Trojan

Trojan.Win32.VBKrypt.zeve removal guide

Malware Removal

The Trojan.Win32.VBKrypt.zeve is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.VBKrypt.zeve virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Trojan.Win32.VBKrypt.zeve?



File Info:

name: 0EC0CDD7891F7F0982D4.mlw
path: /opt/CAPEv2/storage/binaries/cd8a4e6d3f2e74b39efd7f0a2cccd20a708f307a9ff784fecbbb1cac9225f07d
crc32: EEFF1321
md5: 0ec0cdd7891f7f0982d49e65f5c99437
sha1: 8ee48ec7f99c9dc637eb5453a3cde6571da0f01d
sha256: cd8a4e6d3f2e74b39efd7f0a2cccd20a708f307a9ff784fecbbb1cac9225f07d
sha512: 719436dc7965e41d2265b572240ce5d123ef75dbfb32e2bac17adb37bf6338d739c9df2f8e2e9bc9a0678bead839928a684a12228156e2e7f96191d63dcd38b3
ssdeep: 3072:g5k1MrTHP3s+NxishmuiOzhc2at0bu2L7AJDoHn9Si9pi99NT7Y6AQdOaF:9MfHP8+O6zPat0bB4JDoH9Zo99NT7Ka
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FF448E2A703A7FD6ED12D3384582255D354F3DDC822383016E2BBD9EC67A5C92A59B0F
sha3_384: a93950817da5385c243718e6a33dc1315e0cc0c926ecf9085f3fc99868bb61c7a08c2841ae4455a81a34ccdabbf550cc
ep_bytes: 6824134000e8f0ffffff000000000000
timestamp: 2017-08-24 09:21:05


Version Info:

Translation: 0x0409 0x04b0
CompanyName: aSRock
ProductName: Affectedly8
FileVersion: 3.00
ProductVersion: 3.00
InternalName: Monoeidic2
OriginalFilename: Monoeidic2.exe

Trojan.Win32.VBKrypt.zeve also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.VBKrypt.4!c
Elasticmalicious (high confidence)
DrWebBackDoor.Bladabindi.1702
MicroWorld-eScanGen:Heur.PonyStealer.pm0@cmqLkali
FireEyeGeneric.mg.0ec0cdd7891f7f09
ALYacGen:Heur.PonyStealer.pm0@cmqLkali
MalwarebytesMalware.AI.1456638153
ZillyaTrojan.VBKrypt.Win32.305692
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005150361 )
AlibabaTrojan:Win32/VBKrypt.568bcf99
K7GWTrojan ( 005150361 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZevbaF.34084.pm0@amqLkali
CyrenW32/VBInject.LL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.EWQP
TrendMicro-HouseCallBKDR_TOFSEE.SMF
Paloaltogeneric.ml
ClamAVWin.Trojan.Ponystealer-6812876-0
KasperskyTrojan.Win32.VBKrypt.zeve
BitDefenderGen:Heur.PonyStealer.pm0@cmqLkali
NANO-AntivirusTrojan.Win32.VBKrypt.eyxkdd
AvastWin32:Malware-gen
RisingTrojan.Injector!1.B459 (CLASSIC)
Ad-AwareGen:Heur.PonyStealer.pm0@cmqLkali
SophosMal/Generic-R + Mal/FareitVB-M
TrendMicroBKDR_TOFSEE.SMF
McAfee-GW-EditionBehavesLike.Win32.VBObfus.dc
EmsisoftGen:Heur.PonyStealer.pm0@cmqLkali (B)
IkarusTrojan.Win32.Crypt
JiangminTrojan.VBKrypt.euir
MaxSecureTrojan.Malware.300983.susgen
AviraHEUR/AGEN.1126331
Antiy-AVLTrojan/Generic.ASMalwS.24FF62B
GridinsoftRansom.Win32.Bladabindi.sa
MicrosoftVirTool:Win32/VBInject.OX!bit
GDataGen:Heur.PonyStealer.pm0@cmqLkali
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.VBKrypt.C2086741
McAfeePacked-PW!0EC0CDD7891F
MAXmalware (ai score=88)
VBA32BScope.Trojan.VBKrypt
APEXMalicious
TencentMalware.Win32.Gencirc.10cf976b
YandexTrojan.VBKrypt!fNGAqT1wqSk
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/FareitVB.KAD!tr
AVGWin32:Malware-gen
Cybereasonmalicious.7891f7
PandaTrj/GdSda.A

How to remove Trojan.Win32.VBKrypt.zeve?

Trojan.Win32.VBKrypt.zeve removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment