Categories: Trojan

VB:Trojan.Valyria.1259 removal tips

The VB:Trojan.Valyria.1259 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What VB:Trojan.Valyria.1259 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (1 unique times)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Created a process from a suspicious location

How to determine VB:Trojan.Valyria.1259?


File Info:
name: 036EAB5F59C9CA9FF21C.mlwpath: /opt/CAPEv2/storage/binaries/249a6d1175d78b7def4a63b2d9286d81fc9efeb64a4b972d7bbada43aa89167acrc32: 92CD4AAFmd5: 036eab5f59c9ca9ff21c3c357599a330sha1: 494c26eefd08d1e507d2a36a15040b351570bc42sha256: 249a6d1175d78b7def4a63b2d9286d81fc9efeb64a4b972d7bbada43aa89167asha512: 8cecddbe3d61eb58748d94a6c82d92ea16bcb93d15176aa8c16bad0d701340af3bde665dd6082b2a3ff2f9956bf9d6e5d5ac48ee07bd40953915e1f9ec6272d1ssdeep: 98304:7gu50nF/fS2Kqn4CnLEslfYexusOK8gyo4vSM:7CV2G4CnLE27ue8Fo46Mtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T162665A27E2A340ADC26AC170476B9373B931FC191530B96F7698FB352F31EA0566DB24sha3_384: a49c4406d3591c4e44513e9e49f6035ce7f8515cd8507b24b8ea6db4e133650dd5fcfa2bc6044d2fe84f1dd77a21c181ep_bytes: 558bec6aff68702aa80068ec624b0064timestamp: 2021-11-19 13:44:36
Version Info:
FileVersion: 1.0.0.0FileDescription: 数码小站ProductName: 数码小站ProductVersion: 1.0.0.0CompanyName: 百度LegalCopyright: 百度 版权所有Comments: 本程序使用易语言编写(http://www.eyuyan.com)Translation: 0x0804 0x04b0

VB:Trojan.Valyria.1259 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	BackDoor.Optix.567
MicroWorld-eScan	Trojan.GenericKD.37940051
CAT-QuickHeal	Trojan.Agentb
ALYac	VB:Trojan.Valyria.1259
Malwarebytes	Trojan.MalPack.FlyStudio
Zillya	Trojan.GenericKD.Win32.56510
K7AntiVirus	Trojan ( 005246d51 )
K7GW	Trojan ( 005246d51 )
Cybereason	malicious.f59c9c
BitDefenderTheta	Gen:NN.ZexaF.34062.@t3@aGb4Dkib
Cyren	W32/Agent.EW.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEX	Malicious
ClamAV	Xls.Dropper.Agent-7382066-0
BitDefender	Trojan.GenericKD.37940051
NANO-Antivirus	Trojan.Win32.Optix.fbquhj
Avast	Other:Malware-gen [Trj]
Sophos	Troj/DocDl-JJH
Comodo	Worm.Win32.Dropper.RA@1qraug
F-Secure	Trojan:W97M/MaliciousMacro.GEN
McAfee-GW-Edition	BehavesLike.Win32.Generic.vh
FireEye	Generic.mg.036eab5f59c9ca9f
Emsisoft	Trojan.GenericKD.37940051 (B)
SentinelOne	Static AI – Malicious PE
GData	Win32.Application.PUPStudio.A
Avira	WORM/Dldr.Agent.gqrxn
Antiy-AVL	Trojan/Generic.ASMacro.5657
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Arcabit	Trojan.Generic.D242EB53
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	RDN/Generic Downloader.x
MAX	malware (ai score=85)
VBA32	Backdoor.Optix
Cylance	Unsafe
Rising	Malware.Heuristic!ET#99% (RDMK:cmRtazoXSkvdUrlS+LkEleS1744+)
Ikarus	Trojan-Downloader.VBA.Agent
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/CoinMiner.65CA!tr
AVG	Other:Malware-gen [Trj]