Malware

Win32:Dropper-ESN [Drp] information

Malware Removal

The Win32:Dropper-ESN [Drp] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Dropper-ESN [Drp] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:Dropper-ESN [Drp]?



File Info:

name: 5B23EC71F420175CCD3B.mlw
path: /opt/CAPEv2/storage/binaries/beae414a63d6d5a0911d3075f94543e949db061347069bf7e1043c3bdb93e718
crc32: C50A6EA6
md5: 5b23ec71f420175ccd3b2c8499c42d62
sha1: 1ff49b96e2f25045eea25ce258871577847427b3
sha256: beae414a63d6d5a0911d3075f94543e949db061347069bf7e1043c3bdb93e718
sha512: 134e9d44204b4360dfb649767602f9a76ea51aed16cc956c6b45619c5900194305aaf6ddf29a7ba7463cee03ce4f3d69b3ada7e558622fdeefaf516287418b6a
ssdeep: 3072:0TpJo61pKPmsS1Iff0al3vh5if6PrSCjF8LnI2sMDmuUiP64BP:0tC6ni3tfi6xUIsDmuxP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E5843063978316D8E4150DF531C2F3D858B934E6BC222883CB121267DE6AF92976D4FE
sha3_384: 7277238c72e84e5ce6889311741a998e641664355b837d4e522790924e6b44e624c11d17d3d674c631d7878036878f26
ep_bytes: 68a8114000e8f0ffffff000000000000
timestamp: 2011-01-02 07:45:51


Version Info:

Translation: 0x0409 0x04b0
CompanyName: UserXP
ProductName: aGGYA1869
FileVersion: 9.27
ProductVersion: 9.27
InternalName: aGGYA9817
OriginalFilename: aGGYA9817.exe

Win32:Dropper-ESN [Drp] also known as:

BkavW32.AIDetectMalware
AVGWin32:Dropper-ESN [Drp]
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.VBKrypt.23
FireEyeGeneric.mg.5b23ec71f420175c
SkyhighBehavesLike.Win32.VBObfus.ft
McAfeeDownloader-CJX.gen.n
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 001f4fd51 )
K7GWTrojan ( 001f4fd51 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduWin32.Worm.AutoRun.cj
VirITTrojan.Win32.VBKrypt.CBXW
SymantecW32.Changeup
ESET-NOD32Win32/AutoRun.VB.YD
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.djcv
BitDefenderGen:Variant.VBKrypt.23
NANO-AntivirusTrojan.Win32.Vobfus.cninzm
AvastWin32:Dropper-ESN [Drp]
TACHYONWorm/W32.Vobfus.376832
EmsisoftGen:Variant.VBKrypt.23 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebWin32.HLLW.Autoruner.44894
TrendMicroWORM_VOBFUS.SMIA
Trapminemalicious.moderate.ml.score
SophosML/PE-A
IkarusTrojan.Win32.VBKrypt
JiangminTrojan/VBKrypt.hbza
VaristW32/VB.BR.gen!Eldorado
AviraTR/Dropper.Gen
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.985
MicrosoftWorm:Win32/Vobfus.gen!E
ArcabitTrojan.VBKrypt.23
ViRobotTrojan.Win32.A.VBKrypt.376832.F
ZoneAlarmWorm.Win32.Vobfus.djcv
GDataGen:Variant.VBKrypt.23
GoogleDetected
AhnLab-V3Trojan/Win.VBKrypt.R422735
VBA32SScope.Trojan.VBRA.5137
ALYacGen:Variant.VBKrypt.23
MAXmalware (ai score=88)
Cylanceunsafe
PandaGeneric Malware
TrendMicro-HouseCallWORM_VOBFUS.SMIA
RisingWorm.Vobfus!8.10E (TFE:4:e2Y1hO8UYNM)
SentinelOneStatic AI – Malicious PE
FortinetW32/AutoRun.XM!worm
BitDefenderThetaAI:Packer.BF64DD7B20
DeepInstinctMALICIOUS
alibabacloudTrojan[downloader]:Win/Vbkrypt.657e9be1

How to remove Win32:Dropper-ESN [Drp]?

Win32:Dropper-ESN [Drp] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment