Win32/AutoRun.VB.APL (file analysis)

The Win32/AutoRun.VB.APL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/AutoRun.VB.APL virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Expresses interest in specific running processes
Reads data out of its own binary image
Drops a binary and executes it
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a slightly modified copy of itself
Anomalous binary characteristics
Attempts to modify Explorer settings to prevent hidden files from being displayed

Related domains:

ns1.player1352.com

ns1.player1352.net

ns1.player1352.org

How to determine Win32/AutoRun.VB.APL?


File Info:
crc32: 3E40598B
md5: e95ba0976f994360b00095e9a87772d3
name: E95BA0976F994360B00095E9A87772D3.mlw
sha1: 9ba22698d79cc08170e33c4577d46e9fcba6212f
sha256: 24ce8f829b20bfe742d99ded3ba27afacc950f149f2918dd10e8ac4f62241b50
sha512: 45706117297c316a5833fb8d5191b69c0f5e51b842cb33d3f445197a92c2ba3bbb3e128e69f57606e44454b310c003da7dd3ec5fac63e22b5795b5e5e80ea051
ssdeep: 6144:gAKQc0f7XP+g3AGJpWVzuxmI8nQOsPVKnvmb7/D26Mbj/R8SUHAgOTTMEtBTTlma:i27/XvLWpuUnQOsPVKnvmb7/D26MHUHQ
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
ProductVersion: 1.00
InternalName: 
FileVersion: 1.00
OriginalFilename: 
ProductName: 
Translation: 0x0409 0x04b0

Win32/AutoRun.VB.APL also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	EmailWorm ( 0054d10f1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.VbCrypt.77
Cynet	Malicious (score: 100)
Cylance	Unsafe
Sangfor	Worm.Win32.Vobfus.devi
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	EmailWorm ( 0054d10f1 )
Cybereason	malicious.76f994
Baidu	Win32.Worm.VB.oz
Cyren	W32/Vobfus.Z.gen!Eldorado
Symantec	W32.Changeup
ESET-NOD32	Win32/AutoRun.VB.APL
APEX	Malicious
Avast	Win32:Regrun-JL [Trj]
ClamAV	Win.Trojan.Changeup-6169544-0
Kaspersky	Worm.Win32.Vobfus.devi
BitDefender	Gen:Variant.Barys.2644
NANO-Antivirus	Trojan.Win32.Jorik.cqkygj
ViRobot	Worm.Win32.A.WBNA.294912.U
MicroWorld-eScan	Gen:Variant.Barys.2644
Tencent	Worm.Win32.Vobfus.n
Ad-Aware	Gen:Variant.Barys.2644
Sophos	ML/PE-A + Mal/SillyFDC-T
Comodo	Worm.Win32.VB.AUA@4o7zkg
BitDefenderTheta	Gen:NN.ZevbaF.34266.sq0@a4aQc5di
VIPRE	Trojan.Win32.Generic!SB.0
TrendMicro	WORM_VOBFUS.SM5
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
FireEye	Generic.mg.e95ba0976f994360
Emsisoft	Gen:Variant.Barys.2644 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Worm.Vobfus.gtdd
Avira	TR/Vobfus.jzka
Antiy-AVL	Trojan/Generic.ASBOL.5
Microsoft	Worm:Win32/Vobfus.gen!O
Arcabit	Trojan.Barys.DA54
SUPERAntiSpyware	Trojan.Agent/Gen-AutoRun
GData	Gen:Variant.Barys.2644
TACHYON	Trojan/W32.VB-Jorik.294912.E
AhnLab-V3	Trojan/Win32.Jorik.R16322
Acronis	suspicious
McAfee	VBObfus.by
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Diple
Malwarebytes	Worm.Obfuscator
Panda	Generic Malware
TrendMicro-HouseCall	WORM_VOBFUS.SM5
Rising	Worm.VobfusEx!1.99DC (CLASSIC)
Yandex	Trojan.GenAsa!pL2Z1jCqGJ0
Ikarus	Trojan.Vobfus
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.F
AVG	Win32:Regrun-JL [Trj]
Paloalto	generic.ml

How to remove Win32/AutoRun.VB.APL?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/AutoRun.VB.APL (file analysis)