Worm

Worm:Win32/Vobfus.BA malicious file

Malware Removal

The Worm:Win32/Vobfus.BA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:Win32/Vobfus.BA virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Worm:Win32/Vobfus.BA?


File Info:

name: 3D1132AA3794161C49C7.mlw
path: /opt/CAPEv2/storage/binaries/1e1b9ee75227256490281dbfd8ab0299f683e1c314ccae450f5ae5727cc1adda
crc32: 43A690A4
md5: 3d1132aa3794161c49c7403a5c1e60b8
sha1: 295277a0611aaab8aa3660cc8511bdd0a6b2b24e
sha256: 1e1b9ee75227256490281dbfd8ab0299f683e1c314ccae450f5ae5727cc1adda
sha512: 6a275077db10cd8aae086b24ae57b2b41e5ad5f6b21c4db0c3752cc007a8c466e67e5e3997b71cc11edf416b5ebf5eaed6cee23f3cd03c0515ec498aaca86b51
ssdeep: 1536:bWfCFH+lKd/EsUzUVACD1LGLULKLdLaL7gW8ENVk4Lura:wC5+U/EsUAtNVkm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15D937137778015C7C91852751DC3B7C75AB22A860A1B39832B2032ABFD6AE411B6D5FF
sha3_384: fb5d877c8a7a1f6b0baa27ef30b8e52bf2fd80be3cba7046b015bf4e1ff823fa9911ac3c3bcbe80baf5ccbf9c44ba0bb
ep_bytes: 6834124000e8f0ffffff000000000000
timestamp: 2011-02-09 03:35:34

Version Info:

Translation: 0x0409 0x04b0
ProductName: TgTiHgImqjdYjO
FileVersion: 8.40
ProductVersion: 8.40
InternalName: iFYGcUb
OriginalFilename: iFYGcUb.exe

Worm:Win32/Vobfus.BA also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.VBKrypt.55
CAT-QuickHealWorm.VbnaMF.S18680762
SkyhighBehavesLike.Win32.VBObfus.mt
McAfeeDownloader-CJX.gen.az
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0020d27b1 )
K7GWEmailWorm ( 0020d27b1 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduWin32.Worm.AutoRun.cj
VirITTrojan.Win32.Generic.NGH
SymantecW32.Changeup!gen10
ESET-NOD32Win32/AutoRun.VB.AAT
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.VBNA.bsgt
BitDefenderGen:Variant.VBKrypt.55
NANO-AntivirusTrojan.Win32.MLW.cniocp
AvastWin32:AutoRun-BVZ [Trj]
TencentWorm.Win32.VBNA.ha
EmsisoftGen:Variant.VBKrypt.55 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.Siggen.64685
VIPREGen:Variant.VBKrypt.55
TrendMicroWORM_VOBFUS.SMIA
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.3d1132aa3794161c
SophosMal/VBCheMan-A
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=81)
GDataGen:Variant.VBKrypt.55
GoogleDetected
AviraTR/Dropper.Gen
VaristW32/Vobfus.O.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
ArcabitTrojan.VBKrypt.55
ViRobotWorm.Win32.A.VBNA.90112.AR
ZoneAlarmWorm.Win32.VBNA.bsgt
MicrosoftWorm:Win32/Vobfus.BA
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.VBKrypt.R3045
BitDefenderThetaAI:Packer.B297FC3920
ALYacGen:Variant.VBKrypt.55
TACHYONWorm/W32.VBNA.90112.B
VBA32SScope.Trojan.VBRA.11309
Cylanceunsafe
PandaW32/Autorun.JUV.worm
TrendMicro-HouseCallWORM_VOBFUS.SMIA
RisingWorm.VobfusEx!1.99EB (CLASSIC)
YandexTrojan.GenAsa!o/OBX+/FVDI
IkarusTrojan.VB
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/AutoRun.XM!worm
AVGWin32:AutoRun-BVZ [Trj]
Cybereasonmalicious.0611aa
DeepInstinctMALICIOUS

How to remove Worm:Win32/Vobfus.BA?

Worm:Win32/Vobfus.BA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment