Categories: Backdoor

Backdoor:Win32/Zegost.BW information

The Backdoor:Win32/Zegost.BW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Zegost.BW virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (2 unique times)
Unconventionial language used in binary resources: Chinese (Simplified)
Anomalous binary characteristics

How to determine Backdoor:Win32/Zegost.BW?


File Info:
crc32: 45273C74md5: 1dc59201d0ba0d570a4c4ee07584430dname: good.exesha1: 3869860375558ecb17a4c0f18808754e48c84b59sha256: 429d667df6244d45d6a58e8279a12d9bbbb81489a5c9767fa44ed3532491af86sha512: c42d434ca6a5490d80f3a2154ea159f0f72bbef897311dce4ad045ec234cbac039c4e3831fed9d06300a0236e4ad8358c46683e2621c9312fca3d1c61ad67f4bssdeep: 3072:dR9cecthiLdNTWUShFq+VszA3nSoqIS0HLT5SatkCbe6vHDatkrtQ0FWQ:7ixbU4fq+VszKSNYrFdbe6vW2tQTtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: (C) 360.cn All Rights Reserved.InternalName: 360LoginFileVersion: 1, 0, 0, 1211ProductName: 360x5b89x5168x536bx58ebProductVersion: 1, 0, 0, 1211FileDescription: 360x5b89x5168x536bx58eb  x5e10x6237x767bx9646x6a21x5757OriginalFilename: WebLogin.exeTranslation: 0x0004 0x04b0

Backdoor:Win32/Zegost.BW also known as:

DrWeb	Trojan.DownLoader9.8143
MicroWorld-eScan	Gen:Variant.Graftor.145885
FireEye	Generic.mg.1dc59201d0ba0d57
McAfee	Artemis!1DC59201D0BA
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0003ead81 )
BitDefender	Gen:Variant.Graftor.145885
K7GW	Trojan ( 0003ead81 )
Cybereason	malicious.1d0ba0
TrendMicro	Cryp_Xin2
BitDefenderTheta	Gen:NN.ZexaF.34090.nu0@a8vZl8dj
F-Prot	W32/Dropper.6!Generic
Symantec	SMG.Heur!gen
TotalDefense	Win32/Zegost.UHOGJP
APEX	Malicious
Avast	Win32:Agent-BADD [Trj]
GData	Gen:Variant.Graftor.145885
Kaspersky	Trojan-Dropper.Win32.Agent.oiap
Alibaba	Backdoor:Win32/Zegost.2d2048c1
NANO-Antivirus	Trojan.Win32.Magania.csluvs
AegisLab	Trojan.Win32.Glomaru.mDOx
Rising	Backdoor.Zegost!8.177 (RDMK:cmRtazpE7PkBHVOLv9ihnnIcrqJV)
Ad-Aware	Gen:Variant.Graftor.145885
Emsisoft	Gen:Variant.Graftor.145885 (B)
Comodo	TrojWare.Win32.Farfli.BELT@5j3r14
F-Secure	Backdoor.BDS/Zegost.Gen7
Baidu	Win32.Trojan.Farfli.l
Zillya	Trojan.Magania.Win32.65153
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Malware.dh
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
SentinelOne	DFI – Suspicious PE
Cyren	W32/Dropper.6!Generic
Jiangmin	Trojan/PSW.Magania.bgyc
MaxSecure	Virus.W32.Shodi.I
Avira	BDS/Zegost.Gen7
Antiy-AVL	Trojan[Dropper]/Win32.Agent.oiap
Endgame	malicious (high confidence)
Arcabit	Trojan.Graftor.D239DD
SUPERAntiSpyware	Trojan.Agent/Gen-Zegost
ZoneAlarm	Trojan-Dropper.Win32.Agent.oiap
Microsoft	Backdoor:Win32/Zegost.BW
TACHYON	Trojan-PWS/W32.WebGame.214016.R
AhnLab-V3	Trojan/Win32.Magania.R92960
Acronis	suspicious
VBA32	BScope.Trojan.SvcHorse.01643
ALYac	Gen:Variant.Graftor.145885
MAX	malware (ai score=85)
Panda	Trj/Genetic.gen
ESET-NOD32	Win32/Farfli.PZ
TrendMicro-HouseCall	Cryp_Xin2
Tencent	Malware.Win32.Gencirc.10b642ce
Yandex	Trojan.PWS.Magania!v+UH2KLH0GQ
Ikarus	Virus.Win32.PePatch
eGambit	Unsafe.AI_Score_54%
Fortinet	W32/Magania.IQGR!tr
AVG	Win32:Agent-BADD [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_80% (W)
Qihoo-360	Backdoor.Win32.Gh0st.KD