Categories: Trojan

Trojan.Win32.VBKryjetor.bmvi malicious file

The Trojan.Win32.VBKryjetor.bmvi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.VBKryjetor.bmvi virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Possible date expiration check, exits too soon after checking local time
Creates RWX memory
A process created a hidden window
Unconventionial language used in binary resources: Finnish
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Steals private information from local Internet browsers
Exhibits behavior characteristic of Pony malware
Collects information about installed applications
Harvests credentials from local FTP client softwares
Harvests information related to installed mail clients

How to determine Trojan.Win32.VBKryjetor.bmvi?


File Info:
crc32: 3EA0EBE7md5: ccd624add9ca0ae92d83610ea3221ae6name: CCD624ADD9CA0AE92D83610EA3221AE6.mlwsha1: a1c3fd6f7f2eb0cedeb1d20487c3cc670a3766d7sha256: ea7bedd31d81123db139ff9f294672fec878aad74c3abf3500c8c1694d9f5febsha512: 2e53c36c3b476b43b9ec3bfbba3100a94cc02d5fc82898646bc2dea4aced4340b7e8a4d8d3db58932f6b1b5a9dd87b240afe3aea66948ce434c8f42cf841d4a4ssdeep: 3072:eVshAo4qKg56qCIMVPmTEJBw3DCGULUnSKAEjZou8t3hw74qKgS:eVshAEKkLCIMV7JWCZUxnSTt3hwLKtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
Translation: 0x040b 0x04b0InternalName: rigatoniFileVersion: 3.00.0005CompanyName: eCson  ProductName: Jahres5ProductVersion: 3.00.0005OriginalFilename: rigatoni.exe

Trojan.Win32.VBKryjetor.bmvi also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.PonyStealer.pm0@oGuKxBgG
FireEye	Generic.mg.ccd624add9ca0ae9
McAfee	Packed-MI!CCD624ADD9CA
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 004bcce41 )
BitDefender	Gen:Heur.PonyStealer.pm0@oGuKxBgG
K7GW	Trojan ( 004bcce41 )
Cybereason	malicious.dd9ca0
TrendMicro	TSPY_HPFAREIT.SM4
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
ClamAV	Win.Dropper.Bifrost-7643040-0
Kaspersky	Trojan.Win32.VBKryjetor.bmvi
Alibaba	Trojan:Win32/VBKryjetor.47b6bd60
ViRobot	Trojan.Win32.Z.Ponystealer.246784.B
Tencent	Malware.Win32.Gencirc.11b0af79
Ad-Aware	Gen:Heur.PonyStealer.pm0@oGuKxBgG
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.PWS.Stealer.1932
Invincea	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Swisyn.dh
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.VBKryjetor.zil
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=80)
Microsoft	VirTool:Win32/VBInject.OR!bit
Gridinsoft	Trojan.Win32.Packed.oa
Arcabit	Trojan.PonyStealer.EC58EE
ZoneAlarm	Trojan.Win32.VBKryjetor.bmvi
GData	Gen:Heur.PonyStealer.pm0@oGuKxBgG
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.VBInject.R355373
Acronis	suspicious
BitDefenderTheta	AI:Packer.4540131221
VBA32	BScope.TrojanPSW.Stealer
Malwarebytes	Trojan.MalPack.VB
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Injector.DPSH
TrendMicro-HouseCall	TSPY_HPFAREIT.SM4
Rising	Trojan.Injector!8.C4 (TFE:4:rAhfOCWPOOQ)
Yandex	Trojan.GenAsa!6a8OXH777Ek
Ikarus	Trojan.Crypt
eGambit	Unsafe.AI_Score_98%
Fortinet	W32/Injector.DPQJ!tr
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	Win32/Trojan.340