Malware

Win32/VB.SUG removal instruction

Malware Removal

The Win32/VB.SUG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/VB.SUG virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/VB.SUG?



File Info:

name: 174B71A0E76F84BFB2B4.mlw
path: /opt/CAPEv2/storage/binaries/c9f9bb0aad889acdecc9c05e039d7a8e989e6e4bee6bde0398d2d3a027526a7e
crc32: EA3C717C
md5: 174b71a0e76f84bfb2b40ce4dff5f720
sha1: 71e8e4e2315dfdf7414447c26a6ab38d2e4c36ee
sha256: c9f9bb0aad889acdecc9c05e039d7a8e989e6e4bee6bde0398d2d3a027526a7e
sha512: f58301dfd832b22c5df71e2fcc165525be0c1b6b3e70f934d1fa79342bc96c6f29c57bd385c43afc48212ba57e18d01d72138237ba9ae78d8b3ff1755f8cee96
ssdeep: 192:/TutxVv1lGO4EogVN4nh11r07nRU91TZhhWQ10jFbs/tR949t:/Tutz94OogU/h07RU9XiQ60tR949t
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ADB24106FB68C069F18281B62D21C79B8568BC3415049E1BFB497F9E28713F369F9717
sha3_384: a1482db1e047eb05b94584118848f3ff31fe6107b521f002472d107c42ab62de4f9afc5fa2fc120f586301d056af21af
ep_bytes: 6810144000e8eeffffff000000000000
timestamp: 2019-03-09 11:08:54


Version Info:

Translation: 0x0804 0x04b0
CompanyName: Skystars Corporation
ProductName: 工程1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: ntdllaaa
OriginalFilename: ntdllaaa.exe

Win32/VB.SUG also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.174b71a0e76f84bf
ALYacGen:Variant.Ursu.398051
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusP2PWorm ( 0055376b1 )
K7GWP2PWorm ( 0055376b1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/VB.SUG
APEXMalicious
KasperskyTrojan-Dropper.Win32.Daws.eqwm
BitDefenderGen:Variant.Ursu.398051
NANO-AntivirusTrojan.Win32.Daws.fnxrjw
MicroWorld-eScanGen:Variant.Ursu.398051
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10b25656
Ad-AwareGen:Variant.Ursu.398051
EmsisoftGen:Variant.Ursu.398051 (B)
DrWebTrojan.MulDrop9.4876
ZillyaDropper.Daws.Win32.14239
TrendMicroTrojan.Win32.FLOODRUN.AA
McAfee-GW-EditionBehavesLike.Win32.BadFile.mz
SophosMal/Generic-S
IkarusTrojan.NewHeur_VB_Trojan
GDataGen:Variant.Ursu.398051
JiangminTrojan.Generic.dbnse
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1124484
Antiy-AVLTrojan/Generic.ASMalwS.2AD0ED0
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Trojan/Win32.VBKrypt.R258560
McAfeeArtemis!174B71A0E76F
MAXmalware (ai score=89)
VBA32TrojanDropper.Daws
TrendMicro-HouseCallTrojan.Win32.FLOODRUN.AA
YandexTrojan.DR.Daws!3LE9GY5O4/A
SentinelOneStatic AI – Malicious PE
FortinetW32/Daws.EQWM!tr
BitDefenderThetaGen:NN.ZevbaF.34062.bm0@a42Q4Qcb
AVGWin32:Trojan-gen
Cybereasonmalicious.0e76f8
PandaTrj/GdSda.A

How to remove Win32/VB.SUG?

Win32/VB.SUG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment