Categories: Malware

Win32:VB-NIE [Trj] (file analysis)

The Win32:VB-NIE [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32:VB-NIE [Trj] virus can do?

Behavioural detection: Executable code extraction – unpacking
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
Behavioural detection: Injection (inter-process)
CAPE detected the embedded win api malware family
Attempts to modify Explorer settings to prevent hidden files from being displayed
Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:VB-NIE [Trj]?


File Info:
name: EE014FA92B06F6F48798.mlwpath: /opt/CAPEv2/storage/binaries/d92cb0f33b5de7e0eed3c2c75ec6cc824364ddabf5af051e990d96da6a23a61acrc32: 377D55D4md5: ee014fa92b06f6f4879834ed6023af70sha1: 13b59f25317f970b030da82c91c25d777da996fbsha256: d92cb0f33b5de7e0eed3c2c75ec6cc824364ddabf5af051e990d96da6a23a61asha512: 266b8bf09f185e2508482ebdb47672d26766e330cb0e72507af8030a35d2d4cdc84e501874c8b9c836accef3f0bbabf416378fc472e0eeef4006bf1f75dee4b9ssdeep: 768:0bVmABHHDr/VTnPHBYClqvcB2bxMfaVQDe50sR6/w1+jUZvqBcyulgXY9SycIn+U:8hYD8Wq2oS+Ljb3ts0E9ttype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1ED4373AA3B876927E49223367D55C1C7E13370817E4BC2C3B7DAB7251D1EE124429793sha3_384: 1569b4d1e6ed259d02c8232f441009b029be864b9956ec2447713ad807c5a959c6b8d8ba32334fd3ade0f91ae7cdc7e1ep_bytes: 6814124000e8f0ffffff000000000000timestamp: 2000-01-01 12:00:00
Version Info:
0: [No Data]

Win32:VB-NIE [Trj] also known as:

Bkav	W32.AIDetectMalware
Lionic	Worm.Win32.VBNA.li8h
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Chinky.2
FireEye	Generic.mg.ee014fa92b06f6f4
CAT-QuickHeal	Trojan.Vobfus.gen
Skyhigh	BehavesLike.Win32.VBObfus.qm
McAfee	VBObfus
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Worm.VBNA.Win32.93368
Sangfor	Suspicious.Win32.Save.vb
Alibaba	Worm:Win32/Vobfus.05e5d067
K7GW	EmailWorm ( 00568eb41 )
K7AntiVirus	EmailWorm ( 00568eb41 )
Arcabit	Trojan.Chinky.2
BitDefenderTheta	AI:Packer.1EAB3F931E
VirIT	Worm.Win32.Autorun.DJ
Symantec	W32.Changeup
ESET-NOD32	Win32/AutoRun.VB.GJ
APEX	Malicious
TrendMicro-HouseCall	WORM_VBNA.SM
Paloalto	generic.ml
ClamAV	Win.Trojan.Chinky-2
Kaspersky	Worm.Win32.Vobfus.exhg
BitDefender	Gen:Trojan.Chinky.2
NANO-Antivirus	Trojan.Win32.Vobfus.egwnbv
SUPERAntiSpyware	Trojan.Agent/Gen-Vobfus[WV]
Avast	Win32:VB-NIE [Trj]
Tencent	Worm.Win32.VBna.c
Emsisoft	Gen:Trojan.Chinky.2 (B)
Baidu	Win32.Worm.VB.jn
F-Secure	Worm:W32/Vinkus.gen!A
DrWeb	Win32.HLLW.Autoruner.8325
VIPRE	Gen:Trojan.Chinky.2
TrendMicro	WORM_VBNA.SM
Trapmine	malicious.high.ml.score
Sophos	Troj/Vobfus-CP
SentinelOne	Static AI – Malicious PE
MAX	malware (ai score=100)
Jiangmin	Worm/VBNA.gwlk
Google	Detected
Avira	TR/Dropper.Gen
Varist	W32/VB.X.gen!Eldorado
Antiy-AVL	Trojan[AutoRun]/Win32.VB.gj
Kingsoft	malware.kb.a.1000
Xcitium	Worm.Win32.VBNA.~gen@1qlvkj
Microsoft	Worm:Win32/Vobfus.F
ViRobot	Worm.Win32.VBNA.57344.AIH
ZoneAlarm	Worm.Win32.Vobfus.exhg
GData	Gen:Trojan.Chinky.2
Cynet	Malicious (score: 100)
AhnLab-V3	Win32/Vbna2.worm.Gen
Acronis	suspicious
VBA32	SScope.Trojan.VB.Svchorse.027
ALYac	Gen:Trojan.Chinky.2
Cylance	unsafe
Panda	W32/Autorun.JND
Rising	Trojan.Autorun!1.DA78 (CLASSIC)
Yandex	Trojan.GenAsa!Nmq1GgqIrOs
Ikarus	Trojan.Autorun
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/VBObfus.BDBD!tr
AVG	Win32:VB-NIE [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Worm:Win/Vobfus.exhg