Home / malwarePDF  

VirTool:Win32/VBInject


First posted on 30 November 2010.
Source: SecurityHome

Aliases :

VirTool:Win32/VBInject is also known as Trojan.Win32.VBKrypt.wjk (Kaspersky), Trojan.VBKrypt!IVF1naI9XFI (VirusBuster), Trojan.Injector!RpnEAwy/ilw (VirusBuster), TR/VBKrypt.vny.2 (Avira), Trojan.MulDrop1.52522 (Dr.Web), Trojan.Siggen2.7969 (Dr.Web), Win32/Injector.DOJ (ESET), Virus.Win32.VBInject (Ikarus), Trj/StartPage.DJM (Panda), W32.Pilleuz (Symantec), TROJ_VBKRYPT.AE (Trend Micro).

Explanation :

VirTool:Win32/VBInject is a generic detection for malicious files that are obfuscated using particular techniques to prevent their detection or analysis.
Top

VirTool:Win32/VBInject is a generic detection for malicious files that are obfuscated using particular techniques to prevent their detection or analysis. A malicious file is generally encrypted/and or compressed and stored inside another program (written in Visual Basic), which decodes the malicious file and loads it. The malicious program may be injected into a clean process or loaded in a new process of its own. Unlike a "dropper", the malicious executable is never written to disk as a separate file. Malicious programs detected as VirTool:Win32/VBInject can have virtually any purpose, as this technique is utilized by many different malware families in the wild in order to protect them from detection or analysis.

Analysis by Daniel Radu

Last update 30 November 2010

 

TOP