Trojan

Trojan.Win32.VBKryjetor.bmvi malicious file

Malware Removal

The Trojan.Win32.VBKryjetor.bmvi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.VBKryjetor.bmvi virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • A process created a hidden window
  • Unconventionial language used in binary resources: Finnish
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients

How to determine Trojan.Win32.VBKryjetor.bmvi?



File Info:

crc32: 3EA0EBE7
md5: ccd624add9ca0ae92d83610ea3221ae6
name: CCD624ADD9CA0AE92D83610EA3221AE6.mlw
sha1: a1c3fd6f7f2eb0cedeb1d20487c3cc670a3766d7
sha256: ea7bedd31d81123db139ff9f294672fec878aad74c3abf3500c8c1694d9f5feb
sha512: 2e53c36c3b476b43b9ec3bfbba3100a94cc02d5fc82898646bc2dea4aced4340b7e8a4d8d3db58932f6b1b5a9dd87b240afe3aea66948ce434c8f42cf841d4a4
ssdeep: 3072:eVshAo4qKg56qCIMVPmTEJBw3DCGULUnSKAEjZou8t3hw74qKgS:eVshAEKkLCIMV7JWCZUxnSTt3hwLK
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

Translation: 0x040b 0x04b0
InternalName: rigatoni
FileVersion: 3.00.0005
CompanyName: eCson  
ProductName: Jahres5
ProductVersion: 3.00.0005
OriginalFilename: rigatoni.exe

Trojan.Win32.VBKryjetor.bmvi also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.pm0@oGuKxBgG
FireEyeGeneric.mg.ccd624add9ca0ae9
McAfeePacked-MI!CCD624ADD9CA
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 004bcce41 )
BitDefenderGen:Heur.PonyStealer.pm0@oGuKxBgG
K7GWTrojan ( 004bcce41 )
Cybereasonmalicious.dd9ca0
TrendMicroTSPY_HPFAREIT.SM4
SymantecML.Attribute.HighConfidence
APEXMalicious
ClamAVWin.Dropper.Bifrost-7643040-0
KasperskyTrojan.Win32.VBKryjetor.bmvi
AlibabaTrojan:Win32/VBKryjetor.47b6bd60
ViRobotTrojan.Win32.Z.Ponystealer.246784.B
TencentMalware.Win32.Gencirc.11b0af79
Ad-AwareGen:Heur.PonyStealer.pm0@oGuKxBgG
ComodoPacked.Win32.MUPX.Gen@24tbus
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.PWS.Stealer.1932
InvinceaMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Swisyn.dh
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
JiangminTrojan.VBKryjetor.zil
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=80)
MicrosoftVirTool:Win32/VBInject.OR!bit
GridinsoftTrojan.Win32.Packed.oa
ArcabitTrojan.PonyStealer.EC58EE
ZoneAlarmTrojan.Win32.VBKryjetor.bmvi
GDataGen:Heur.PonyStealer.pm0@oGuKxBgG
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.VBInject.R355373
Acronissuspicious
BitDefenderThetaAI:Packer.4540131221
VBA32BScope.TrojanPSW.Stealer
MalwarebytesTrojan.MalPack.VB
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Injector.DPSH
TrendMicro-HouseCallTSPY_HPFAREIT.SM4
RisingTrojan.Injector!8.C4 (TFE:4:rAhfOCWPOOQ)
YandexTrojan.GenAsa!6a8OXH777Ek
IkarusTrojan.Crypt
eGambitUnsafe.AI_Score_98%
FortinetW32/Injector.DPQJ!tr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.340

How to remove Trojan.Win32.VBKryjetor.bmvi?

Trojan.Win32.VBKryjetor.bmvi removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment