Malware

VBKrypt.79 removal tips

Malware Removal

The VBKrypt.79 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VBKrypt.79 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine VBKrypt.79?



File Info:

name: 2D62A0421544C60FA04D.mlw
path: /opt/CAPEv2/storage/binaries/04c6e5282ba53c1c0c48e3c10e1d25d5c6c4ba89d4336e1a9c997ee2b97aa03e
crc32: 2D9FCA05
md5: 2d62a0421544c60fa04dfcb3792d5434
sha1: 7fad3a4cc0cc1b28e3a3be62f111c4abd5bc1360
sha256: 04c6e5282ba53c1c0c48e3c10e1d25d5c6c4ba89d4336e1a9c997ee2b97aa03e
sha512: 3cd5c5083ce1e63a4bbce99c0152bc81a3352ab0e0aeaac075e97f09a5535b8187a1abac082d6b4079b2bdc39ce787420ce11484e200540673f08383a854016c
ssdeep: 96:l9M3uTM2eL/SgoiMM2WUp02cFcE2MYlnlYJnLLPL0KffLTeav1VRXmm5FQ9h9L5Z:l9M30u0bECVVnlYJLLLTTxPQjb+uD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F4F11A6A63F90327C6BE07324DE36A432B71EA05DF67AB6F20C493274D934054662B33
sha3_384: 8746564e6bb87efde735be8f79828c607a44d017095f50648a5d8862178687b3649ec96191786904408af7997353f2cd
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-04-10 14:06:13


Version Info:

Translation: 0x0000 0x04b0
CompanyName: sWfhaRClg
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Da Vinci Demons.exe
LegalCopyright:  
OriginalFilename: Da Vinci Demons.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

VBKrypt.79 also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.VBKrypt.79
FireEyeGeneric.mg.2d62a0421544c60f
McAfeeGenericRXCE-UU!2D62A0421544
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00577a651 )
K7GWTrojan ( 00577a651 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.Starter.LIZ
CyrenW32/S-8dd3387e!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Starter.FD
APEXMalicious
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderGen:Variant.VBKrypt.79
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.Msil.Agent.zaz
Ad-AwareGen:Variant.VBKrypt.79
TACHYONTrojan/W32.DN-Starter.7680.I
EmsisoftGen:Variant.VBKrypt.79 (B)
ComodoTrojWare.MSIL.Starter.BKP@7ewwu8
DrWebTrojan.Starter.7669
VIPREGen:Variant.VBKrypt.79
TrendMicroTrojan.MSIL.STARTER.SMLV
McAfee-GW-EditionBehavesLike.Win32.Generic.zt
Trapminemalicious.moderate.ml.score
SophosML/PE-A + Troj/MSIL-LIX
SentinelOneStatic AI – Malicious PE
GDataMSIL.Trojan.PSE.13060VR
WebrootTrojan.Dropper.Gen
AviraHEUR/AGEN.1221791
ArcabitTrojan.VBKrypt.79
ZoneAlarmHEUR:Trojan.Win32.Agent.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.C3548991
Acronissuspicious
BitDefenderThetaGen:NN.ZemsilF.34786.am0@aWQ5Bjn
ALYacGen:Variant.VBKrypt.79
MAXmalware (ai score=84)
VBA32Trojan.Hesv
MalwarebytesTrojan.Starter.MSIL.Generic
TrendMicro-HouseCallTrojan.MSIL.STARTER.SMLV
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:95BHwSRitwPFVJruEVaSdg)
IkarusTrojan.MSIL.Starter
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Starter.BK!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.21544c
PandaTrj/CI.A

How to remove VBKrypt.79?

VBKrypt.79 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment