Virus.Win32.VB.mz (file analysis)

Malware Removal

The Virus.Win32.VB.mz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Virus.Win32.VB.mz virus can do?

  • Executable code extraction
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Virus.Win32.VB.mz?


File Info:

crc32: E7A20AB6
md5: 8ab46323cc2a9c8b438e24b80c19d7e6
name: mapper.exe
sha1: 6ac89c0ae3bb5a984b725958836ad92d496edae1
sha256: 98b3a7dac4883ad1337721bb5a6e6f77aa0e7c1a1da2c5c3e22ba6c08922d26c
sha512: dc6e9b0e27a00f15e9bfc635d42ebbcffd473ec04c4de832aa75f39c6fdfb720992e8165b5007313e4916a89c101dd205f249e660821920724176a124c424be1
ssdeep: 98304:Nm+BR8fD4d0A2xXxy/lGobJwbLlqxhwvnUDo2KQu4v1zAzNlbk:NpoDtXx6Jwb5COnU0Q/vGzU
type: MS-DOS executable, MZ for MS-DOS

Version Info:

Translation: 0x0409 0x04b0
ProductVersion: 1.00
InternalName: TJprojMain
FileVersion: 1.00
OriginalFilename: TJprojMain.exe
ProductName: Project1

Virus.Win32.VB.mz also known as:

BkavW32.WatermarkHQc.PE
MicroWorld-eScanTrojan.GenericKD.30681149
FireEyeGeneric.mg.8ab46323cc2a9c8b
CAT-QuickHealW32.Mofksys.A4
McAfeeW32/Swisyn.b
MalwarebytesTrojan.Dropper
VIPRETrojan.Win32.Agent.abzf (v)
SangforMalware
K7AntiVirusP2PWorm ( 00526bf61 )
BitDefenderTrojan.GenericKD.30681149
K7GWP2PWorm ( 00526bf61 )
Cybereasonmalicious.3cc2a9
Invinceaheuristic
BitDefenderThetaGen:NN.ZevbaF.34130.@p3@aqHCogni
F-ProtW32/Trojan2.PWYM
SymantecW32.Gosys
ESET-NOD32Win32/VB.OOF
BaiduWin32.Worm.VB.b
APEXMalicious
AvastWin64:Trojan-gen
ClamAVWin.Trojan.VBGeneric-6735875-0
GDataTrojan.GenericKD.30681149
KasperskyVirus.Win32.VB.mz
AlibabaVirus:Win32/Mofksys.ccc72d85
NANO-AntivirusTrojan.Win32.Swisyn.flhacn
AegisLabTrojan.Win32.Agent.tnrh
RisingTrojan.Agent!1.6A70 (CLOUD)
Endgamemalicious (high confidence)
EmsisoftTrojan.GenericKD.30681149 (B)
ComodoTrojWare.Win32.VB.QOTY@4qfd0g
F-SecureWorm.WORM/Mofksys.bouem
DrWebWin32.HLLP.Swisyn
ZillyaVirus.HLLP.Win32.1
TrendMicroPE_SWISB.A
Trapminemalicious.high.ml.score
SophosTroj/Agent-ABZF
IkarusWorm.Mofksys
CyrenW32/Trojan.UEJO-9077
JiangminTrojan/Agent.hxgb
MaxSecureVirus.W32.Agent.xjgj
AviraWORM/Mofksys.bouem
MAXmalware (ai score=84)
Antiy-AVLTrojan/Win32.Agent
MicrosoftWorm:Win32/Mofksys.R!MTB
ArcabitTrojan.Generic.D1D4283D
AhnLab-V3Worm/Win32.Mofksys.R198176
ZoneAlarmVirus.Win32.VB.mz
CynetMalicious (score: 100)
TotalDefenseWin32/Tnega.SHMfXW
Acronissuspicious
VBA32TScope.Trojan.VB
ALYacTrojan.GenericKD.30681149
Ad-AwareTrojan.GenericKD.30681149
CylanceUnsafe
PandaTrj/Spy.AT
ZonerTrojan.Win32.88925
TrendMicro-HouseCallPE_SWISB.A
TencentMalware.Win32.Gencirc.10b08f85
YandexTrojan.Agent!UzORkEWgCoA
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/VB.QCC!tr.dldr
WebrootW32.Malware.Gen
AVGWin64:Trojan-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.200

How to remove Virus.Win32.VB.mz?

Virus.Win32.VB.mz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment