Worm:Win32/VB.CB (file analysis)

The Worm:Win32/VB.CB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Worm:Win32/VB.CB virus can do?

Authenticode signature is invalid
Anomalous binary characteristics

How to determine Worm:Win32/VB.CB?


File Info:
name: BA0AB8896BBA9B1A089E.mlw
path: /opt/CAPEv2/storage/binaries/a4cee4316c2e19b04a7f212c24f66123a6b8bb6dd9e7e0489b2431dc6991b4ce
crc32: F99F5DB5
md5: ba0ab8896bba9b1a089e3ee37e242893
sha1: ddc719e0160fb2d06ca3a652a42eb419dddb1a53
sha256: a4cee4316c2e19b04a7f212c24f66123a6b8bb6dd9e7e0489b2431dc6991b4ce
sha512: ad1f0bc4d5f56f928401d7b63c27a7671983e626241cda7e5954c496a9f79f3fd4a633135281136dcd89c856ebbe5696326104e8c2c645ba72447606f2ea8959
ssdeep: 768:MJDcUsuYweMggNz0zFYM9M2AT91aX4RJ:MJiukMPwL22ATmIRJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F343B4C2775EC896D89215390B5F53561FD2BCC60B23B606F292BB9BA873D0C48F6943
sha3_384: abae9cf8d5f747ede8cb68b1be11c7b7fd7094cf2a886061ccf904bb3cf3efb3e01ae4ebd6988f58449ab5b31f7d04da
timestamp: 2006-09-04 02:56:44

Version Info:
Translation: 0x0409 0x04b0
CompanyName: Test
ProductName: DungCoi
FileVersion: 1.00
ProductVersion: 1.00
InternalName: DungCoiexe
OriginalFilename: DungCoiexe.exe

Worm:Win32/VB.CB also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.CoiDung.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Worm.Generic.39086
FireEye	Generic.mg.ba0ab8896bba9b1a
CAT-QuickHeal	Worm.Codungi.A6
Skyhigh	W32/Autorun.worm.bgd
McAfee	W32/Autorun.worm.bgd
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Worm.VB.Win32.102406
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Unwanted-Program ( 0059886f1 )
Alibaba	Worm:Win32/CoiDung.2f39aa23
K7GW	Unwanted-Program ( 0059886f1 )
Cybereason	malicious.96bba9
VirIT	Trojan.Win32.VBCrypt.APQ
Symantec	Trojan.Gen.2
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/VB.NJO
APEX	Malicious
ClamAV	Win.Worm.Fzdr3zji-9886851-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Worm.Generic.39086
SUPERAntiSpyware	Trojan.Agent/Gen-Weirdon
Avast	Win32:VB-GNO [Wrm]
Tencent	Malware.Win32.Gencirc.10b25d61
Sophos	Mal/CoiDung-A
Baidu	Win32.Trojan-Downloader.VB.b
F-Secure	Worm.WORM/VB.86016
DrWeb	Trojan.MulDrop3.61
VIPRE	Worm.Generic.39086
TrendMicro	TROJ_GEN.R002C0PB524
Trapmine	malicious.high.ml.score
Emsisoft	Worm.Generic.39086 (B)
SentinelOne	Static AI – Malicious PE
GData	Win32.Worm.VB.B
Jiangmin	Trojan/Generic.afagv
Varist	W32/VB.FT.gen!Eldorado
Avira	WORM/VB.86016
Antiy-AVL	Trojan/Win32.AGeneric
Kingsoft	malware.kb.a.998
Xcitium	Malware@#31790m4sn2qo9
Arcabit	Worm.Generic.D98AE
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Worm:Win32/VB.CB
Cynet	Malicious (score: 100)
AhnLab-V3	HEUR/Fakon.mwf.X1352
ALYac	Worm.Generic.39086
Google	Detected
MAX	malware (ai score=100)
Cylance	unsafe
Panda	W32/CogDuni.F.worm
TrendMicro-HouseCall	TROJ_GEN.R002C0PB524
Rising	Worm.DungCoi!1.CE99 (CLASSIC)
Yandex	Trojan.GenAsa!lRw69HAZAPE
Ikarus	IM-Worm.Win32.VB
MaxSecure	Trojan.Malware.1284855.susgen
Fortinet	W32/CoiDung.A!worm
AVG	Win32:VB-GNO [Wrm]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Worm

How to remove Worm:Win32/VB.CB?

Worm:Win32/VB.CB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X