Trojan

Trojan.Win32.VBKrypt.yyyq (file analysis)

Malware Removal

The Trojan.Win32.VBKrypt.yyyq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.VBKrypt.yyyq virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • A script process created a new process
  • Anomalous binary characteristics

How to determine Trojan.Win32.VBKrypt.yyyq?



File Info:

name: F35F5A54FC8D8C6F4C68.mlw
path: /opt/CAPEv2/storage/binaries/92443b00c2e8ed22c75bd09b73bf25e9fcd02f0460dcb0f3a9a84ca5e0e4e9ca
crc32: 294E0F72
md5: f35f5a54fc8d8c6f4c689a30abeab9e0
sha1: 6151135efe0a83e7df0351c97b8f72bd12737707
sha256: 92443b00c2e8ed22c75bd09b73bf25e9fcd02f0460dcb0f3a9a84ca5e0e4e9ca
sha512: f7e94577e9688268a5b122b2c0731502f472bee46fd29be3a274337e9588da253a2a21deb03cce9b249cfcab4a0f17c5e2a7722b05d8d73e4da48855d0b2264b
ssdeep: 3072:v35cx43IxDe471h5nApYaQnc/aUXw4c/FKUdE1hv7QTFzSLB2gbtLn1NOdk8QYmB:v3OKI9eY1DnATQ7GEKUdSgzjgbZnXOw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18094F1305EA23654D7D1DE78493FC49CFE273D3C88460EF917AA3E14AAFB6405B26258
sha3_384: 78c57247895f8a195d43bc95610c1797d9d891ca113dce782426ab7c76c389f052b12a0b8dd07c9aa683ccc8327c593c
ep_bytes: 6820144000e8f0ffffff000000000000
timestamp: 2018-01-29 23:36:49


Version Info:

Translation: 0x0409 0x04b0
CompanyName: s-ype
FileDescription: fOOBar3000.ORg
ProductName: Spicevpn.COm
FileVersion: 1.05
ProductVersion: 1.05
InternalName: Futilities5
OriginalFilename: Futilities5.exe

Trojan.Win32.VBKrypt.yyyq also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.VBKrypt.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.zm0@cepyLoji
FireEyeGeneric.mg.f35f5a54fc8d8c6f
McAfeeGuLoader-FDDT!F35F5A54FC8D
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005255d61 )
AlibabaTrojan:Win32/VBKrypt.772cb536
K7GWTrojan ( 005255d61 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.VBZenPack_Heur
CyrenW32/Trojan.BEG.gen!Eldorado
SymantecPacked.Generic.519
ESET-NOD32a variant of Win32/Injector.DVLL
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Packed.Formbook-9917820-0
KasperskyTrojan.Win32.VBKrypt.yyyq
BitDefenderGen:Heur.PonyStealer.zm0@cepyLoji
NANO-AntivirusTrojan.Win32.Mlw.exmitx
TencentMalware.Win32.Gencirc.10cfbbba
Ad-AwareGen:Heur.PonyStealer.zm0@cepyLoji
EmsisoftGen:Heur.PonyStealer.zm0@cepyLoji (B)
DrWebTrojan.VbCrypt.150
ZillyaTrojan.Injector.Win32.1321591
TrendMicroTSPY_HPFAREIT.SMVB
McAfee-GW-EditionBehavesLike.Win32.Fareit.gm
SophosMal/Generic-R + Mal/FareitVB-M
GDataGen:Heur.PonyStealer.zm0@cepyLoji
JiangminTrojan.VBKrypt.ewrp
eGambitUnsafe.AI_Score_100%
AviraHEUR/AGEN.1109921
Antiy-AVLTrojan/Generic.ASMalwS.2464DCB
ArcabitTrojan.PonyStealer.ECFA30
ViRobotTrojan.Win32.Z.Vbkrypt.413696.BH
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrypt.RP02.X1828
BitDefenderThetaGen:NN.ZevbaF.34114.zm0@aepyLoji
ALYacGen:Heur.PonyStealer.zm0@cepyLoji
MAXmalware (ai score=88)
VBA32BScope.TrojanSpy.Noon
MalwarebytesSpyware.LokiBot
TrendMicro-HouseCallTSPY_HPFAREIT.SMVB
RisingTrojan.Dynamer!8.3A0 (CLOUD)
YandexTrojan.VBKrypt!WXvtdgY86rM
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.DWMX!tr
AVGWin32:Malware-gen
Cybereasonmalicious.4fc8d8
PandaTrj/GdSda.A

How to remove Trojan.Win32.VBKrypt.yyyq?

Trojan.Win32.VBKrypt.yyyq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment