Worm

Worm:Win32/Vobfus.AAA malicious file

Malware Removal

The Worm:Win32/Vobfus.AAA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Vobfus.AAA virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm:Win32/Vobfus.AAA?



File Info:

name: C1C3927DB34DF1F7E7B6.mlw
path: /opt/CAPEv2/storage/binaries/98248d70b1f75d9174efa65ec0797bcd68f88ae59baa4c9d0978ce6d1e2e5b2f
crc32: 0B6963A7
md5: c1c3927db34df1f7e7b648659a9cff80
sha1: 70190fce519a74fad5baa57c688ff295e7373430
sha256: 98248d70b1f75d9174efa65ec0797bcd68f88ae59baa4c9d0978ce6d1e2e5b2f
sha512: d4595800f41e06d71b9a9d0d4bb3a37b0ad4c3d59b2cd26bfd40e891bf3ff534c3f3af4761ede9680bee54d7aeb2e1ad963926341a42c8bb6a49eaeefebeff71
ssdeep: 3072:jo6LNj/kLSJmDjIPpwu8c9GA7HtFbZmgu1g:c6ZT7JPPpTGgLbQgyg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D4E3AE66F394985AC115A7F35A2A47B0D266FD316B820B43B2CA77383D736D19B703C2
sha3_384: a53f93ab8e7e5dae06320adeb59066dcb7f05a9d06a084dbdc2c221250504782cab59d283ab42ed20e1f6e8a486c5c66
ep_bytes: 689c194000e8f0ffffff000000000000
timestamp: 2014-04-26 00:37:21


Version Info:

Translation: 0x0409 0x04b0
Comments: ddprtu
CompanyName: hejy
FileDescription: komvh
LegalTrademarks: jojkfl
ProductName: jkvl
FileVersion: 1.65
ProductVersion: 1.65
InternalName: tyrsu
OriginalFilename: tyrsu.exe

Worm:Win32/Vobfus.AAA also known as:

BkavW32.FamVT.FakeFoderK1.Trojan
LionicWorm.Win32.Vobfus.lPJK
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.ManBat.1
ClamAVWin.Worm.Vobfus-7063274-0
FireEyeGeneric.mg.c1c3927db34df1f7
CAT-QuickHealTrojan.Beebone.D
SkyhighW32/Worm-AAEH.g!C1C3927DB34D
McAfeeW32/Worm-AAEH.g!C1C3927DB34D
Cylanceunsafe
VIPREGen:Heur.ManBat.1
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 0040f8321 )
AlibabaWorm:Win32/Vobfus.def25129
K7GWTrojan ( 0040f8321 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZevbaF.36680.im0@aeALf!mi
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Injector.BCTT
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.Vobfus.esee
BitDefenderGen:Heur.ManBat.1
NANO-AntivirusTrojan.Win32.Vobfus.dwzatr
AvastWin32:VB-AIDR [Trj]
TencentWin32.Worm.Vobfus.Ikjl
TACHYONWorm/W32.VB-Vobfus.146944
EmsisoftGen:Heur.ManBat.1 (B)
BaiduWin32.Trojan.Inject.n
F-SecureWorm.WORM/Vobfus.esebw
DrWebWin32.HLLW.Autoruner2.12869
ZillyaWorm.Vobfus.Win32.152405
SophosMal/VB-ALW
IkarusTrojan.Inject2
GoogleDetected
AviraWORM/Vobfus.esebw
Antiy-AVLWorm/Win32.Vobfus
Kingsoftmalware.kb.a.1000
MicrosoftWorm:Win32/Vobfus.AAA
XcitiumTrojWare.Win32.Agent.AGER@5a09b7
ArcabitTrojan.ManBat.1
ZoneAlarmWorm.Win32.Vobfus.esee
GDataGen:Heur.ManBat.1
VaristW32/Vobfus.PC.gen!Eldorado
AhnLab-V3Trojan/Win32.Jorik.C201944
VBA32TScope.Trojan.VB
MAXmalware (ai score=100)
MalwarebytesGeneric.Malware/Suspicious
PandaGeneric Malware
RisingWorm.Vobfus!8.10E (TFE:3:EnO9Nj2JbKT)
YandexWorm.Vobfus!d2fA7+ZgPFY
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.ALW!tr
AVGWin32:VB-AIDR [Trj]
Cybereasonmalicious.e519a7
DeepInstinctMALICIOUS

How to remove Worm:Win32/Vobfus.AAA?

Worm:Win32/Vobfus.AAA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment