Virus

Virus:Win32/VB.DE malicious file

Malware Removal

The Virus:Win32/VB.DE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/VB.DE virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Anomalous binary characteristics

How to determine Virus:Win32/VB.DE?



File Info:

name: 2125703129D6E8AE2467.mlw
path: /opt/CAPEv2/storage/binaries/8608aec7a3b1760f8a636eb436ad42ad7584b58052327b63f16f2f869225f3ef
crc32: F9F518CE
md5: 2125703129d6e8ae24672dac964e2de3
sha1: cf233feecd27fd3d64538eee2c02efc1fb254dc6
sha256: 8608aec7a3b1760f8a636eb436ad42ad7584b58052327b63f16f2f869225f3ef
sha512: 945c81103a4c75b43b8df9572b33ea6306845e8b87f5d289d0b9c1ff44aa551f05dfb4da9cd75c8471a1e27083d806d4829a11e336ebf13b02c5e0de54a99159
ssdeep: 12288:/cVOjcZciUjD5BTP73UTDEzP7bcVOjcccVOjcZciUjD5BTP73UTDEzP7L:/cVOjcZwDnPcVOjcccVOjcZwDn3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T188D46C02AB9090B6F56446703837876E2A31BC25C5839E4B23917FDD7FF1682A87573B
sha3_384: 83c26d770899158f4f7abff0e22897af856fa05172d58bb88d2a6f441dcedc0dd9d61d40f4f689d62bf2da609c6b5930
ep_bytes: 68908f4000e8f0ffffff000000000000
timestamp: 2008-06-02 13:39:06


Version Info:

Translation: 0x0804 0x04b0
CompanyName: 2146
ProductName:  
FileVersion: 1.00
ProductVersion: 1.00
InternalName: avp
OriginalFilename: avp.exe

Virus:Win32/VB.DE also known as:

LionicVirus.Win32.VB.lhVA
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Johnnie.193535
FireEyeGeneric.mg.2125703129d6e8ae
ALYacGen:Variant.Johnnie.193535
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusP2PWorm ( 0055e3e51 )
AlibabaMalware:Win32/km_2f8c.None
K7GWP2PWorm ( 0055e3e51 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/VeeBee.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/AutoRun.VB.HG
TrendMicro-HouseCallPE_VB.JM
Paloaltogeneric.ml
ClamAVWin.Trojan.Soul-4
KasperskyVirus.Win32.VB.lb
BitDefenderGen:Variant.Johnnie.193535
NANO-AntivirusVirus.Win32.VB.bnmwf
AvastWin32:VB-EJQ [Wrm]
TencentMalware.Win32.Gencirc.10b171bb
Ad-AwareGen:Variant.Johnnie.193535
EmsisoftGen:Variant.Johnnie.193535 (B)
ComodoWorm.Win32.AutoRun.VB@81mkzj
DrWebWin32.HLLP.Soul.2
ZillyaVirus.VB.Win32.176
TrendMicroPE_VB.JM
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.jm
SophosML/PE-A + Troj/VB-DZV
APEXMalicious
GDataGen:Variant.Johnnie.193535
JiangminVirus.VB.dd
AviraTR/VB.LB.2
MAXmalware (ai score=81)
GridinsoftRansom.Win32.Zbot.sa
MicrosoftVirus:Win32/VB.DE
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.VB.C49023
McAfeeArtemis!2125703129D6
MalwarebytesMalware.AI.4085803506
IkarusHackTool.Win32.Kiser
RisingWin32.VB.frp (CLASSIC)
YandexTrojan.GenAsa!Bx8Fg9B1WP8
SentinelOneStatic AI – Malicious PE
MaxSecureVirus.Win32.VB.lb
FortinetW32/VB.LB
AVGWin32:VB-EJQ [Wrm]
Cybereasonmalicious.129d6e

How to remove Virus:Win32/VB.DE?

Virus:Win32/VB.DE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment