Trojan

Trojan.Win32.VBKrypt.lxuo malicious file

Malware Removal

The Trojan.Win32.VBKrypt.lxuo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.VBKrypt.lxuo virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine Trojan.Win32.VBKrypt.lxuo?



File Info:

name: 54A280265B3AAA5E1272.mlw
path: /opt/CAPEv2/storage/binaries/d7db06ea1ebc050df391c330ee387beaafe58d3ff6c5178bde3331260e406f53
crc32: FE65DCBD
md5: 54a280265b3aaa5e127245300198c4fd
sha1: 09ff7a4181d4d527ab3a5ef112e99b54d96dc3ea
sha256: d7db06ea1ebc050df391c330ee387beaafe58d3ff6c5178bde3331260e406f53
sha512: f20bc0d92d67a900c95aefc064a5f9bb59fe027c6aecc9d92001bdae6ceff5e2b29888140b0635e1c70885ece6412fc6ccdb853d6c318820dc12fb630c0debe1
ssdeep: 6144:lnNhR0RO+BeaenG8IAVCNhtyLry8SWY84f+OmvWstcXNyqDkB6hO:Vhcen/INbyLry8SE4f/otQYqs+O
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AC642251B4B48881FF34C639E3AF6D7D885CB10F773B45510E1EA58B26AE1EB4C36898
sha3_384: 9a59949124c201c7fee5cd207995e935d10a801ab514021ab19702b7c1557fad24a7effa7f4b3e65ddfd8e962059dbc2
ep_bytes: 60be00d04b008dbe0040f4ff5783cdff
timestamp: 2012-05-05 18:52:20


Version Info:

Translation: 0x0409 0x04b0
Comments: Nativa densa pomate
CompanyName: piana campa
FileDescription: Decide groppa volpe ansie
LegalCopyright: gonfia mastri mitiga
LegalTrademarks: foderi lingua
ProductName: rione
FileVersion: 9.03.0008
ProductVersion: 9.03.0008
InternalName: bevuto
OriginalFilename: bevuto.exe

Trojan.Win32.VBKrypt.lxuo also known as:

LionicTrojan.Win32.VBKrypt.4!c
MicroWorld-eScanGen:Heur.PonyStealer.MLT.1
ClamAVWin.Trojan.Agent-358950
FireEyeGen:Heur.PonyStealer.MLT.1
ALYacGen:Heur.PonyStealer.MLT.1
CylanceUnsafe
VIPREGen:Heur.PonyStealer.MLT.1
SangforSuspicious.Win32.Save.a
K7AntiVirusRiskware ( 0015e4f11 )
K7GWRiskware ( 0015e4f11 )
CrowdStrikewin/malicious_confidence_90% (W)
VirITTrojan.Win32.Generic.CFMK
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/Spy.Zbot.AAQ
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.VBKrypt.lxuo
BitDefenderGen:Heur.PonyStealer.MLT.1
NANO-AntivirusTrojan.Win32.VBKrypt.dyqkbi
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b48455
Ad-AwareGen:Heur.PonyStealer.MLT.1
SophosMal/Behav-405
ComodoTrojWare.Win32.Spy.Zbot.CGH@4p9hhs
DrWebTrojan.PWS.Panda.2000
ZillyaTrojan.VBKrypt.Win32.165791
TrendMicroTSPY_ZBOT_FE250253.UVPM
McAfee-GW-EditionPWS-Zbot.gen.aaa
Trapminemalicious.high.ml.score
EmsisoftGen:Heur.PonyStealer.MLT.1 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.PonyStealer.MLT.1
JiangminTrojan/VBKrypt.igld
WebrootW32.Malware.Gen
AviraTR/Dropper.VB.Gen8
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASMalwS.39
ViRobotTrojan.Win32.A.VBKrypt.309760.P[UPX]
MicrosoftPWS:Win32/Zbot
GoogleDetected
McAfeePWS-Zbot.gen.aaa
TACHYONTrojan/W32.VB-VBKrypt.1045504
VBA32BScope.Trojan.VBKrypt
MalwarebytesMalware.Heuristic.1003
TrendMicro-HouseCallHV_ZYX_BH010390.TOMC
RisingTrojan.Win32.Generic.12CAFDB9 (C64:YzY0OtPxWKJEm9Uv)
YandexTrojan.GenAsa!3V0QzLm7xSk
IkarusTrojan-PWS.Win32.Zbot
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.MBSX!tr
BitDefenderThetaAI:Packer.7AC27D9D1F
AVGWin32:Malware-gen
Cybereasonmalicious.65b3aa
PandaTrj/Ransom.AB

How to remove Trojan.Win32.VBKrypt.lxuo?

Trojan.Win32.VBKrypt.lxuo removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment