Trojan

Trojan.Win32.Vebzenpak.acgi removal instruction

Malware Removal

The Trojan.Win32.Vebzenpak.acgi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Vebzenpak.acgi virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan.Win32.Vebzenpak.acgi?



File Info:

name: F47CD313AD6A01CAF416.mlw
path: /opt/CAPEv2/storage/binaries/7daa7b47298d765f49f6957a7c127e98fc9622be2115af7a67f51cdb2fb09f7b
crc32: F5D7AA44
md5: f47cd313ad6a01caf416a59b24e9a4d9
sha1: bc7ec678ecf96b42d6042d432b9a9e8cb08ce786
sha256: 7daa7b47298d765f49f6957a7c127e98fc9622be2115af7a67f51cdb2fb09f7b
sha512: d1dda184357a43887a88b1b50b750df54f05335cd5824aa64e18dfc45364f37cf6e28f8bf6dc10ce564d8bf2e743a347850958c03f2f662fc051f71df116005a
ssdeep: 384:9mwoWGx33baMTgtK82W2kDRxL/CWPN0a4cv6pyMAlMpI+Kvi1oUDp75uytp7A91l:9mwq3ba28J2kDiWOnciHAqDKBe75uyI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A25327B2D454A873F6550D76063A127B953BEF2319B0BBEF36887B8E0834F11587E264
sha3_384: ba27f61ad56f7482e20cc2e8147931c01335a7d0ea7b9aaa8b4d8b5fdce96fdfad69108d6d7190f407abe00ffeb971da
ep_bytes: 688caa4000e8eeffffff000000000000
timestamp: 2014-12-25 18:39:10


Version Info:

Translation: 0x0409 0x04b0
LegalCopyright: Capsa ©
LegalTrademarks: Capsa ©
ProductName: Phytolithology
FileVersion: 1.00
ProductVersion: 1.00
InternalName: rubinsteinkager
OriginalFilename: rubinsteinkager.exe

Trojan.Win32.Vebzenpak.acgi also known as:

LionicTrojan.Win32.Vebzenpak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.dm0@ZClbZugi
FireEyeGeneric.mg.f47cd313ad6a01ca
McAfeePWS-FCWC!F47CD313AD6A
CylanceUnsafe
ZillyaTrojan.Injector.Win32.804123
SangforTrojan.Win32.Vebzenpak.acgi
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Vebzenpak.28607356
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.3ad6a0
BitDefenderThetaGen:NN.ZevbaF.34212.dm0@aClbZugi
VirITTrojan.Win32.VBZenPack_Heur
CyrenW32/VBKrypt.APG.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.EOAE
TrendMicro-HouseCallTROJ_GEN.R002C0PB622
Paloaltogeneric.ml
KasperskyTrojan.Win32.Vebzenpak.acgi
BitDefenderGen:Heur.PonyStealer.dm0@ZClbZugi
NANO-AntivirusTrojan.Win32.Vebzenpak.iewifv
AvastWin32:Malware-gen
TencentWin32.Trojan.Vebzenpak.Ecka
Ad-AwareGen:Heur.PonyStealer.dm0@ZClbZugi
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0PB622
McAfee-GW-EditionBehavesLike.Win32.Downloader.kt
EmsisoftGen:Heur.PonyStealer.dm0@ZClbZugi (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.PonyStealer.dm0@ZClbZugi
JiangminTrojan.Vebzenpak.ifa
AviraHEUR/AGEN.1239188
MAXmalware (ai score=87)
GridinsoftRansom.Win32.Wacatac.sa
ZoneAlarmTrojan.Win32.Vebzenpak.acgi
MicrosoftTrojan:Win32/Ymacco.AB1F
CynetMalicious (score: 99)
VBA32BScope.Trojan.Vebzenpak
ALYacGen:Heur.PonyStealer.dm0@ZClbZugi
TACHYONTrojan/W32.VB-Vebzenpak.61440.AC
APEXMalicious
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.Vebzenpak!edpF5bIOE7M
IkarusTrojan.VB.Crypt
FortinetW32/GenKryptik.FGZN!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan.Win32.Vebzenpak.acgi?

Trojan.Win32.Vebzenpak.acgi removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment