Win32/Packed.VMProtect.ABD information

The Win32/Packed.VMProtect.ABD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Packed.VMProtect.ABD virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
Expresses interest in specific running processes
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Tries to suspend Cuckoo threads to prevent logging of malicious activity
Deletes its original binary from disk
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a copy of itself
A possible cryptomining command was executed
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

pool.minexmr.com

How to determine Win32/Packed.VMProtect.ABD?


File Info:
crc32: FCB84B13
md5: cf55a896983e88c38351417aaa813367
name: Ugfzdb.exe
sha1: 6c13230ae7b136b2643fcd4032e8865b15f09553
sha256: 32583702d819c3006b126bf990354480f1024cd288c81237c503f87cf0d8b4b5
sha512: 765f07a770115b63d00a4b064720802b32d73accaddceee0088bed4ca0ac4a9e330b0214aa4dcf36fb9cc92f933b2bba881b23a9670bd5fad45ccc1539443012
ssdeep: 49152:tS2vdOvV27hSjjVzQXknVGCG6A8vHxv1w76fA1AXa1/cfWeuN1jlSlvV7R:tSi8vVVPRQYGCc8vHxNKUueu/Ql9
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Win32/Packed.VMProtect.ABD also known as:

Bkav	HW32.Packed.
MicroWorld-eScan	Trojan.GenericKD.42193104
CAT-QuickHeal	Trojan.Win64
McAfee	Artemis!CF55A896983E
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 004b8ae51 )
BitDefender	Trojan.GenericKD.42193104
Cybereason	malicious.6983e8
TrendMicro	TROJ_GEN.R015C0RL719
Baidu	Win32.Packed.VMProtect.a
Cyren	W32/Trojan.EUXV-7293
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.VMProtect.ABD
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Trojan.Win64.Miner.xsa
Alibaba	Trojan:Win32/Miner.cccfa556
NANO-Antivirus	Trojan.Win32.Black.glmdym
ViRobot	Trojan.Win32.Z.Miner.2462208
Tencent	Win64.Trojan.Miner.Tayn
Ad-Aware	Trojan.GenericKD.42193104
Emsisoft	Trojan.GenericKD.42193104 (B)
Comodo	Malware@#1dja9q4jivocw
F-Secure	Trojan.TR/Black.Gen2
Zillya	Trojan.VMProtect.Win32.12961
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Fortinet	W64/Miner.A!tr
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.cf55a896983e88c3
Sophos	Mal/VMProtBad-A
SentinelOne	DFI – Malicious PE
Avira	TR/Black.Gen2
MAX	malware (ai score=87)
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D283D0D0
ZoneAlarm	Trojan.Win64.Miner.xsa
Microsoft	Trojan:Win32/Skeeyah.A!rfn
Acronis	suspicious
BitDefenderTheta	AI:Packer.1E43A9B21E
ALYac	Trojan.GenericKD.42193104
VBA32	BScope.Trojan.Miner
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R015C0RL719
Rising	Trojan.CoinMiner!8.30A (CLOUD)
Yandex	Trojan.Miner!q9wtPpXrbxs
Ikarus	Worm.Win32.AutoRun
eGambit	Unsafe.AI_Score_100%
GData	Trojan.GenericKD.42193104
MaxSecure	Trojan.Malware.74774741.susgen
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	HEUR/QVM16.0.A6ED.Malware.Gen

How to remove Win32/Packed.VMProtect.ABD?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Packed.VMProtect.ABD information