Worm

About “Worm:Win32/Vobfus.BJ” infection

Malware Removal

The Worm:Win32/Vobfus.BJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Vobfus.BJ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Worm:Win32/Vobfus.BJ?



File Info:

name: 24C9D533635773A34D66.mlw
path: /opt/CAPEv2/storage/binaries/323730c0af7f44dfeb54eb2565ec101e51aaeddd661e284663ad78e88e519bb1
crc32: 5A92F222
md5: 24c9d533635773a34d660f3ca9f2f64b
sha1: 48b11559712d1bdba1ce6877f574ee8c3c77f36a
sha256: 323730c0af7f44dfeb54eb2565ec101e51aaeddd661e284663ad78e88e519bb1
sha512: 8a4afe90a0b515910a891387a02f4c9e1ec39bf2325474ed9c3daac7f408f86d3ff6f462ae0a606a6f0c85ce380c75e20d43fa6be22bcae16bb98a143d462056
ssdeep: 3072:WEqNVnha1paHDLo8xxwhlT2sqcDNvYgWsGKc64gJ3o/pDjOTVwI2n43sj:FOVE14LpMlTxDhWUR5GZjOTQKs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ED143055BB80ADBBE0B18EF5AB85435340906C3855C5B233B3C1971A2679CE7C2727EB
sha3_384: d2480d22da42e2a48a19cd2ba802c9faed082744e60475d8258daab0fbe9d537cc4ef472e26795048cfe7b5fa1b7900c
ep_bytes: 68743c4000e8eeffffff000000000000
timestamp: 2001-06-23 10:32:40


Version Info:

Translation: 0x0409 0x04b0
ProductName: bdiYZszaNnmpsCVjRiO
FileVersion: 7.74
ProductVersion: 7.74
InternalName: kNEABXwZDcJh
OriginalFilename: kNEABXwZDcJh.exe

Worm:Win32/Vobfus.BJ also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.ZGY.5
ClamAVWin.Trojan.Changeup-6169544-0
FireEyeGeneric.mg.24c9d533635773a3
CAT-QuickHealWorm.VobfusVMF.S20620635
McAfeeVBObfus.g
CylanceUnsafe
VIPREGen:Trojan.Heur.ZGY.5
SangforSuspicious.Win32.Save.vb
K7AntiVirusNetWorm ( 700000151 )
K7GWNetWorm ( 700000151 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Worm.VB.tn
VirITTrojan.Win32.Agent.BPXU
CyrenW32/VBTrojan.Vobfus.2!Generic
SymantecW32.Changeup
ESET-NOD32Win32/AutoRun.VB.ABN
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.WBNA.a
BitDefenderGen:Trojan.Heur.ZGY.5
NANO-AntivirusTrojan.Win32.WBNA.covkcn
AvastWin32:VB-RPN [Trj]
Ad-AwareGen:Trojan.Heur.ZGY.5
SophosML/PE-A + Mal/VBCheMan-A
DrWebTrojan.VbCrypt.60
TrendMicroWORM_VOBFUS.SMHC
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.dm
EmsisoftGen:Trojan.Heur.ZGY.5 (B)
IkarusWorm.SuspectCRC
GDataWin32.Worm.Vobfus.41ZZY1
AviraWORM/VB.Agent.psc
Antiy-AVLTrojan/Generic.ASBOL.5
ViRobotWorm.Win32.A.WBNA.290816
ZoneAlarmWorm.Win32.WBNA.ipa
MicrosoftWorm:Win32/Vobfus.BJ
GoogleDetected
AhnLab-V3Trojan/Win32.Aresclass.R77867
Acronissuspicious
VBA32Trojan.VBRA.019
ALYacGen:Trojan.Heur.ZGY.5
MAXmalware (ai score=89)
MalwarebytesMalware.AI.1123537092
TrendMicro-HouseCallWORM_VOBFUS.SMHC
RisingWorm.Autorun!8.50 (TFE:3:j0l8k3oSbaD)
YandexTrojan.GenAsa!2/9SHf91NAw
SentinelOneStatic AI – Malicious PE
MaxSecureWorm.W32.WBNA.a
FortinetW32/CoinMiner.F
BitDefenderThetaAI:Packer.254A2CEF15
AVGWin32:VB-RPN [Trj]
Cybereasonmalicious.363577
PandaGeneric Malware

How to remove Worm:Win32/Vobfus.BJ?

Worm:Win32/Vobfus.BJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment