Malware

Win32/Packed.VMProtect.CZ removal guide

Malware Removal

The Win32/Packed.VMProtect.CZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.VMProtect.CZ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Packed.VMProtect.CZ?



File Info:

name: 5B655E56E43D516E5DC5.mlw
path: /opt/CAPEv2/storage/binaries/6e0d299ec29dec4d8ea1c718c25487d6d077b7578abdb33f90d718422ca13abf
crc32: BF93B2E5
md5: 5b655e56e43d516e5dc5bbac036d824e
sha1: af7a00b63136c4c44d73843f7399ee2672b77677
sha256: 6e0d299ec29dec4d8ea1c718c25487d6d077b7578abdb33f90d718422ca13abf
sha512: fa8788cc32761236a8620e07004c3a3142f5d9dbf2652651a4a6cddb1a47c929095fbd3181fe8064f99f8d05a0fbca796321c8e9f396a5bd42b1bc896fc61551
ssdeep: 98304:X1gHCNFdZVPCD+844bOxf42bYoDsfpXXkBm9R9JzoTEK0s:XA6pVqy42bYDfiBm9RDcEK0s
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15B36237313724001F0F7883AD22B7ED472F713795782A4BDA5EBEDC12A624A5F612A53
sha3_384: d88d9ee71c13baf37f17fe7f89907eab570197ff41422572fca9077b26afb26973e8c1ac87c1930c6b09a8120e52ea56
ep_bytes: 68575dd1d7e811a3e8ff89460c66f7c4
timestamp: 2023-04-14 19:23:21


Version Info:

Translation: 0x0409 0x04b0
CompanyName: s0nicTz Soft
ProductName: Project1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Project1
OriginalFilename: Project1.exe

Win32/Packed.VMProtect.CZ also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.5b655e56e43d516e
MalwarebytesTrojan.Packed.VMP
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000001c1 )
AlibabaPacked:Win32/VMProtect.b0995c52
K7GWTrojan ( 7000001c1 )
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/ABRisk.ZUPR-0918
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.VMProtect.CZ
APEXMalicious
TencentWin32.Trojan.Generic.Fkjl
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
Trapminemalicious.moderate.ml.score
SophosMal/VMProtBad-A
IkarusBackdoor.Hupigon
Antiy-AVLTrojan[Packed]/Win32.VMProtect
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan.Agent.IEYL31
Acronissuspicious
BitDefenderThetaGen:NN.ZevbaF.36196.@x0@aWGmcQbi
DeepInstinctMALICIOUS
Cylanceunsafe
RisingTrojan.Occamy!8.F1CD (TFE:5:Ry55UJdenUB)
YandexTrojan.GenAsa!AwUEPauGhc0
SentinelOneStatic AI – Suspicious PE
FortinetW32/PossibleThreat
Cybereasonmalicious.6e43d5
PandaTrj/Chgt.AD

How to remove Win32/Packed.VMProtect.CZ?

Win32/Packed.VMProtect.CZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment