Trojan

Trojan.Win32.VBKrypt.aof removal tips

Malware Removal

The Trojan.Win32.VBKrypt.aof is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.VBKrypt.aof virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Arabic
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan.Win32.VBKrypt.aof?



File Info:

name: 5CA4EF1FD06133DF27D6.mlw
path: /opt/CAPEv2/storage/binaries/3d294696a037ce6b7c8786408057693e1af0c9eab1151e22eb6f8173930760c0
crc32: A74B12FE
md5: 5ca4ef1fd06133df27d60173c296bfb5
sha1: 0177c79c5929f89b505863539966243f327d3bd1
sha256: 3d294696a037ce6b7c8786408057693e1af0c9eab1151e22eb6f8173930760c0
sha512: 03c8315c55850fe2a52a6caaaadb0a0797c10dcb1c71048b9b87b3fb5ac779822e0a33c8536e6cf52edbea156bc0b8e6ae5c3d4fad0974597148fc8d5eab3001
ssdeep: 6144:2O6jamYu/LNJWvxSUITzzmzhD1KfZ2YrEun3gOj6wanyyIHQ:2OkDxJWvxDITzzkhDmhJ3gO+gnHQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E97423642DC9A894CC0E503A20D6B5314E6E7DE8B78297EF7A53F93736742603B30726
sha3_384: 07622a36f5a103416c9429325134781f94d4e4408bc0fcbe6abdcccf0971eda9306bcf52461cd4a9b9484152cf41cb54
ep_bytes: 53575655e8000000005d81edf9123a00
timestamp: 2010-06-09 22:27:17


Version Info:

Translation: 0x0409 0x04b0
Comments: Fzdejus
CompanyName: Uyblp
FileDescription: Yxxwzrv
LegalCopyright: Vsrau
LegalTrademarks: Vetihys
ProductName: Vtafxwq
FileVersion: 2.01.0003
ProductVersion: 2.01.0003
InternalName: NcZHUuVeqSm
OriginalFilename: NcZHUuVeqSm.exe

Trojan.Win32.VBKrypt.aof also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.ManBat.1
FireEyeGeneric.mg.5ca4ef1fd06133df
ALYacGen:Heur.ManBat.1
CylanceUnsafe
ZillyaTrojan.VBKrypt.Win32.30446
SangforSuspicious.Win32.Save.a
K7AntiVirusNetWorm ( 700000151 )
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.fd0613
BitDefenderThetaGen:NN.ZexaF.34182.vi1@aiPWkRpO
VirITTrojan.Win32.VBKrypt.ANY
CyrenW32/SuspPack.DO.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/RiskWare.PEMalform.B
TrendMicro-HouseCallTROJ_VBINJ.SMO
ClamAVWin.Trojan.Agent-228748
KasperskyTrojan.Win32.VBKrypt.aof
BitDefenderGen:Heur.ManBat.1
NANO-AntivirusTrojan.Win32.VBKrypt.efbanm
AvastWin32:Adware-gen [Adw]
RisingTrojan.VBKrypt!8.5C0 (RDMK:cmRtazp2mF4ScRnr1u7DKrrH3RWn)
SophosMal/VBCheMan-A
ComodoTrojWare.Win32.Kryptik.~NT@1r0f0f
DrWebTrojan.AVKill.12453
VIPRELooksLike.Win32.InfectedFile!A (v)
TrendMicroTROJ_VBINJ.SMO
McAfee-GW-EditionBehavesLike.Win32.Virut.fc
SentinelOneStatic AI – Malicious PE
EmsisoftGen:Heur.ManBat.1 (B)
APEXMalicious
JiangminTrojan/VBKrypt.hdkp
AviraTR/Spy.Zbot.84480
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.12492
MicrosoftRogue:Win32/FakeSpypro
ZoneAlarmTrojan.Win32.VBKrypt.aof
GDataGen:Heur.ManBat.1
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.FraudPack.R415
McAfeeFakeAV-SpyPro.gen.an
VBA32SScope.Trojan.VB.0589
MalwarebytesTrojan.Agent.Generic
YandexTrojan.VBKrypt!O/nVnp6M2+k
IkarusTrojan.Win32.VBKrypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Onlinegames.ASE!tr
AVGWin32:Adware-gen [Adw]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Trojan.Win32.VBKrypt.aof?

Trojan.Win32.VBKrypt.aof removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment