Worm

Worm.Win32.Vobfus.dffg (file analysis)

Malware Removal

The Worm.Win32.Vobfus.dffg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Win32.Vobfus.dffg virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm.Win32.Vobfus.dffg?



File Info:

name: E120E45EE82F3D79904A.mlw
path: /opt/CAPEv2/storage/binaries/3c24537ff596bcadf29d2896011bf352298cbae51ec2274fc70eea80b5e1a8d7
crc32: C28D9552
md5: e120e45ee82f3d79904a1a405f19f91a
sha1: 0a98776b22c6f6570042447846207935b55299cd
sha256: 3c24537ff596bcadf29d2896011bf352298cbae51ec2274fc70eea80b5e1a8d7
sha512: cae6afaf2a31465add35fff3a77e50cdd3217a2f7ace75424ed172a0c4febba5f9fcb9055108a1f6cb45ae1325a3a27ff6690e151ced06b0fa9b178e89638466
ssdeep: 6144:yMEcB4Psq8gFV91GGGLVTmrshXj0MQH1DUhu1GJu+DODryKnKxO:5TwUgFV6Hm1JKxO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T164643016AD10A03BE64698F1291983AA291D1E776380FC0BF385BB9870751E7F6F171F
sha3_384: 93e8c5c67f847c2b5311b5ccd4e842161c0ba7609bd4500400f730cc86c7c5adf8e508b42326157f24e5fe63eb1eee94
ep_bytes: 68dc4b4000e8f0ffffff000048000000
timestamp: 2012-03-29 20:56:00


Version Info:

ProductName: 87
FileVersion: 67.00
ProductVersion: 188.00
InternalName: 445
OriginalFilename: 98
Translation: 0x0409 0x04b0

Worm.Win32.Vobfus.dffg also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.950
CAT-QuickHealTrojan.Beebone.D
ALYacGen:Variant.Barys.950
Cylanceunsafe
SangforSuspicious.Win32.Save.vb
CrowdStrikewin/malicious_confidence_100% (D)
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BaiduWin32.Trojan.VBObfus.f
VirITTrojan.Win32.SHeur4.WOC
CyrenW32/Vobfus.BE.gen!Eldorado
SymantecW32.Changeup
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/AutoRun.VB.AUA
APEXMalicious
ClamAVWin.Trojan.Vobfus-8
KasperskyWorm.Win32.Vobfus.dffg
BitDefenderGen:Variant.Barys.950
NANO-AntivirusTrojan.Win32.VB.rilrg
ViRobotTrojan.Win32.A.VB.323584.C
AvastWin32:VB-ACAJ [Trj]
RisingTrojan.VBEx!1.99EE (CLASSIC)
TACHYONTrojan/W32.VB-Agent.323584.AA
EmsisoftGen:Variant.Barys.950 (B)
F-SecureTrojan.TR/Otran.A.7622
DrWebTrojan.VbCrypt.60
VIPREGen:Variant.Barys.950
TrendMicroWORM_VOBFUS.SMJA
McAfee-GW-EditionBehavesLike.Win32.VBObfus.fm
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.e120e45ee82f3d79
SophosMal/SillyFDC-W
IkarusWorm.Win32.Vobfus
JiangminTrojan/Vbobf.b
AviraTR/Otran.A.7622
Antiy-AVLWorm/Win32.WBNA.gen
MicrosoftWorm:Win32/Vobfus.gen!X
XcitiumTrojWare.Win32.VB.AVA@4paxk7
ArcabitTrojan.Barys.950
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
ZoneAlarmWorm.Win32.Vobfus.dffg
GDataWin32.Trojan.VB.ABW
CynetMalicious (score: 100)
AhnLab-V3HEUR/Fakon.mwf.X1381
McAfeeVBObfus.dv
MAXmalware (ai score=87)
VBA32TScope.Trojan.VB
MalwarebytesMalware.AI.3346315863
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMJA
TencentWorm.Win32.Vobfus.n
YandexTrojan.GenAsa!E+i3NUt6r10
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.C!tr
BitDefenderThetaGen:NN.ZevbaF.36250.tm0@aauLgrgi
AVGWin32:VB-ACAJ [Trj]
DeepInstinctMALICIOUS

How to remove Worm.Win32.Vobfus.dffg?

Worm.Win32.Vobfus.dffg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment