File Info:

name: 548A39CAC7ACFA07B004.mlw
path: /opt/CAPEv2/storage/binaries/c8515bf441ea0f3d22c17ab0c165697f222e1920f5a27cbd1ed2d7437ba3573a
crc32: 1E40F97B
md5: 548a39cac7acfa07b004988d3216428a
sha1: 0a034f1414d485f94d6ba55261f1c16fedf3b1be
sha256: c8515bf441ea0f3d22c17ab0c165697f222e1920f5a27cbd1ed2d7437ba3573a
sha512: 643478fd6c26accde5799843f2fcd8ef44e55fb129254dac78096dd50dabf6c4e692fc97dee5ed4b02eec888797b67236736c3308320212c1b3ade43a882e773
ssdeep: 1536:DSechYqXYfPhhV+C764g9xbalgVoHZsruuK69YM55fSsBnqY8tJ9O:AhbXYPhhV+CmigVoHouu55qsFMJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B2D3F93BBB01E02EF202C5B22954D1BE64193D3259C5999BB7822F9A3131597F9F4B0F
sha3_384: c12aa92014f00c272a843912d7496363f6d055728a7344ab20ab912201bbd839771f278e8f0ff3030f2ac924b81fe58e
ep_bytes: 68bc294000e8f0ffffff000000000000
timestamp: 2006-11-03 09:51:27

Version Info:

Translation: 0x0804 0x04b0
Comments: csrss.exe
CompanyName: Microsoft Corporation
FileDescription: LSA Shell (Export Version)
LegalCopyright: Microsoft Corporation. All rights reserved.
LegalTrademarks: Microsoft Corporation
ProductName: Microsoft Windows Operating System
FileVersion: 5.01.2600
ProductVersion: 5.01.2600
InternalName: setup
OriginalFilename: setup.exe

Trojan.Win32.VB.axk also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
DrWebBackDoor.Generic.1562
MicroWorld-eScanGen:Trojan.Heur.Packed.im0@cuUv6Mmb
FireEyeGeneric.mg.548a39cac7acfa07
McAfeeGeneric VB.do
CylanceUnsafe
Sangfor[MICROSOFT VISUAL BASIC V6.0]
K7AntiVirusTrojan ( 005376ae1 )
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.ac7acf
BitDefenderThetaAI:Packer.F215CD9723
CyrenW32/Threat-HLLIN-Slipper-based!
Elasticmalicious (high confidence)
ZonerProbably Heur.ExeHeaderP
KasperskyTrojan.Win32.VB.axk
BitDefenderGen:Trojan.Heur.Packed.im0@cuUv6Mmb
AvastWin32:Malware-gen
Ad-AwareGen:Trojan.Heur.Packed.im0@cuUv6Mmb
EmsisoftGen:Trojan.Heur.Packed.im0@cuUv6Mmb (B)
ComodoBackdoor.Win32.Popwin.~IQ@ogvrk
ZillyaTrojan.VB.Win32.135868
McAfee-GW-EditionBehavesLike.Win32.Generic.cm
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/VBbl-PN
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Heur.Packed.im0@cuUv6Mmb
AviraTR/Crypt.FKM.Gen
MAXmalware (ai score=81)
ArcabitTrojan.Heur.Packed.E596D4
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Xema.R89103
Acronissuspicious
VBA32Trojan.VB
ALYacGen:Trojan.Heur.Packed.im0@cuUv6Mmb
MalwarebytesTrojan.MalPack.Generic
APEXMalicious
RisingTrojan.VB.vyn (CLASSIC)
YandexTrojan.GenAsa!0IRFlckBjTk
IkarusTrojan-Spy.Agent
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:Malware-gen
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.Win32.VB.axk?

Trojan.Win32.VB.axk removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment