Home / malware VirTool:Win32/VBInject.gen!DG
First posted on 15 March 2019.
Source: MicrosoftAliases :
VirTool:Win32/VBInject.gen!DG is also known as TR/Dropper.Gen, Win32.HLLW.SpyNet, Net-Worm.Win32.Koobface.fxw, Generic.dx!pte, W32/Koobface.C.worm, W32/Koobface-AM, Trojan.Win32.Generic!BT.
Explanation :
VirTool:Win32/VBInject.gen!DG is a generic detection for obfuscated Visual Basic-compiled malware. The loader, which is also detected as VirTool:Win32/VBInject.gen!DG, is written in Visual Basic and has the encrypted malicious code embedded in its body. The embedded malicious code is then executed, and can do various malicious activities on the computer. When run, the code is decrypted and injected into the current process so the resulting code is never written to disk, in an attempt to avoid being detected by security software.
It contains code and techniques to make its analysis more difficult.
The following actions have been observed in various files detected as VirTool:Win32/VBInject.gen!DG; note however that this is not a comprehensive list: Inject code into multiple processes Download and execute potentially malicious files Connect to various Web sites Register new DLL files Analysis by Vincent TiuLast update 15 March 2019