Worm

Win32.Worm.VB.NZH (file analysis)

Malware Removal

The Win32.Worm.VB.NZH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32.Worm.VB.NZH virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32.Worm.VB.NZH?



File Info:

name: 17DF0C8E3FD70DBACB50.mlw
path: /opt/CAPEv2/storage/binaries/188f62b2b47313e75c6c7027ea4a62f06a74d8dbd03222e286b90d8394dd1cbe
crc32: 0866150A
md5: 17df0c8e3fd70dbacb50877745daf136
sha1: 5548b6384e660cd6f5dd2d905a08bb0c3bd9dc5a
sha256: 188f62b2b47313e75c6c7027ea4a62f06a74d8dbd03222e286b90d8394dd1cbe
sha512: cae2cb7b0fd23fc4bce1ddeca93912edda5515a7f67836d690704bc932d1a2c8183c4a5ac17c38532049d43736b465a551115755ba4779cadf246911486fa325
ssdeep: 1536:CILNhGRI+PBBBQBbBTTSKy6pMcUI+gJUP6O4BCKSKQOa7A:PLNUpgTSKy6pMcUI+gJUP6O4BCKSKQOt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18D73A87DB1421D1BE51E217833A3C2F304ABBC9A2D4F31CA613176AD5E68F90D479A1B
sha3_384: d9928d6ae52d258ed8ea27cbc484426ceafc84ebd4442df2049ca1c560f1939197dcf9c6d0e0557d9f14528d27a2c98e
ep_bytes: 68a0124000e8f0ffffff000040000000
timestamp: 2010-07-14 11:02:33


Version Info:

Translation: 0x0409 0x04b0
ProductName: df5
FileVersion: 7.30
ProductVersion: 7.30
InternalName: tmmLnshF
OriginalFilename: tmmLnshF.exe

Win32.Worm.VB.NZH also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebWin32.HLLW.Autoruner.25067
MicroWorld-eScanWin32.Worm.VB.NZH
FireEyeGeneric.mg.17df0c8e3fd70dba
CAT-QuickHealWorm.VBNA.gen
SkyhighBehavesLike.Win32.VBObfus.lm
McAfeeDownloader-CJX.gen.b
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusNetWorm ( 700000151 )
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.e3fd70
BitDefenderThetaAI:Packer.ADCD5BA920
VirITWorm.Win32.VB.12.P
SymantecW32.SillyFDC
ESET-NOD32Win32/AutoRun.VB.RH
APEXMalicious
AvastWin32:AutoRun-BLX [Wrm]
CynetMalicious (score: 100)
KasperskyTrojan-Dropper.Win32.Dorifel.kci
BitDefenderWin32.Worm.VB.NZH
NANO-AntivirusTrojan.Win32.VB.covksj
SUPERAntiSpywareTrojan.Agent/Gen-FakeAV[DF5]
TencentTrojan-Dropper.Win32.Dorifel.ya
EmsisoftWin32.Worm.VB.NZH (B)
F-SecureWorm:W32/Vobfus.AX
BaiduWin32.Worm.AutoRun.cj
VIPREWin32.Worm.VB.NZH
TrendMicroWORM_ESFURY.SMA
Trapminemalicious.moderate.ml.score
SophosMal/SillyFDC-D
IkarusWorm.Win32.Vobfus
VaristW32/Vobfus.I.gen!Eldorado
AviraWORM/VBN.aiut.77824
MAXmalware (ai score=86)
Antiy-AVLWorm/Win32.WBNA.gen
MicrosoftWorm:Win32/Vobfus!pz
XcitiumWorm.Win32.VB.G@23gbbq
ArcabitWin32.Worm.VB.NZH
ZoneAlarmTrojan-Dropper.Win32.Dorifel.kci
GDataWin32.Worm.VB.NZH
GoogleDetected
AhnLab-V3Win32/Vbna4.worm.Gen
VBA32TScope.Trojan.VB
Cylanceunsafe
PandaW32/Vobfus.EQ
TrendMicro-HouseCallWORM_ESFURY.SMA
RisingWorm.VobfusEx!1.99EB (CLASSIC)
YandexTrojan.GenAsa!cFSjR09jSq4
SentinelOneStatic AI – Malicious PE
FortinetW32/VBObfus.BDBD!tr
AVGWin32:AutoRun-BLX [Wrm]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudTrojan.Win.UnkAgent

How to remove Win32.Worm.VB.NZH?

Win32.Worm.VB.NZH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment