Malware

About “Win32:VB-AAML [Trj]” infection

Malware Removal

The Win32:VB-AAML [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-AAML [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32:VB-AAML [Trj]?



File Info:

name: 8A5417D6CA90F9939DF2.mlw
path: /opt/CAPEv2/storage/binaries/5ebe85ef599847f4a50037879d46632338a63a1d97b7e40790538448c7c1d3bf
crc32: C4688C5B
md5: 8a5417d6ca90f9939df2bc906c989893
sha1: 5e84f65fd77174e5da5692c0e390d3c755645de1
sha256: 5ebe85ef599847f4a50037879d46632338a63a1d97b7e40790538448c7c1d3bf
sha512: d5bd7427033229711e265a8641f16f17da9d9ff966ae51eebfb2d76eb7b390f5202344dfffcb2e9642d6434833febffdee8158c55984b2ee73740e8ec8c9a188
ssdeep: 6144:teYp3FRINO5WcBzjkBP18yAYU7vKd3EUXWidJhKnvmb7/D26XgZKIQ0OfsJy2mJK:t73fINO5WcBzjkV183Kd3EUXWidJhKnL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10F549562BA18F46AD19388F02D2D9356383E6D760290BC0F7681BF2861B2757B4F475F
sha3_384: 33df0e45a4131e3402ed613a978b630f8e93793db4f081d8a0769feff51aa6dbda38eb1fecdfc13187e26e82eda9faae
ep_bytes: 6808474000e8eeffffff000040000000
timestamp: 2011-12-28 05:59:41


Version Info:

Translation: 0x0409 0x04b0
ProductName: DVPEEkFQ
FileVersion: 1.00
ProductVersion: 1.00
InternalName: mIclOLBJ
OriginalFilename: mIclOLBJ.exe

Win32:VB-AAML [Trj] also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Chinky.7
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.dm
McAfeeVBObfus.cm
MalwarebytesGeneric.Malware.AI.DDS
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
ArcabitTrojan.Chinky.7
BaiduWin32.Worm.Autorun.l
VirITTrojan.Win32.Zyx.SP
SymantecW32.Changeup
ESET-NOD32a variant of Win32/AutoRun.VB.AQE
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.effh
BitDefenderGen:Variant.Chinky.7
NANO-AntivirusTrojan.Win32.Vobfus.chzvjo
AvastWin32:VB-AAML [Trj]
TencentMalware.Win32.Gencirc.10be42f7
TACHYONWorm/W32.Vobfus.290816.E
EmsisoftGen:Variant.Chinky.7 (B)
GoogleDetected
F-SecureWorm.WORM/Vobfus.ommla
DrWebWin32.HLLW.Autoruner2.15227
VIPREGen:Variant.Chinky.7
TrendMicroWORM_VOBFUS.SM02
FireEyeGeneric.mg.8a5417d6ca90f993
SophosW32/SillyFDC-GT
IkarusWorm.Win32.Vobfus
VaristW32/Vobfus.Z.gen!Eldorado
AviraWORM/Vobfus.ommla
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.999
XcitiumWorm.Win32.VB.AUB@4ol77w
MicrosoftWorm:Win32/Vobfus!pz
ViRobotTrojan.Win32.A.Diple.290816.F
ZoneAlarmWorm.Win32.Vobfus.effh
GDataGen:Variant.Chinky.7
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Menti.R18663
Acronissuspicious
BitDefenderThetaGen:NN.ZevbaF.36802.rm0@a8rpBjoi
ALYacGen:Variant.Chinky.7
MAXmalware (ai score=83)
VBA32BScope.Trojan.Diple
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SM02
RisingWorm.Vobfus!8.10E (TFE:3:bqeCmhYigUD)
YandexTrojan.GenAsa!fODdjQTOEVc
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Diple.EJQE!tr
AVGWin32:VB-AAML [Trj]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Vobfus.9f0f3536

How to remove Win32:VB-AAML [Trj]?

Win32:VB-AAML [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment