Trojan

Trojan.Win32.VBKrypt.yycx removal guide

Malware Removal

The Trojan.Win32.VBKrypt.yycx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.VBKrypt.yycx virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Trojan.Win32.VBKrypt.yycx?



File Info:

name: DECEE2E27BB542C0028B.mlw
path: /opt/CAPEv2/storage/binaries/92e3ece2d8f020f9629a6c5ae5924ff6d00dc140d4c4ca5bfdda2a40c7310a6c
crc32: B785DF93
md5: decee2e27bb542c0028b685532e26998
sha1: bca8271bed39827d377779d0cd18838043178838
sha256: 92e3ece2d8f020f9629a6c5ae5924ff6d00dc140d4c4ca5bfdda2a40c7310a6c
sha512: e676b491987101a535aa3f04e70f866f3561871faf2815bd71aa7635286fa7ec426ea5aaa7a75ed713585250786dfafa468f3e94380e3eb5028ae8590849a484
ssdeep: 3072:ORlRIWQiQHMGxRVC8c2jR74kSBOXJ8X2Yec/CEUIuqNYz9I/9sb05:QoWQi2MGxR5pzXo2L+3/5N9uQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15284E1E10679C777D27497B09706BA387B36EE000AC6141C6D49BD2CF671991DAC0B3B
sha3_384: 8316e944dbf3952c8a6ee1bfc9e70a854126d88f19fa3dc9288da61cd9a345656c5855dccdd3daa69e11d9a56a8fc3b9
ep_bytes: 6808144000e8eeffffff000000000000
timestamp: 2018-01-24 10:14:06


Version Info:

Translation: 0x0409 0x04b0
CompanyName: CJSC ^computing forces^
FileDescription: NAtomsora'
ProductName: taVAGOsa
FileVersion: 8.01
ProductVersion: 8.01
InternalName: Racehorse8
OriginalFilename: Racehorse8.exe

Trojan.Win32.VBKrypt.yycx also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.Siggen15.60099
MicroWorld-eScanTrojan.Agent.CTYM
FireEyeGeneric.mg.decee2e27bb542c0
McAfeePacked-YP!DECEE2E27BB5
CylanceUnsafe
ZillyaTrojan.Injector.Win32.1283586
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00524dc51 )
K7GWTrojan ( 00524dc51 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZevbaF.34084.ym0@aqwSB2pi
CyrenW32/VBInject.OB.gen!Eldorado
SymantecPacked.Generic.519
ESET-NOD32a variant of Win32/Injector.DVHN
TrendMicro-HouseCallTSPY_HPFAREIT.SMVB
ClamAVWin.Dropper.Fareitvb-9895670-0
KasperskyTrojan.Win32.VBKrypt.yycx
BitDefenderTrojan.Agent.CTYM
NANO-AntivirusTrojan.Win32.VBKrypt.exoabe
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.114cdacb
Ad-AwareTrojan.Agent.CTYM
SophosML/PE-A + Mal/FareitVB-M
TrendMicroTSPY_HPFAREIT.SMVB
McAfee-GW-EditionBehavesLike.Win32.Fareit.fz
EmsisoftTrojan.Agent.CTYM (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.Agent.CTYM
JiangminTrojan.VBKrypt.chom
eGambitUnsafe.AI_Score_100%
AviraHEUR/AGEN.1127814
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.2443813
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrypt.RP02.X1828
Acronissuspicious
VBA32Trojan.VBKrypt
ALYacTrojan.Agent.CTYM
TACHYONTrojan/W32.VB-VBKrypt.405504.N
MalwarebytesMalware.AI.4234976363
APEXMalicious
RisingTrojan.Kryptik!1.AFE7 (CLASSIC)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKryptik.DZLN!tr
AVGWin32:Malware-gen
Cybereasonmalicious.27bb54
PandaTrj/Genetic.gen

How to remove Trojan.Win32.VBKrypt.yycx?

Trojan.Win32.VBKrypt.yycx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment