Trojan

Trojan:Win32/Vundo!AI (file analysis)

Malware Removal

The Trojan:Win32/Vundo!AI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Vundo!AI virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan:Win32/Vundo!AI?



File Info:

name: 47FC8F12F51A89E95B7D.mlw
path: /opt/CAPEv2/storage/binaries/cc1aeda286739f6b30469d64efae79174456c38c413923605ee2b28b8cddbb6d
crc32: FF18559D
md5: 47fc8f12f51a89e95b7de4a4f96e5f15
sha1: 85584e932918317455d27d2b97c7e14ac9f62b5f
sha256: cc1aeda286739f6b30469d64efae79174456c38c413923605ee2b28b8cddbb6d
sha512: f41d63a932d17fe92d79d3071091f5d598e53231ba983acb6d99bb2cf03d6806cb06a445de354983d36b46af37c35ecbdf1cc9653c59c0c69463b501c8416c8b
ssdeep: 1536:Nt6RhwErpPRQm+spcBkeouPp7JLKH8FGTLAhWHcQLZBD3tZi4T:NQTr/2oWJPMTLtH7/D9BT
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1AA93BE13C29C13DFE775C438BD3222F0258E0E4E59627E6F7A51E4AD34C2E859B9DA18
sha3_384: 7db53580f5faa91116dfd6e68f771d785d71bcbe0ec67465615a235a01aaeaa5d6fed384c3dbbbb9a85ecec3830eab8d
ep_bytes: 56befc4e011080ae5dfeffffd85eeb29
timestamp: 2003-06-20 02:43:40


Version Info:

CompanyName: ESET
FileDescription: Eset Hooks DLL
FileVersion: 3.0.566 
InternalName: eplgHooks.dll
LegalCopyright: Copyright (c) Eset 1992 - 2007. All rights reserved.
LegalTrademarks: NOD, NOD32, AMON, ESET are registered trademarks of ESET.
OriginalFilename: eplgHooks.dll
ProductName: Eset Smart Security
ProductVersion: 3.0.566 
Translation: 0x0409 0x04e4

Trojan:Win32/Vundo!AI also known as:

BkavW32.AIDetectMalware
AVGWin32:Vupa [Cryp]
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.fy9@IOyfGVe
FireEyeGeneric.mg.47fc8f12f51a89e9
SkyhighBehavesLike.Win32.Vundo.nc
McAfeeVundo.gen.q
Cylanceunsafe
VIPREGen:Trojan.Heur.fy9@IOyfGVe
SangforAdware.Win32.Vundo.Vmef
AlibabaAdWare:Win32/Virtumonde.95ececa6
BitDefenderThetaAI:Packer.7FE1D3BA1B
VirITTrojan.Win32.Vundo.FE
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Adware.Virtumonde.NDN
CynetMalicious (score: 100)
APEXMalicious
KasperskyTrojan.Win32.Agent.bbvs
BitDefenderGen:Trojan.Heur.fy9@IOyfGVe
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:Vupa [Cryp]
TencentTrojan.Win32.Agent.hfc
EmsisoftGen:Trojan.Heur.fy9@IOyfGVe (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.Packed.196
SophosTroj/Virtum-Gen
IkarusTrojan.Win32.Injector
JiangminTrojan/Vundo.fdg
VaristW32/Vundo.A!Generic
AviraTR/Crypt.XPACK.Gen
Antiy-AVLGrayWare[AdWare]/Win32.Virtumonde
Kingsoftmalware.kb.a.999
MicrosoftTrojan:Win32/Vundo.gen!AI
XcitiumTrojWare.Win32.PkdMonder.GEN@1lhswy
ArcabitTrojan.Heur.EB4D9D
ZoneAlarmTrojan.Win32.Agent.bbvs
GDataGen:Trojan.Heur.fy9@IOyfGVe
GoogleDetected
AhnLab-V3Trojan/Win32.Vundo.R2902
VBA32TScope.Malware-Cryptor.SB
ALYacGen:Trojan.Heur.fy9@IOyfGVe
MAXmalware (ai score=83)
MalwarebytesMalware.AI.2927275936
PandaTrj/Genetic.gen
RisingTrojan.Win32.VUNDO.bzl (CLASSIC)
YandexTrojan.GenAsa!ORxxHCoAn2c
SentinelOneStatic AI – Malicious PE
FortinetAdware/VirtuMonde
DeepInstinctMALICIOUS
alibabacloudTrojan.Win.UnkAgent

How to remove Trojan:Win32/Vundo!AI?

Trojan:Win32/Vundo!AI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment