Home / malware

PDF

VirTool:Win32/Vbinder.gen!GL

First posted on 04 March 2010.
Source: SecurityHome

Aliases :

VirTool:Win32/Vbinder.gen!GL is also known as Trojan.Win32.VB.abhw (Kaspersky), Troj/Vbinder-B (Sophos).

Explanation :

VirTool:Win32/VBinder.gen!GL is a generic detection for obfuscated malware. The loader, which is detected as VirTool:Win32/VBinder.gen!GL, is written in Visual Basic and the malicious code, which may have virtually any purpose, is encrypted.
Top

VirTool:Win32/VBinder.gen!GL is a generic detection for obfuscated malware. The loader, which is detected as VirTool:Win32/VBinder.gen!GL, is written in Visual Basic and the malicious code, which may have virtually any purpose, is encrypted. When run, the code is decrypted and injected into the current process so the resulting code is never written to disk, in an attempt to avoid being detected by security software. It contains code and techniques to make its analysis more difficult. The following actions have been observed in various files detected as VirTool:Win32/VBinder.gen!GL:

Injecting code into multiple processes

Downloading and executing arbitrary files

Connecting to various Web sites

Registering new DLL files

The following families have been found using this malware:

Worm:Win32/Prolaco

Worm:Win32/Pushbot

Worm:Win32/Hamweq

Backdoor:Win32/Bifrose

Backdoor:Win32/Poison

Analysis by Marian Radu

Last update 04 March 2010

 

TOP