Trojan

Trojan:Win32/VB.YT malicious file

Malware Removal

The Trojan:Win32/VB.YT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/VB.YT virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the shellcode get eip malware family
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/VB.YT?



File Info:

name: 11278124B51DD2657EC5.mlw
path: /opt/CAPEv2/storage/binaries/bbc732eaf60f879ecebff918e2205fc257721870243c5a2eb173581b2c5d8aca
crc32: E4C0F5DF
md5: 11278124b51dd2657ec5d4f87368f36c
sha1: 71c5decea675a82f6bba8ef8203dd4e753a96e59
sha256: bbc732eaf60f879ecebff918e2205fc257721870243c5a2eb173581b2c5d8aca
sha512: 37e40239d94a3678eddb69126d67d844423fa895e95e9b27fc3c98b7719a436039f3f419ddc60c6a493bd670d6baf95236b7ca190917cbc46316b889af077e84
ssdeep: 3072:Z9N4C8BOH2khWsGSn6C80vzOTtmgAHqAEYsZvp:5ZWkhWdS6C3vzNg9YsZx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T144E39D13AB589032E01BC5B26859D3AF253A7C7314119C13B647AB193AB55A7FCF132F
sha3_384: 455df38aef2cf36fe406406b3e135fe4486913664e40fd9c52f29a84ca170c7a8b60ffcfe32b366d77e8a4831b7b983d
ep_bytes: 6050565251f7d8f6d36868194000e8ee
timestamp: 2009-02-10 15:22:39


Version Info:

Translation: 0x0409 0x04b0
Comments: FSADX
LegalCopyright: FSADX
LegalTrademarks: FSADX
ProductName: FSADX
FileVersion: 5.02.0070
ProductVersion: 5.02.0070
InternalName: xxxxPubStubxxxx
OriginalFilename: xxxxPubStubxxxx.exe

Trojan:Win32/VB.YT also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Poison.m!c
AVGWin32:Poison-OJ [Trj]
DrWebBackDoor.Poison.2542
MicroWorld-eScanGen:Trojan.Heur.VB.jm2@e4hQMTci
SkyhighBehavesLike.Win32.VBObfus.cc
McAfeeGeneric VB.ah
MalwarebytesMalware.AI.2272214185
VIPREGen:Trojan.Heur.VB.jm2@e4hQMTci
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055e3f01 )
AlibabaWorm:Win32/Bifrose.36057d6e
K7GWTrojan ( 0055e3f01 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.9F2F102A1F
VirITTrojan.Win32.Agent.AZDR
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Bifrose.NFJ
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Poison-9834017-0
KasperskyWorm.Win32.WBNA.roc
BitDefenderGen:Trojan.Heur.VB.jm2@e4hQMTci
NANO-AntivirusTrojan.Win32.VB.nkfn
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastWin32:Poison-OJ [Trj]
TencentMalware.Win32.Gencirc.114af462
EmsisoftGen:Trojan.Heur.VB.jm2@e4hQMTci (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen3
ZillyaBackdoor.Poison.Win32.3250
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.11278124b51dd265
SophosMal/VB-ABHH
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/PoisonIvy.eai
VaristW32/Backdoor.RXKA-1283
AviraTR/Crypt.XPACK.Gen3
MAXmalware (ai score=99)
Antiy-AVLWorm/Win32.WBNA
Kingsoftmalware.kb.a.1000
MicrosoftTrojan:Win32/VB.YT
XcitiumTrojWare.Win32.Spy.Zbot.ACF@1rw8rb
ArcabitTrojan.Heur.VB.E4BC2E
ViRobotBackdoor.Win32.Poison.122880.D
ZoneAlarmWorm.Win32.WBNA.roc
GDataGen:Trojan.Heur.VB.jm2@e4hQMTci
GoogleDetected
AhnLab-V3Trojan/Win32.Poison.R47293
Acronissuspicious
VBA32BScope.Trojan.VBKrypt
ALYacGen:Trojan.Heur.VB.jm2@e4hQMTci
Cylanceunsafe
PandaGeneric Malware
RisingTrojan.Win32.VBCode.hp (CLASSIC)
YandexBackdoor.Poison!S1doUhpjp3s
IkarusVirTool.Win32.VBInject
FortinetW32/Generic.AC.21B08A!tr
Cybereasonmalicious.4b51dd
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Injector.CLK

How to remove Trojan:Win32/VB.YT?

Trojan:Win32/VB.YT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment