Home / malware VirTool:Win32/VBInject.gen!CN
First posted on 24 December 2019.
Source: MicrosoftAliases :
There are no other names known for VirTool:Win32/VBInject.gen!CN.
Explanation :
VirTool:Win32/VBInject.gen!CN is a generic detection for obfuscated malware. The loader, which is detected as VirTool:Win32/VBInject.gen!CN, is written in Visual Basic and the malicious code, which may have virtually any purpose, is encrypted. When run, the code is decrypted and injected into the current process so the resulting code is never written to disk, in an attempt to avoid being detected by security software. It contains code and techniques to make its analysis more difficult. The following actions have been observed in various files detected as VirTool:Win32/VBInject.gen!CN: Injecting code into multiple processes Downloading and executing arbitrary files Connecting to various Web sites Registering new DLL files Analysis by Marian Radu
Last update 24 December 2019
