Malware

About “Win32:VB-AEQD [Trj]” infection

Malware Removal

The Win32:VB-AEQD [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-AEQD [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32:VB-AEQD [Trj]?



File Info:

name: 8A718255A4B8972802D9.mlw
path: /opt/CAPEv2/storage/binaries/c5e7e61774b2f2768790e98816ebe87f0530d3a1792b36fffca1ac84a8ce8a6a
crc32: 8515C5A2
md5: 8a718255a4b8972802d9fb4c470742de
sha1: 34c22c08f826b3b46b080428369bb18052c22d18
sha256: c5e7e61774b2f2768790e98816ebe87f0530d3a1792b36fffca1ac84a8ce8a6a
sha512: f457fc5e54bceb76348c7e2010060a6b2ba49459116243e325b056505d0e208a3dcbb3e6508a45871844d2b2310c0c57837cee3dccb3043036266906d0636141
ssdeep: 3072:L1QxYpWufu0uQSamFi5eLb532qRgzqRe/aT4E1KZnBmaOtDvJRZ8Ng0ykdSXsj42:L1Qxbb532qRmqRe/aT4EYDmaOtNRKNZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E0641A1673A0FA2AD5218BF02AAA43B4517EEC3115D1A907F7803F1E77B2E975236713
sha3_384: e1f1a992aee3f7113100d78a3b81c0bd4a6fec9300a11ad1b2293b63f4ab79250834282ce5c5e068452bfb32c1eeaa50
ep_bytes: 6864434000e8eeffffff000068000000
timestamp: 2012-10-04 19:27:38


Version Info:

Translation: 0x0409 0x04b0
ProductName: ricksha
FileVersion: 8.42
ProductVersion: 8.42
InternalName: incettero
OriginalFilename: incettero.exe

Win32:VB-AEQD [Trj] also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.543743
FireEyeGeneric.mg.8a718255a4b89728
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.fm
McAfeeGenDownloader.rv
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Variant.Zusy.543743
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BitDefenderThetaGen:NN.ZevbaF.36802.tm1@aaVjgygi
VirITTrojan.Win32.SHeur4.AQUQ
SymantecW32.Changeup
ESET-NOD32Win32/Pronny.FA
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.Vobfus.scu
BitDefenderGen:Variant.Zusy.543743
NANO-AntivirusTrojan.Win32.WBNA.csfhhl
AvastWin32:VB-AEQD [Trj]
TencentWorm.Win32.Vobfus.kaz
TACHYONWorm/W32.Vobfus.323638
EmsisoftGen:Variant.Zusy.543743 (B)
BaiduWin32.Worm.Pronny.d
F-SecureTrojan.TR/Symmi.2336989
DrWebWin32.HLLW.Autoruner1.27186
TrendMicroWORM_VOBFUS.SMAS
SophosMal/SillyFDC-W
IkarusWorm.Win32.Vobfus
JiangminWorm/WBNA.diik
WebrootTrojan.Win32.Diple
VaristW32/VB.HE.gen!Eldorado
AviraTR/Symmi.2336989
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.999
MicrosoftWorm:Win32/Vobfus.IY
XcitiumWorm.Win32.VB.PJT@4r48sc
ArcabitTrojan.Zusy.D84BFF
ViRobotWorm.Win32.A.Vobfus.305927
ZoneAlarmWorm.Win32.Vobfus.scu
GDataGen:Variant.Zusy.543743
GoogleDetected
AhnLab-V3Worm/Win32.Vobfus.R38791
VBA32Malware-Cryptor.VB.gen
ALYacGen:Variant.Zusy.543743
MAXmalware (ai score=84)
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMAS
RisingMalware.FakeFolder/ICON!1.6AC4 (CLASSIC)
YandexTrojan.GenAsa!h1mNOJ3gpiw
SentinelOneStatic AI – Suspicious PE
FortinetW32/VBKrypt.CA!tr
AVGWin32:VB-AEQD [Trj]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Vobfus.16fb5ccc

How to remove Win32:VB-AEQD [Trj]?

Win32:VB-AEQD [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment