Categories: Malware

About “Win32:VB-AJKL [Trj]” infection

The Win32:VB-AJKL [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32:VB-AJKL [Trj] virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
Deletes its original binary from disk
Executed a process and injected code into it, probably while unpacking
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup
Spoofs its process name and/or associated pathname to appear as a legitimate process
Creates a hidden or system file
Creates a copy of itself
Harvests credentials from local FTP client softwares
Harvests information related to installed instant messenger clients
Harvests information related to installed mail clients
Creates a slightly modified copy of itself
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

exmanageserver.site

How to determine Win32:VB-AJKL [Trj]?


File Info:
crc32: 8F8640E0md5: 9a48e871c5056686cbf16bc1b7413aaename: 9A48E871C5056686CBF16BC1B7413AAE.mlwsha1: 173ea0bd2f389fd0a0ee1fcb8c8bdf71eb55ffbesha256: 1c08cbc7f0aa33329242c4dd31369604cd96cb97a73c15ba0022be35e5e5897bsha512: c204eba9751c87c1f638313254d83ebc8ffa4f592a64f0195587dfb7924bbec3ed77811179fe41a8da388d2c9342d8d24139afa9bfb7b8a22420762eee60e01bssdeep: 3072:sPOfJjKCB0ZfVuW9ykReba73cbAHoY1E+2+w1yeoZx:sPOfJmdZduKeOzXHP1E+271NoZtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0409 0x04b0InternalName: abshdjakmz48FileVersion: 9.03.0005CompanyName: Nintendo   Comments: Disturbor5ProductName: SchizaxonProductVersion: 9.03.0005FileDescription: ImpheesOriginalFilename: abshdjakmz48.exe

Win32:VB-AJKL [Trj] also known as:

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.PonyStealer.lm0@dyD1Yqci
FireEye	Generic.mg.9a48e871c5056686
McAfee	Fareit-FQZ!9A48E871C505
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
BitDefender	Gen:Heur.PonyStealer.lm0@dyD1Yqci
Cybereason	malicious.1c5056
TrendMicro	TSPY_HPFAREIT.SM2
Cyren	W32/VBInject.LI.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:VB-AJKL [Trj]
ClamAV	Win.Packer.VbPack-0-6334882-0
Kaspersky	Trojan.Win32.Nockat.fod
NANO-Antivirus	Trojan.Win32.NaKocTb.eruixc
ViRobot	Trojan.Win32.Agent.180224.CW
Tencent	Malware.Win32.Gencirc.11b0f416
Ad-Aware	Gen:Heur.PonyStealer.lm0@dyD1Yqci
TACHYON	Trojan/W32.VB-naKocTb.180224.B
Sophos	Mal/FareitVB-M
DrWeb	Trojan.PWS.Stealer.17779
Invincea	ML/PE-A + Mal/FareitVB-M
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
Emsisoft	Gen:Heur.PonyStealer.lm0@dyD1Yqci (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.naKocTb.amj
MaxSecure	Trojan.Malware.75023056.susgen
Microsoft	Trojan:Win32/Wacatac.C!ml
Arcabit	Trojan.PonyStealer.ED7669
ZoneAlarm	Trojan.Win32.Nockat.fod
GData	Gen:Heur.PonyStealer.lm0@dyD1Yqci
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.VB.C2087991
BitDefenderTheta	AI:Packer.4D263D3621
ALYac	Gen:Heur.PonyStealer.lm0@dyD1Yqci
MAX	malware (ai score=86)
VBA32	TScope.Trojan.VB
Malwarebytes	Spyware.Pony
Panda	Trj/GdSda.A
Zoner	Trojan.Win32.62564
ESET-NOD32	Win32/PSW.Fareit.L
TrendMicro-HouseCall	TSPY_HPFAREIT.SM2
Rising	Trojan.Injector!1.B459 (CLASSIC)
Yandex	Trojan.Nockat!0ByqCuDGgRk
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Injector.ECCL!tr
AVG	Win32:VB-AJKL [Trj]
CrowdStrike	win/malicious_confidence_100% (D)
Qihoo-360	HEUR/QVM03.0.44A7.Malware.Gen