Worm

Worm:Win32/Vobfus.IT (file analysis)

Malware Removal

The Worm:Win32/Vobfus.IT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Vobfus.IT virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Worm:Win32/Vobfus.IT?



File Info:

name: 08E7644DE468B7E2C538.mlw
path: /opt/CAPEv2/storage/binaries/5c199df2c9b6aaa73825b4eb4a9926894677d1b84ba802c2f7df407ea3d8e2f6
crc32: 992EAB73
md5: 08e7644de468b7e2c538566fc8be9388
sha1: 1e39efce2164f4fa0482dd3879cece2b95bc6417
sha256: 5c199df2c9b6aaa73825b4eb4a9926894677d1b84ba802c2f7df407ea3d8e2f6
sha512: 625abe324354abe0219124c0321fc0ce6954725d9ebe66e1365f14106f7821793cb66980fd1666961f2136d4139c5374f0b39b6ff3f42d2e62ae01577ca3b1fa
ssdeep: 6144:L27FRUWJcCC2lfKgO32mO1IdifegrSQOJMmSnxtAPUWJj9/P/oEAlu9UY6La+/:LyrTCqmjZHJFnPnp6l2Uu+/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EF54E72A77A0F739E01289F4392A43B4812DAC3165E5A81BF7C16F1A72F5DD7E221713
sha3_384: c22ba049ccf226bcc0874b2c10cdeae930afadcf8a96196f4f0cbc7f397a539017035f9a38d89945d9f289509cd9f608
ep_bytes: 685c464000e8f0ffffff000000000000
timestamp: 2012-09-30 06:40:42


Version Info:

Translation: 0x0409 0x04b0
ProductName: artifact
FileVersion: 7.43
ProductVersion: 7.43
InternalName: pollenivorous
OriginalFilename: pollenivorous.exe

Worm:Win32/Vobfus.IT also known as:

LionicWorm.Win32.Vobfus.lEck
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.950
ClamAVWin.Packer.VBCrypt-5731517-0
FireEyeGeneric.mg.08e7644de468b7e2
CAT-QuickHealTrojan.Beebone.D
ALYacGen:Variant.Barys.950
Cylanceunsafe
ZillyaTrojan.Vobfus.Win32.617587
SangforTrojan.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
AlibabaWorm:Win32/Vobfus.80215d42
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.de468b
BaiduWin32.Trojan.Inject.n
VirITTrojan.Win32.VB.CLYR
CyrenW32/Vobfus.BE.gen!Eldorado
SymantecW32.Changeup
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/VBObfus.CK
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Vobfus.xbs
BitDefenderGen:Variant.Barys.950
NANO-AntivirusTrojan.Win32.Autoruner1.covlgq
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
AvastWin32:VB-AEPV [Trj]
TencentWorm.Win32.Vobfus.q
TACHYONTrojan/W32.VB-Jorik.303104.B
EmsisoftGen:Variant.Barys.950 (B)
F-SecureTrojan.TR/VBObfus.avgnz
DrWebWin32.HLLW.Autoruner1.26961
VIPREGen:Variant.Barys.950
TrendMicroWORM_VOBFUS.SM02
McAfee-GW-EditionBehavesLike.Win32.VBObfus.dm
SophosMal/SillyFDC-AC
GDataGen:Variant.Barys.950
JiangminTrojan/Jorik.fphy
AviraTR/VBObfus.avgnz
Antiy-AVLWorm/Win32.WBNA.gen
XcitiumWorm.Win32.Pronny.ABQ@4puwz1
ArcabitTrojan.Barys.950
ViRobotWorm.Win32.A.WBNA.303104.AAQ
ZoneAlarmTrojan.Win32.Vobfus.xbs
MicrosoftWorm:Win32/Vobfus.IT
GoogleDetected
AhnLab-V3Worm/Win32.WBNA.R39227
McAfeeGenDownloader.rv
MAXmalware (ai score=83)
VBA32BScope.Trojan.Diple
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SM02
RisingWorm.VobfusEx!1.99DF (CLASSIC)
YandexTrojan.GenAsa!QnWmcFIQ2hQ
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Diple.EJQE!tr
BitDefenderThetaGen:NN.ZevbaF.36196.sm0@aGczyBfi
AVGWin32:VB-AEPV [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Worm:Win32/Vobfus.IT?

Worm:Win32/Vobfus.IT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment