Virus

Virus.Win32.VB.gp (file analysis)

Malware Removal

The Virus.Win32.VB.gp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus.Win32.VB.gp virus can do?

  • Sample contains Overlay data
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Virus.Win32.VB.gp?



File Info:

name: 1299D99629C39F52D052.mlw
path: /opt/CAPEv2/storage/binaries/4a23518efd051aab6c8fc223c1248116468f458ccf4fa08a94bda028a6ba0d39
crc32: 18FE2DFB
md5: 1299d99629c39f52d05268eeea7d478e
sha1: 9f869ffff24bc5662191179e73976c5b5986e3e7
sha256: 4a23518efd051aab6c8fc223c1248116468f458ccf4fa08a94bda028a6ba0d39
sha512: cee4517a23ecadd1061e22f3d589b4f62189d7582f408c769bb95932b2722a51d433ad969d1765a0979296e17846b73f028f7198dfbccb6e25eda7ba078e8d78
ssdeep: 12288:6chZG6JkGMQdgchZG6JkGMVchZG6JH6HTr6lfr:jZZJkLQ1ZZJkLAZZJWWlz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18615C64A5246047FE8607A70846E6B0406617FBC2E73D76ABE04B507FA727C3A53377A
sha3_384: 116577e741b0fa2b631b137fdc68cf4bac7a46e583dc19b6619ca80ab27bcb3d992751d82e069661095d5e6708e17283
ep_bytes: 60be00c040008dbe0050ffff5783cdff
timestamp: 2007-09-07 11:28:55


Version Info:

Translation: 0x0804 0x04b0
Comments: Microsoft Firewall Installer 12th Edition
CompanyName: XC Microsoft
FileDescription: Microsoft Firewall Installer - Protect all of your files
LegalCopyright: Microsoft (C) 2007 , All rights reserved.
LegalTrademarks: Microsoft Firewall Installer
ProductName: Microsoft Firewall Installer
FileVersion: 1.01.0013
ProductVersion: 1.01.0013
InternalName: Firewall
OriginalFilename: Firewall.exe

Virus.Win32.VB.gp also known as:

LionicVirus.Win32.VB.lPRX
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.GenericKDZ.95034
ClamAVWin.Malware.Score-6789632-0
FireEyeTrojan.GenericKDZ.95034
CAT-QuickHealW32.VBVindor.V3
ALYacTrojan.GenericKDZ.95034
Cylanceunsafe
VIPRETrojan.GenericKDZ.95034
SangforSuspicious.Win32.Save.ins
AlibabaTrojan:Win32/Vindor.4c47
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Trojan.VB.t
VirITWorm.Win32.VB.DDH
CyrenW32/Trojan.CQF.gen!Eldorado
SymantecW32.Pajetbin
tehtrisGeneric.Malware
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyVirus.Win32.VB.gp
BitDefenderTrojan.GenericKDZ.95034
NANO-AntivirusTrojan.Win32.VB.tole
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
AvastWin32:CripUnp [Susp]
TencentTrojan.Win32.Agent.bt
SophosW32/VB-DYT
DrWebWin32.HLLP.Woner
ZillyaVirus.VB.Win32.185
TrendMicroTROJ_VB.BJR
McAfee-GW-EditionBehavesLike.Win32.Dropper.ch
EmsisoftTrojan.GenericKDZ.95034 (B)
IkarusVirus.Win32.VB.gp
GDataTrojan.GenericKDZ.95034
JiangminVirus.VB.n
AviraTR/Small.21504.B
MAXmalware (ai score=82)
Antiy-AVLVirus/Win32.VB.gp
XcitiumVirus.Win32.VB.ei@3l1r83
ArcabitTrojan.Generic.D1733A
ViRobotTrojan.Win32.VB.253494
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Xema.C5935
Acronissuspicious
McAfeeMultiDropper-SG.gen.a
TACHYONBanker/W32.Banbra.Gen
MalwarebytesVB.Trojan.Generic.DDS
TrendMicro-HouseCallTROJ_VB.BJR
YandexTrojan.VB!fJOJNyBDtpU
SentinelOneStatic AI – Malicious PE
MaxSecureVirus.W32.VB.GP
FortinetW32/MalformedType.PE!dam
AVGWin32:CripUnp [Susp]
Cybereasonmalicious.ff24bc
PandaW32/VB.ABL

How to remove Virus.Win32.VB.gp?

Virus.Win32.VB.gp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment