Malware

Win32/Packed.VMProtect.AIM (file analysis)

Malware Removal

The Win32/Packed.VMProtect.AIM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.VMProtect.AIM virus can do?

  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • CAPE detected the DLInjector06 malware family
  • Attempts to disable Windows Defender
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Packed.VMProtect.AIM?



File Info:

name: 77C117AF9DBEC4A18374.mlw
path: /opt/CAPEv2/storage/binaries/da84c03c53e94ca4b11a58f9e5fd73e8c677cfacaea44f8179dc21dcf80bbe2c
crc32: EA0E9AD5
md5: 77c117af9dbec4a183741243a8654885
sha1: 2fb8e14b697929cfe065aa45ed3ac343d8a47e1c
sha256: da84c03c53e94ca4b11a58f9e5fd73e8c677cfacaea44f8179dc21dcf80bbe2c
sha512: a2888056073f3a606e9c2ac064d0bec89aeb2d0657f6081c24d1dcc99aa3db2bb896541f34af1d5be50420818045374d63bb787101157bec2c87173e0a4399ac
ssdeep: 98304:wgIlPKNUknhnCA+xDMA3l7KXt7Jw5G1Dpc8Jr:wzoUklGDz3l+Xt7jtc8Jr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1532612E3259A2044F0B4E83ADBE7BEF9F5F5F1E59542487A1595FFC20631E50BA03822
sha3_384: 4d030745771303feb9ba41cd040dfdce18c854bf43fd0c87a1aa22665c49726b07fb33bcde0755cacaa348a84efc8700
ep_bytes: 68a5bedff8e8d93618003ac1f503f9e9
timestamp: 2023-04-25 07:05:09


Version Info:

CompanyName: Acro Software Inc.
FileDescription: CutePDF Writer
FileVersion: 4.0.1.2
InternalName: CutePDF Writer
LegalCopyright: Copyright ©2021 by Acro Software Inc., All Rights Reserved
LegalTrademarks: CutePDF
OriginalFilename: CutePDFWriter.EXE
ProductName: CutePDF Writer Application
ProductVersion: 4.0.0.1
Translation: 0x0409 0x04b0

Win32/Packed.VMProtect.AIM also known as:

LionicTrojan.Win32.PrivateLoader.4!c
MicroWorld-eScanTrojan.GenericKD.66913732
FireEyeGeneric.mg.77c117af9dbec4a1
McAfeeArtemis!77C117AF9DBE
Cylanceunsafe
VIPRETrojan.GenericKD.66913732
SangforInfostealer.Win32.Privateloader.Vsf7
K7AntiVirusTrojan ( 7000001c1 )
AlibabaTrojanPSW:Win32/PrivateLoader.4cf18896
K7GWTrojan ( 7000001c1 )
BitDefenderThetaGen:NN.ZexaF.36196.@F1@aCq7Begi
CyrenW32/ABRisk.GXBA-0570
SymantecTrojan Horse
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.VMProtect.AIM
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-PSW.Win32.PrivateLoader.jk
BitDefenderTrojan.GenericKD.66913732
AvastWin32:AdwareX-gen [Adw]
TencentWin32.Trojan-QQPass.QQRob.Fmnw
EmsisoftTrojan.GenericKD.66913732 (B)
F-SecureTrojan.TR/AD.Nekark.xosnt
TrendMicroTROJ_GEN.R002C0RE923
McAfee-GW-EditionBehavesLike.Win32.Pate.rc
Trapminemalicious.high.ml.score
SophosMal/VMProtBad-A
GDataTrojan.GenericKD.66913732
WebrootW32.Trojan.GenKD
AviraTR/AD.Nekark.xosnt
Antiy-AVLTrojan[Packed]/Win32.VMProtect
ArcabitTrojan.Generic.D3FD05C4
ZoneAlarmTrojan-PSW.Win32.PrivateLoader.jk
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GoogleDetected
AhnLab-V3Malware/Win.Generic.C5335236
ALYacTrojan.GenericKD.66913732
MAXmalware (ai score=80)
VBA32BScope.Trojan.Tiggre
MalwarebytesSpyware.Stealer
TrendMicro-HouseCallTROJ_GEN.R002C0RE923
RisingStealer.PrivateLoader!8.16BEA (TFE:5:JN6dq37AkgK)
MaxSecureTrojan.Malware.207576387.susgen
FortinetW32/Agent.ADGH!tr
AVGWin32:AdwareX-gen [Adw]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Win32/Packed.VMProtect.AIM?

Win32/Packed.VMProtect.AIM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment