PUA

VR Brothers (PUA) malicious file

Malware Removal

The VR Brothers (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VR Brothers (PUA) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine VR Brothers (PUA)?



File Info:

name: 4106D8028D232471377B.mlw
path: /opt/CAPEv2/storage/binaries/ce45a180e87687cb9590c4ca40da3c21e563d78ab5139cbe06f224af9e6ae5ee
crc32: CC5E72D2
md5: 4106d8028d232471377bcf44db0dd175
sha1: 3f8f70f6776318b931955c82cbb79fb5a2d89b84
sha256: ce45a180e87687cb9590c4ca40da3c21e563d78ab5139cbe06f224af9e6ae5ee
sha512: 4e0ba51ecefc91e670cf9edf7b046d11a2a96e2b24b7f5edfd1c2748e92684750d732ee8ef4467127d0d899ad4d165e177f22450f4b80352b0bd6a7d44a80229
ssdeep: 196608:T5z2U/Yam0RM90j2mSqzxMDJ0h1D3SbiI59LTCngfWAlkuPzAE9qB:T5qWYVCMqj2czGILCL2qXPIB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13CC63302B7D701B8FA35167BD86BC958AD27307C43E6622A6EB2C84F5BB85C1DC78453
sha3_384: 8c6738fc8b407b2d8fc287ff0966e26b96e00136bb99afec33ef8cac13fcfd0b2f0ecc4afb2f4cf19cbab3ea4c3d0c46
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2012-10-02 05:04:04


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: 兄弟软件                                                        
FileDescription: 按键精灵9 Setup                                                 
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: 按键精灵9                                                       
ProductVersion:                     
Translation: 0x0000 0x04b0

VR Brothers (PUA) also known as:

BkavW32.AIDetectMalware
LionicAdware.Win32.VrBrothers.2!c
SkyhighArtemis!PUP
Cylanceunsafe
SangforAdware.Win32.Vrbrothers.V5l9
SymantecPUA.Gen.2
ESET-NOD32a variant of Win32/Adware.VrBrothers.AI potentially unwanted
McAfeeArtemis!4106D8028D23
NANO-AntivirusTrojan.Script.Vbs-heuristic.druvzi
AvastWin32:AdwareX-gen [Adw]
SophosVR Brothers (PUA)
GoogleDetected
DrWebTrojan.Siggen16.19230
IkarusTrojan.Dropper
VaristW32/ABAdware.WKDE-4210
Antiy-AVLTrojan/Win32.SGeneric
VBA32Adware.VrBrothers
MalwarebytesAdware.VRBrothers
FortinetRiskware/VR_Brothers
AVGWin32:AdwareX-gen [Adw]
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_100% (W)

How to remove VR Brothers (PUA)?

VR Brothers (PUA) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment