Home / malware VirTool:Win32/Vbinder.gen!G
First posted on 14 January 2020.
Source: MicrosoftAliases :
VirTool:Win32/Vbinder.gen!G is also known as Dropper.Heliosb.N, TR/Crypt.XDR.Gen, Trojan.Dropper.VB.1, Win32/Injector.AHK, Trojan.Inject, Mal/VBDrop-G.
Explanation :
VirTool:Win32/Vbinder.gen!G is a generic detection for obfuscated malware. The loader, which is detected as VirTool:Win32/Vbinder.gen!G, is written in Visual Basic and the malicious code, which may have virtually any purpose, is encrypted. When run, the code is decrypted and injected into the current process so the resulting code is never written to disk, in an attempt to avoid being detected by security software. It contains code and techniques to make its analysis more difficult. The following actions have been observed in various files detected as VirTool:Win32/Vbinder.gen!G: Inject code into multiple processes Download and execute other potentially malicious files Connect to various Web sites Analysis by Patrik Vicol
Last update 14 January 2020
