Worm

About “Worm:Win32/Vobfus.AN” infection

Malware Removal

The Worm:Win32/Vobfus.AN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Vobfus.AN virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Worm:Win32/Vobfus.AN?



File Info:

name: EA1E25FD2718A022BA01.mlw
path: /opt/CAPEv2/storage/binaries/2d004a2a2852a7642dffa8e8d2c1b560c38dc96c7422a0a30ce3b7d3cb2c1a5c
crc32: 80EFE02A
md5: ea1e25fd2718a022ba017ce6e6e385b3
sha1: 80ade2fb356cc700b3564dca4ae53fe0609b9b0c
sha256: 2d004a2a2852a7642dffa8e8d2c1b560c38dc96c7422a0a30ce3b7d3cb2c1a5c
sha512: 322703a877c502f692fa6b883ee04871145816d8f8d9f37d86f2fd6af60c3ddf1458414bb32872b4f935891e2a989f366cd2e5596504b1ccd42135450c476baf
ssdeep: 768:FwYOhAjPJZdr+KGz5BAtpm4eutfrWTVtTZ/BliKG1jiTa9McTfkQ3sqrAC:Wa3dS6pm4aTZ5XG1jiTa9McrkQ8W
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16493421F73413598E51915F53A8EC2D7A2E6A4FC8A1751C2CB753958A82CF3B2C08DAF
sha3_384: 9a89160a1a07a2b15ea6d428a5e33ca26bd5f8cbd930a65baf4d0b0429a4764d5041b8143a709a0c80aa12276825a05f
ep_bytes: 6878114000e8f0ffffff000000000000
timestamp: 2010-11-24 13:55:18


Version Info:

Translation: 0x0409 0x04b0
ProductName: AnyyPO
FileVersion: 3.44
ProductVersion: 3.44
InternalName: AnyyP
OriginalFilename: AnyyP.exe

Worm:Win32/Vobfus.AN also known as:

BkavW32.AIDetectMalware
LionicWorm.Win32.VBNA.li7E
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Jaik.11356
FireEyeGeneric.mg.ea1e25fd2718a022
CAT-QuickHealWorm.WbnaMF.S18680782
SkyhighBehavesLike.Win32.VBObfus.nt
McAfeeDownloader-CJX.gen.l
MalwarebytesGeneric.Worm.AutoRun.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 001f4fd51 )
AlibabaMalware:Win32/km_2f9183.None
K7GWTrojan ( 001f4fd51 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Jaik.D2C5C
BitDefenderThetaAI:Packer.8C6F3BAB20
VirITTrojan.Win32.Generic.BZMB
SymantecW32.Changeup!gen9
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.XH
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.WBNA.ipa
BitDefenderGen:Variant.Jaik.11356
NANO-AntivirusTrojan.Win32.VB.cmxqte
SUPERAntiSpywareTrojan.Agent/Gen-Vban
AvastWin32:AutoRun-BRC [Trj]
TencentWorm.Win32.Wbna.ff
SophosMal/SillyFDC-D
BaiduWin32.Worm.VB.al
F-SecureTrojan.TR/Otran.AA
DrWebWin32.HLLW.Autoruner.36338
VIPREGen:Variant.Jaik.11356
TrendMicroWORM_VOBFUS.SMIB
EmsisoftGen:Variant.Jaik.11356 (B)
SentinelOneStatic AI – Malicious PE
JiangminWorm/VBNA.gxpr
VaristW32/Vobfus.L.gen!Eldorado
AviraTR/Otran.AA
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.1000
XcitiumWorm.Win32.VB.ww@2ajsup
MicrosoftWorm:Win32/Vobfus.AN
ViRobotWorm.Win32.Agent.94208
ZoneAlarmWorm.Win32.WBNA.ipa
GDataGen:Variant.Jaik.11356
GoogleDetected
AhnLab-V3Worm/Win32.VBNA.R19315
VBA32SScope.Trojan.VBRA.5166
ALYacGen:Variant.Jaik.11356
TACHYONWorm/W32.VB-VBNA.94208.B
Cylanceunsafe
PandaGeneric Malware
TrendMicro-HouseCallWORM_VOBFUS.SMIB
RisingWorm.Autorun!1.99EA (CLASSIC)
YandexTrojan.GenAsa!DJXzsFP6hFw
IkarusTrojan.Win32.Otran
FortinetW32/AutoRun.XM!worm
AVGWin32:AutoRun-BRC [Trj]
Cybereasonmalicious.b356cc
DeepInstinctMALICIOUS

How to remove Worm:Win32/Vobfus.AN?

Worm:Win32/Vobfus.AN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment