Malware

How to remove “Win32/Packed.VMProtect.AAS”?

Malware Removal

The Win32/Packed.VMProtect.AAS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.VMProtect.AAS virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid

How to determine Win32/Packed.VMProtect.AAS?



File Info:

name: 5C1152EA1393B65B225B.mlw
path: /opt/CAPEv2/storage/binaries/fe3bf75136792a3bce686451a74f3ad5eff89bc595740845fc3d97ebe0271979
crc32: E0FB2B63
md5: 5c1152ea1393b65b225b1b80587a1992
sha1: 098b8ae9ebcc88b1e084def1389d7353cfc9be7e
sha256: fe3bf75136792a3bce686451a74f3ad5eff89bc595740845fc3d97ebe0271979
sha512: 9aad588224ff071cf4822b5a55d9e5431500d5fc6cc8b673b4f4cee4fb23e8f51e1e07555006ae678730691ef1c9276b9647e471007d06b8301d9249a55ef404
ssdeep: 98304:w3O+F3LABRUNkMGN3ff25tbxaA/DwOH4llcazfAPF9UpHVWRXKByFqWaFTIYjBPh:w3OoMRUs3fSJxa8DNYl+azfAPDI1bnLj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A346236326B61141E8D58C39C537FEF431F617BF46C1A479A4AAADC03D268E9FA03943
sha3_384: c8558f3034926f163527cbf9c906bae1f686f9a3ce3f4764b5c1aefbfedfc24876736ddfc650c838c004bcacc0e16d6f
ep_bytes: 68622afa19e85dca0800ffe7e9ff49bf
timestamp: 2021-10-27 15:21:14


Version Info:

FileVersion: 3.2.8.6
LegalCopyright: Copyright (C) 2021
ProductVersion: 3.2.8.6
Translation: 0x0804 0x04b0

Win32/Packed.VMProtect.AAS also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Agent.a!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.37960037
FireEyeGeneric.mg.5c1152ea1393b65b
McAfeeArtemis!5C1152EA1393
CylanceUnsafe
ZillyaDownloader.Agent.Win32.452536
SangforTrojan.Win32.Agent.xxztid
K7AntiVirusTrojan ( 7000001c1 )
AlibabaPacked:Win32/VMProtect.5acaef67
K7GWTrojan ( 7000001c1 )
BitDefenderThetaGen:NN.ZexaF.34182.@F0@aSlX7akj
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.VMProtect.AAS
TrendMicro-HouseCallTROJ_GEN.R01FC0RJV21
Paloaltogeneric.ml
KasperskyTrojan-Downloader.Win32.Agent.xxztid
BitDefenderTrojan.GenericKD.37960037
AvastWin32:Malware-gen
TencentWin32.Trojan-downloader.Agent.Svrd
Ad-AwareTrojan.GenericKD.37960037
EmsisoftTrojan.GenericKD.37960037 (B)
ComodoApplicUnwnt@#33ncf8dun7b18
TrendMicroTROJ_GEN.R01FC0RJV21
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-S + Mal/VMProtBad-A
GDataTrojan.GenericKD.37960037
JiangminTrojanDownloader.Agent.gasw
AviraHEUR/AGEN.1145251
Antiy-AVLTrojan[Downloader]/Win32.Agent
ArcabitTrojan.Generic.D2433965
ViRobotTrojan.Win32.Z.Agent.5697536
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Reputation.C4397668
VBA32TScope.Malware-Cryptor.SB
ALYacTrojan.GenericKD.37960037
MAXmalware (ai score=81)
APEXMalicious
RisingDownloader.Agent!8.B23 (CLOUD)
YandexTrojan.DL.Agent!U+p/y4wTYiM
SentinelOneStatic AI – Malicious PE
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Packed.VMProtect.AAS?

Win32/Packed.VMProtect.AAS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment