Worm

About “Worm.VobfusVMF.S20640996” infection

Malware Removal

The Worm.VobfusVMF.S20640996 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.VobfusVMF.S20640996 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm.VobfusVMF.S20640996?



File Info:

name: 24DAA09FB79FA41B6508.mlw
path: /opt/CAPEv2/storage/binaries/55515e1c86541fad4ad53be12bdcfd4d2f91d55e7627716b66ae0eb85623adb7
crc32: 8D2973A3
md5: 24daa09fb79fa41b65085f9464df9685
sha1: b9d762cba210808f699a32cda594d56a4c5b7a67
sha256: 55515e1c86541fad4ad53be12bdcfd4d2f91d55e7627716b66ae0eb85623adb7
sha512: 88becd6e67728d4a427a5e38cb6e69406943745b8d5cbcb93ed71aa0d424db339be75e8257d3d3b1c09609c29d77a52cebaa111744705783377afd748c2c6629
ssdeep: 6144:wvkwYvMoZFOJaa82i2QIJ/UXEsH+3A06swOJRnCm5UjSQB:wvkw3o2gabhQoUX/e3EsPJRgjd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13D3410D4A380E97BE4B19FFAA785035300945DB859C57233B3819B1A377ACE682707E7
sha3_384: 8a7d20115e465536c1e21ae47c0d70c2b92efd2e5d36604e7fcba2f34c5a784535b7ab814de6e2307f2235925219b6ce
ep_bytes: 68bc3e4000e8eeffffff000000000000
timestamp: 2011-03-05 05:22:59


Version Info:

Translation: 0x0409 0x04b0
ProductName: CHMjPEYjPgQOXLVBulYZmhkeFFYT
FileVersion: 9.59
ProductVersion: 9.59
InternalName: vmSEhnL
OriginalFilename: vmSEhnL.exe

Worm.VobfusVMF.S20640996 also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.WBNA.loaR
MicroWorld-eScanGen:Variant.Symmi.86696
ClamAVWin.Trojan.Changeup-6169544-0
FireEyeGeneric.mg.24daa09fb79fa41b
CAT-QuickHealWorm.VobfusVMF.S20640996
ALYacGen:Variant.Symmi.86696
MalwarebytesGeneric.Malware.AI.DDS
ZillyaWorm.WBNA.Win32.1631079
SangforSuspicious.Win32.Save.vb
K7AntiVirusNetWorm ( 700000151 )
AlibabaWorm:Win32/Vobfus.24e70a9b
K7GWNetWorm ( 700000151 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.D97D5C5D21
VirITTrojan.Win32.Heur.BQWM
CyrenW32/Vobfus.P.gen!Eldorado
SymantecW32.Changeup
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.ACA
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.WBNA.sq
BitDefenderGen:Variant.Symmi.86696
NANO-AntivirusTrojan.Win32.WBNA.cnwqxh
SUPERAntiSpywareTrojan.Agent/Gen-ZBot
AvastWin32:VB-RSN [Wrm]
TencentMalware.Win32.Gencirc.13d25cdb
TACHYONTrojan/W32.VB-VBKrypt.233472.G
EmsisoftGen:Variant.Symmi.86696 (B)
BaiduWin32.Worm.VB.tn
F-SecureTrojan.TR/Kazy.14392.18
DrWebTrojan.VbCrypt.60
VIPREGen:Variant.Symmi.86696
TrendMicroWORM_VOBFUS.SMHC
McAfee-GW-EditionBehavesLike.Win32.Generic.dm
SophosMal/SillyFDC-M
IkarusTrojan.Win32.Genome
GDataGen:Variant.Symmi.86696
AviraTR/Kazy.14392.18
Antiy-AVLWorm/Win32.WBNA.gen
ArcabitTrojan.Symmi.D152A8
ViRobotWorm.Win32.A.WBNA.233472.A
ZoneAlarmWorm.Win32.WBNA.sq
MicrosoftWorm:Win32/Vobfus.BM
GoogleDetected
AhnLab-V3Trojan/Win32.VBKrypt.R3426
McAfeeDownloader-CJX.gen.v
MAXmalware (ai score=100)
VBA32Trojan.Varydrop.2921
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMHC
RisingWorm.Autorun!8.50 (TFE:3:3QRHIFWg9mD)
YandexTrojan.GenAsa!EJbvkFUjhpU
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.ACA!tr
AVGWin32:VB-RSN [Wrm]
Cybereasonmalicious.fb79fa
DeepInstinctMALICIOUS

How to remove Worm.VobfusVMF.S20640996?

Worm.VobfusVMF.S20640996 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment