pátek 24. února 2012

VirTool:Win32/VBInject.DR


Encyclopedia entry
Updated: Apr 17, 2011  |  Published: Mar 12, 2010

Aliases
  • W32/Injector.PF (Norman)
  • Worm.Koobface.DBS (VirusBuster)
  • Win32/Koobface.LD (CA)
  • Win32/Koobface.NCT (ESET)
  • Virus.Win32.VBInject (Ikarus)
  • W32/Koobface.JE.worm (Panda)
  • Mal/Koobface-B (Sophos)
  • W32.Koobface.D (Symantec)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.121.332.0
Released: Feb 24, 2012
Detection initially created:
Definition: 1.75.426.0
Released: Feb 05, 2010


 

Summary

VirTool:Win32/VBInject.DR is a detection for obfuscated Visual Basic compiled malicious code. The malicious code or file is usually encrypted and/or compressed, and is decrypted and decoded before it is injected into a process or dropped and executed.


 

Symptoms

Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptom(s).


 

Technical Information (Analysis)

VirTool:Win32/VBInject.DR is a detection for obfuscated Visual Basic compiled malicious code. The malicious code or file is usually encrypted and/or compressed, and is decrypted and decoded before it is injected into a process or dropped and executed.
 
The malware that lies "underneath" the obfuscation could have virtually any purpose. Some samples of Win32/VBInject.DR may inject a variant ofWorm:Win32/Koobface in the system.
 
Analysis by Marian Radu

Žádné komentáře:

Okomentovat

Poznámka: Komentáře mohou přidávat pouze členové tohoto blogu.