Worm

Worm.VbnaMF.S22387683 removal

Malware Removal

The Worm.VbnaMF.S22387683 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.VbnaMF.S22387683 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Worm.VbnaMF.S22387683?



File Info:

name: FD00B5BD0CDA34FF741D.mlw
path: /opt/CAPEv2/storage/binaries/c78de947dad055dd01d0eb974309d77e97d31bab1404baea3204caec1400d472
crc32: 71401BA9
md5: fd00b5bd0cda34ff741d2f50b601238e
sha1: 9f73142e932a21f92b6b46878eca58d68a5d1bca
sha256: c78de947dad055dd01d0eb974309d77e97d31bab1404baea3204caec1400d472
sha512: 9d9d09e1938a59123db0bd539e38cf1218de26bd4acf666ae9ebb537b07d7620461abb44b1785f3178b11e4fa75d8a0077ac1fb7297d16411cbd41d487ce87ea
ssdeep: 1536:S3ccjgQgnRt9UdLw6BNMyBhXZxHJ6P6D5mrF8N:sgz07JjD5mrg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18B43C36A7384182ADB0CB23536A7C7E71AD7B48E075F4A436BB823799C64F412D16F13
sha3_384: 0023d89e62ac8fca9f7b4e916f64b7ab421cee3be6e2cf81acb284d5607ae1dda27d272f1f033813c295b9c8dbbfe798
ep_bytes: 6880114000e8f0ffffff000000000000
timestamp: 2010-12-28 13:10:07


Version Info:

Translation: 0x0409 0x04b0
CompanyName: UserXP
ProductName: 4322VBRUN
FileVersion: 6.52
ProductVersion: 6.52
InternalName: ooddp99
OriginalFilename: ooddp99.exe

Worm.VbnaMF.S22387683 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.719
FireEyeGeneric.mg.fd00b5bd0cda34ff
CAT-QuickHealWorm.VbnaMF.S22387683
McAfeeDownloader-CJX.gen.o
CylanceUnsafe
K7AntiVirusTrojan ( 001e96331 )
K7GWTrojan ( 001e96331 )
Cybereasonmalicious.d0cda3
BitDefenderThetaAI:Packer.123AFE6920
VirITTrojan.Win32.Shiru.AY
CyrenW32/VB.BT.gen!Eldorado
SymantecW32.Changeup!gen10
ESET-NOD32Win32/AutoRun.VB.XY
BaiduWin32.Worm.AutoRun.cj
TrendMicro-HouseCallWORM_VOBFUS.SMIA
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.VBNA.brmq
BitDefenderGen:Variant.Symmi.719
NANO-AntivirusTrojan.Win32.VB.cooocg
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastWin32:AutoRun-BSS [Wrm]
TencentWorm.Win32.Vbna.zf
Ad-AwareGen:Variant.Symmi.719
EmsisoftGen:Variant.Symmi.719 (B)
ComodoTrojWare.Win32.VB.XYT@59rakd
DrWebWin32.HLLW.Autoruner.40364
TrendMicroWORM_VOBFUS.SMIA
McAfee-GW-EditionBehavesLike.Win32.VBObfus.qt
SophosML/PE-A + Mal/SillyFDC-I
APEXMalicious
GDataGen:Variant.Symmi.719
JiangminTrojan/VBKrypt.hart
AviraTR/Dropper.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASBOL.5
ViRobotTrojan.Win32.Generic.57344.H
ZoneAlarmWorm.Win32.WBNA.ipa
MicrosoftVirTool:Win32/Obfuscator.NM
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Changeup.R2716
Acronissuspicious
VBA32SScope.Trojan.VBRA.9611
ALYacGen:Variant.Symmi.719
TACHYONTrojan/W32.VB-Agent.57344.LW
MalwarebytesMalware.AI.4214291897
IkarusTrojan-Dropper
YandexTrojan.VBKrypt.Gen.8
SentinelOneStatic AI – Malicious PE
MaxSecureWorm.Worm.W32.VBNA.brmq
FortinetW32/VBKrypt.AGW!tr
AVGWin32:AutoRun-BSS [Wrm]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Worm.VbnaMF.S22387683?

Worm.VbnaMF.S22387683 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment