Malware

Win32/AutoRun.VB.AMV (file analysis)

Malware Removal

The Win32/AutoRun.VB.AMV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/AutoRun.VB.AMV virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/AutoRun.VB.AMV?



File Info:

name: 0DA44E86B9F9DC923720.mlw
path: /opt/CAPEv2/storage/binaries/45733d10442dc11b94c51daf445467a72ddfd84e721b970dba9d141610a34e4d
crc32: C13E08FC
md5: 0da44e86b9f9dc92372091aece910f64
sha1: ced34b54899a52ed157b50f5f47570dc607dfdfc
sha256: 45733d10442dc11b94c51daf445467a72ddfd84e721b970dba9d141610a34e4d
sha512: 0da27aa26bfbacddadeba0d1ba61248c5b3e634bddf9465bbeca711888ff8208f26406af60d4167833fc4fbc80ebb1abaad024298a6d7e5a07ca05e484dd13f8
ssdeep: 3072:IxRnZefUkuUx/loYl36iqlekwohWv6pcDordSB4oQZiEd+0:uJCUk/dlb+wohQxDomWl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ECF3951636C0F67EC415CAF43D2A83909435ED3665E2A813F6C22F26B6F5EA7D221317
sha3_384: 270b565412bcc4309301ae1078e69f968205aac6490a8ae53494f287ff72812e436836bf23c8de907a80063fb03ac386
ep_bytes: 68c83f4000e8eeffffff000000000000
timestamp: 2011-10-02 12:23:19


Version Info:

Translation: 0x0409 0x04b0
ProductName: AbNkmueudVpaIwTUz
FileVersion: 1.00
ProductVersion: 1.00
InternalName: JxsDredgGcNR
OriginalFilename: JxsDredgGcNR.exe

Win32/AutoRun.VB.AMV also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.VBKrypt.23
FireEyeGeneric.mg.0da44e86b9f9dc92
CAT-QuickHealTrojan.Vobfus.gen
SkyhighBehavesLike.Win32.VBObfus.cm
McAfeeVBObfus.bc
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Variant.VBKrypt.23
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.6b9f9d
BaiduWin32.Trojan.Inject.n
SymantecW32.Changeup
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.AMV
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.WBNA.ipa
BitDefenderGen:Variant.VBKrypt.23
NANO-AntivirusTrojan.Win32.Vobfus.ftrplw
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
AvastWin32:VB-ABDC [Drp]
TencentTrojan.Win32.Koobface.p
TACHYONWorm/W32.VB-WBNA.159744.C
SophosMal/VB-XV
F-SecureWorm.WORM/Vobfus.nasl
DrWebTrojan.VbCrypt.60
TrendMicroWORM_VOBFUS.SMHE
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.VBKrypt.23 (B)
IkarusWorm.Win32.WBNA
GoogleDetected
AviraWORM/Vobfus.nasl
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
XcitiumTrojWare.Win32.VB.AVA@4paxk7
ArcabitTrojan.VBKrypt.23
ZoneAlarmWorm.Win32.WBNA.ipa
GDataGen:Variant.VBKrypt.23
VaristW32/Vobfus.Z.gen!Eldorado
AhnLab-V3Trojan/Win32.Diple.R13793
Acronissuspicious
BitDefenderThetaAI:Packer.AC9AC7B120
ALYacGen:Variant.VBKrypt.23
MAXmalware (ai score=88)
VBA32BScope.Worm.Vobfus
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMHE
RisingWorm.Vobfus!1.99C7 (CLASSIC)
YandexTrojan.GenAsa!iD4RiaYJkcc
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.CNE!worm
AVGWin32:VB-ABDC [Drp]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudWorm:Win/Vbkrypt.1ea06d33

How to remove Win32/AutoRun.VB.AMV?

Win32/AutoRun.VB.AMV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment