Categories: Malware

What is “VirTool:Win32/Vbcrypt”?

The VirTool:Win32/Vbcrypt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What VirTool:Win32/Vbcrypt virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Attempts to modify browser security settings
Attempts to disable UAC

How to determine VirTool:Win32/Vbcrypt?


File Info:
crc32: 3DE661F6md5: f7623aa3eb4e7cc718ec138d75daee37name: F7623AA3EB4E7CC718EC138D75DAEE37.mlwsha1: d78eaf67413ad7579fe618bbdc96cfb892c416f5sha256: fd940553f6d603b6e083f6b7d8dc4432d39d96ae58c3d03d685fc90178e8dd36sha512: e194bf8980f2a2664ef4e6b37386fa0ac4b8977003881b0dbf8adc0c8ccdc498c42384a5acd8286779e04af07e817890728af9949bd8859db66f491676a28c06ssdeep: 384:/TQ0yIk9m7S7TBzLOrQC0/xbdAfayH/dEU4:/JyIu/7Torn4pKiyfqUtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
Translation: 0x0409 0x04b0LegalCopyright: haoaKMjojInternalName: yfdkcljglFileVersion: 2.40.0097CompanyName: haoaKMjojLegalTrademarks: haoaKMjojProductName: wtgUwxVLHZXPProductVersion: 2.40.0097FileDescription: boOpJSNDCAmOriginalFilename: yfdkcljgl.exe

VirTool:Win32/Vbcrypt also known as:

DrWeb	Worm.Siggen.5400
MicroWorld-eScan	Gen:Variant.Razy.830603
FireEye	Gen:Variant.Razy.830603
CAT-QuickHeal	Trojan.Graftor
ALYac	Gen:Variant.Razy.830603
Cylance	Unsafe
VIPRE	LooksLike.Win32.Malware!vb (v)
Sangfor	Hacktool.Win32.Vbcrypt.mt
K7AntiVirus	NetWorm ( 700000151 )
BitDefender	Gen:Variant.Razy.830603
K7GW	NetWorm ( 700000151 )
Cybereason	malicious.3eb4e7
BitDefenderTheta	AI:Packer.A76699B520
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	FileRepMetagen [Spy]
Kaspersky	Trojan.Win32.VB.cfpo
Alibaba	TrojanSpy:Win32/Vbcrypt.9d5496a0
NANO-Antivirus	Trojan.Win32.TrjGen.hpvgn
Rising	Spyware.Bancos!8.2F8 (CLOUD)
Ad-Aware	Gen:Variant.Razy.830603
Sophos	Mal/Generic-L
Comodo	Malware@#2x4wkpb3i5yov
F-Secure	Trojan.TR/Dropper.VB.Gen
Zillya	Trojan.VB.Win32.116193
TrendMicro	TSPY_BANCOS.BGJ
McAfee-GW-Edition	BehavesLike.Win32.YahLover.lh
Emsisoft	Gen:Variant.Razy.830603 (B)
Jiangmin	Trojan.VB.ypx
Webroot	W32.Malware.Gen
Avira	TR/Dropper.VB.Gen
MAX	malware (ai score=85)
Microsoft	VirTool:Win32/Vbcrypt
Gridinsoft	Trojan.Win32.Downloader.oa
Arcabit	Trojan.Razy.DCAC8B
ZoneAlarm	Trojan.Win32.VB.cfpo
GData	Gen:Variant.Razy.830603
Cynet	Malicious (score: 85)
AhnLab-V3	Backdoor/Win32.Ciadoor.R64042
McAfee	Artemis!F7623AA3EB4E
VBA32	BScope.TrojanDownloader.VB
Malwarebytes	Malware.Heuristic.1003
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Spy.Bancos.OIX
TrendMicro-HouseCall	TSPY_BANCOS.BGJ
Tencent	Win32.Trojan.Vb.Eddi
Yandex	TrojanSpy.Bancos!cRbcEJY0n7k
Ikarus	Trojan.SuspectCRC
MaxSecure	Trojan.Malware.300983.susgen
AVG	FileRepMetagen [Spy]
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	HEUR/Malware.QVM11.Gen