Malware

What is “Win32:VB-AIYR [Trj]”?

Malware Removal

The Win32:VB-AIYR [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:VB-AIYR [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:VB-AIYR [Trj]?



File Info:

name: E7C815C4ED6002F55BD2.mlw
path: /opt/CAPEv2/storage/binaries/f57bc0b545aea6956c5313ebd3d6ca52dd50286f9bcbbb3d25fa27c399761f6d
crc32: B894C291
md5: e7c815c4ed6002f55bd2f3063fc23e57
sha1: d8e6588e1d4764d96f090ea0a7d2ec491cb2c93c
sha256: f57bc0b545aea6956c5313ebd3d6ca52dd50286f9bcbbb3d25fa27c399761f6d
sha512: 45c1940f8183d04fe8dbab7c7ccd1faa5824dde91dc9f00bb9d59d14f85d40e14f3fb8e48417686da348efb2a50678bd92d5da323ae2882faa94a2bc9b2a8cab
ssdeep: 6144:GxeSA2BsHkq8xJYd1BeJuESHr4YWzOMlql49e1/lcduanJntih/FlVjf5PfbZjoM:JSA2BsHkq8xJYdlEC4YWzZvRMUqD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AF840A2B67A0F96AE525CBF0296C43748569B83114E5AD1BEAC01F1973F5E87C237313
sha3_384: 57e6c34d5642deb77ae6072fa933743a7307414dea796d87c562cbeac623851be17496e65dcfc23475169299e9d51a98
ep_bytes: 6878484000e8f0ffffff000000000000
timestamp: 2012-10-13 03:46:47


Version Info:

Translation: 0x0409 0x04b0
ProductName: twinemaking
FileVersion: 5.74
ProductVersion: 5.74
InternalName: nonusurping
OriginalFilename: nonusurping.exe

Win32:VB-AIYR [Trj] also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebWin32.HLLW.Autoruner1.28016
MicroWorld-eScanGen:Variant.Symmi.14907
FireEyeGeneric.mg.e7c815c4ed6002f5
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.fm
McAfeeGenDownloader.rv
Cylanceunsafe
ZillyaTrojan.Vobfus.Win32.670607
SangforSuspicious.Win32.Save.vb
AlibabaWorm:Win32/Vobfus.8b0d750a
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BitDefenderThetaGen:NN.ZevbaF.36804.xm1@ayjTrLoi
VirITTrojan.Win32.VB.CODN
SymantecW32.Changeup
ESET-NOD32a variant of Win32/VBObfus.CZ
APEXMalicious
TrendMicro-HouseCallWORM_VOBFUS.SMQ4
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.ykp
BitDefenderGen:Variant.Symmi.14907
NANO-AntivirusTrojan.Win32.Autoruner1.hcpaej
AvastWin32:VB-AIYR [Trj]
TencentWorm.Win32.Vobfus.kat
TACHYONWorm/W32.Vobfus.376888
EmsisoftGen:Variant.Symmi.14907 (B)
F-SecureTrojan.TR/Symmi.3566984
BaiduWin32.Worm.Pronny.d
VIPREGen:Variant.Symmi.14907
TrendMicroWORM_VOBFUS.SMQ4
SophosTroj/VB-HCM
IkarusWorm.Win32.Vobfus
JiangminWorm/WBNA.dfbt
Webroot
GoogleDetected
AviraTR/Symmi.3566984
VaristW32/VB.HE.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.999
MicrosoftWorm:Win32/Vobfus.JU
XcitiumTrojWare.Win32.Pronny.EE@4qvpy8
ArcabitTrojan.Symmi.D3A3B
ViRobotWorm.Win32.A.Vobfus.376832
ZoneAlarmWorm.Win32.Vobfus.ykp
GDataGen:Variant.Symmi.14907
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Vobfus.R42639
VBA32BScope.Trojan.Diple
ALYacGen:Variant.Symmi.14907
MAXmalware (ai score=81)
MalwarebytesVBObfus.Worm.Spreader.DDS
PandaTrj/Genetic.gen
RisingMalware.FakeFolder/ICON!1.6AC4 (CLASSIC)
YandexTrojan.GenAsa!9333E1wWfDI
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.4681612.susgen
FortinetW32/VBKrypt.C!tr
AVGWin32:VB-AIYR [Trj]
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Vobfus.d303268f

How to remove Win32:VB-AIYR [Trj]?

Win32:VB-AIYR [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment