Home / malware VirTool:Win32/Vbcrypt.AX
First posted on 06 October 2010.
Source: SecurityHomeAliases :
VirTool:Win32/Vbcrypt.AX is also known as TR/Crypt.XPACK.Gen (Avira), Win32/VB.PFF (ESET), Trojan.Win32.VB.ahfs (Kaspersky), W32/Obfuscated.H!genr (Norman), Mal/VB-F (Sophos).
Explanation :
VirTool:Win32/VBcrypt.AX is a detection for Visual Basic (VB) compiled malicious executables that are commonly used to embed other malicious components by encrypting them inside its code. The main objective is to hide the embedded malicious executable from users and Antivirus scanners to allow it to extract and execute components at runtime.
Top
VirTool:Win32/VBcrypt.AX is a detection for Visual Basic (VB) compiled malicious executables that are commonly used to embed other malicious components by encrypting them inside its code. The main objective is to hide the embedded malicious executable from users and Antivirus scanners to allow it to extract and execute components at runtime. Payload Extracts and runs embedded codeWhen executed, the VB-compiled executable will decrypt the embedded component(s) at runtime, then save and execute the components locally. There are several variants of Win32/VBcrypt; each differ in technique or encryption method used to hide the malicious components inside its code. Additional InformationIn the wild, this malware may be distributed as a wanted file in torrent searches, for example "Prince(2010)-PDVDRip{NewSource}-1CDRip-XviD-Mp3-[DrC].exe".
Analysis by Rex PlantadoLast update 06 October 2010
