Malware

About “Win32/SpamTool.VB.AG” infection

Malware Removal

The Win32/SpamTool.VB.AG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/SpamTool.VB.AG virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode patterns malware family
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/SpamTool.VB.AG?



File Info:

name: 089C6B0C367FF4DE4F93.mlw
path: /opt/CAPEv2/storage/binaries/eaf6564bd06cbe728218abf94358346883884254e97e7a2cfcc5b9faf34675be
crc32: 83895039
md5: 089c6b0c367ff4de4f93b9a4bb9d2eab
sha1: 9def9afd2cf407828b23d0142ad809951b42aa56
sha256: eaf6564bd06cbe728218abf94358346883884254e97e7a2cfcc5b9faf34675be
sha512: 1b06ee3437a21481468554cb23ed89579b26cc674bcca0b3d5d1c97d1713ea73a67785bc53e8e0ddd75d6e1b28702e599e987cb38ef8c6e9cca1769aeb383013
ssdeep: 98304:idYvk6QxpWWlulm2s32q1cS2pl5FFRu1rQDqHN:iOQxpzlug3+FFAhQD8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16606230A39648833D9053DF814328DD612E81F524F6CB19A97FA3BAE4771A9FDF4124E
sha3_384: 870e1b405d175768a2e4e6550d851003acd908bb98f41d6a5e68d2565e08465b86e4d0602aa114051f994a47c63832d9
ep_bytes: 558bec83c4f0b8187d4100e8f0aafeff
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: 
CompanyName: Frametrack                                                  
FileDescription: One Revenge 3.0 Installation                                
FileVersion: 3.0                 
LegalCopyright: Frametrack                                                                                          
Translation: 0x0409 0x04e4

Win32/SpamTool.VB.AG also known as:

SkyhighBehavesLike.Win32.ObfuscatedPoly.wc
McAfeeArtemis!089C6B0C367F
MalwarebytesGeneric.Malware/Suspicious
K7AntiVirusTrojan ( 0050a4711 )
AlibabaTrojan:Win32/SpamTool.2f64f406
K7GWTrojan ( 0050a4711 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/SpamTool.VB.AG
APEXMalicious
SophosMal/Generic-S
VBA32TrojanSpy.MSIL.KeyLogger
DeepInstinctMALICIOUS
Cylanceunsafe
Ikarusnot-a-virus:Client-IRC.Win32.mIRC
MaxSecureTrojan.Malware.7164915.susgen
alibabacloudTrojan:Win/SpamTool.VB

How to remove Win32/SpamTool.VB.AG?

Win32/SpamTool.VB.AG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment