Worm

What is “Worm:Win32/Verst.A”?

Malware Removal

The Worm:Win32/Verst.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:Win32/Verst.A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Worm:Win32/Verst.A?


File Info:

name: 3695E52EC8039F581141.mlw
path: /opt/CAPEv2/storage/binaries/712b836a9e7f182ec0cbf57ee0dd96eb9b9852754d2ea64a39b175c5dcf6e53a
crc32: A9ADB391
md5: 3695e52ec8039f581141521c3c84f39c
sha1: 55bcb2441448156a20c98daa5d7e03eebb6dafa1
sha256: 712b836a9e7f182ec0cbf57ee0dd96eb9b9852754d2ea64a39b175c5dcf6e53a
sha512: 2a1f5da6a562443a74d3e48e39aa558284b6c9b0f0f0304d5c939ba818aee0543e7729f0a930d99dd74089b503e76d93dd56e89050c5a615bc8e95ee650e5497
ssdeep: 12288:pz1ByBMeePRzmpznw0gqhmf15gGSGdl74aw+PZsDw8dkME:pzkO4/ZG743w8dk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T140D423444B4653B6C0C336380A763E2FF29359724AF3552B6331E0DDED6AFE55AA81C2
sha3_384: 59b94d926a75f09e529caa7600f7e541f8b491808467d30b75c5fa6e2d074f0b9c4047dc1d22c8913a167e130e33bf23
ep_bytes: 608d6424200f8ae302000068a29766f5
timestamp: 1992-06-19 22:22:17

Version Info:

0: [No Data]

Worm:Win32/Verst.A also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur3.LPT.NOZ@aSGebiecb
FireEyeGeneric.mg.3695e52ec8039f58
ALYacGen:Trojan.Heur3.LPT.NOZ@aSGebiecb
ZillyaWorm.AutoRun.Win32.19836
K7AntiVirusTrojan ( 7000001c1 )
AlibabaWorm:Win32/AutoRun.872cd788
K7GWTrojan ( 7000001c1 )
Cybereasonmalicious.ec8039
CyrenW32/SuspPack.BB.gen!Eldorado
SymantecPacked.Vmpbad!gen1
ESET-NOD32Win32/AutoRun.Delf.GL
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Worm.Autorun-12275
KasperskyWorm.Win32.AutoRun.bhir
BitDefenderGen:Trojan.Heur3.LPT.NOZ@aSGebiecb
NANO-AntivirusTrojan.Win32.AutoRun.fbrwgv
AvastWin32:Dropper-gen [Drp]
TencentWin32.Worm.Autorun.Lknt
Ad-AwareGen:Trojan.Heur3.LPT.NOZ@aSGebiecb
SophosMal/Generic-R + Mal/VMProtBad-A
DrWebBackDoor.Pushnik.9
TrendMicroTROJ_GEN.R002C0CKT21
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
EmsisoftGen:Trojan.Heur3.LPT.NOZ@aSGebiecb (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Heur3.LPT.NOZ@aSGebiecb
JiangminWorm/AutoRun.wma
AviraTR/Black.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.1171AFD
GridinsoftRansom.Win32.Zbot.sa
MicrosoftWorm:Win32/Verst.A
CynetMalicious (score: 100)
AhnLab-V3Win32/Autorun.worm.539648
McAfeeGeneric-FAAF!3695E52EC803
MAXmalware (ai score=89)
VBA32BScope.Malware-Cryptor.Hlux
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R002C0CKT21
RisingTrojan.Generic@ML.90 (RDML:B9xeXc0hocMpo6AZFS22/Q)
YandexTrojan.GenAsa!Rp94cbhL08w
IkarusWin32.Outbreak
eGambitUnsafe.AI_Score_99%
FortinetW32/Delf.GL!worm
BitDefenderThetaGen:NN.ZexaF.34062.NOZ@aSGebiec
AVGWin32:Dropper-gen [Drp]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Worm:Win32/Verst.A?

Worm:Win32/Verst.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment