Categories: Backdoor

Backdoor:Win32/Zegost.BX (file analysis)

The Backdoor:Win32/Zegost.BX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Zegost.BX virus can do?

Expresses interest in specific running processes
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Backdoor:Win32/Zegost.BX?


File Info:
crc32: 7BFCD1E1md5: d6b12a790aa05080bafaa67340797326name: D6B12A790AA05080BAFAA67340797326.mlwsha1: 742d8e6061024f7319dc16016bddfcb967759a16sha256: 0861bbe961ccbcc57c4a8221dde979639a18e554d24e642150e667ef58820141sha512: 870501738c9f62f11171ab6f250c0f73d4c674eaea9255e6c36504f09c1d5b69608a510e76684e242259108548212a6067b02e3401b5ad72fb69897fb4c9c5ccssdeep: 6144:BWcZ5sOM+zfju6ZaXQXeLu/340LxDWG2a2V2hxH1RHYkFUn9u2VI:8czsOM+zfju6ZaXQXeLu/340LxDWGuVetype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright ? 1998-2009 VMware, Inc.InternalName: vmuiFileVersion: 7.0.0 build-203739CompanyName: VMware, Inc.PrivateBuild: LegalTrademarks: Comments: ProductName: VMware WorkstationSpecialBuild: ProductVersion: 7.0.0 build-203739FileDescription: VMware WorkstationOriginalFilename: vmware.exeTranslation: 0x0804 0x04b0

Backdoor:Win32/Zegost.BX also known as:

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Mikey.116481
FireEye	Generic.mg.d6b12a790aa05080
CAT-QuickHeal	Backdoor.Zegost.8058
McAfee	GenericRXEN-ZP!D6B12A790AA0
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 005674881 )
BitDefender	Gen:Variant.Mikey.116481
K7GW	Trojan ( 005674881 )
Cybereason	malicious.90aa05
Baidu	Win32.Trojan.Farfli.aw
Symantec	Backdoor.Trojan
APEX	Malicious
Avast	Win32:Farfli-AH [Trj]
ClamAV	Win.Trojan.Farfli-9823560-0
Kaspersky	Trojan-Downloader.Win32.Dupzom.awg
Alibaba	TrojanDownloader:Win32/Dupzom.c91ae6ce
Rising	Backdoor.Farfli!1.A1B3 (CLASSIC)
Ad-Aware	Gen:Variant.Mikey.116481
Sophos	ML/PE-A + Mal/Zegost-Z
Comodo	Malware@#1do02ysw9ah9p
F-Secure	Heuristic.HEUR/AGEN.1106463
DrWeb	Trojan.DownLoader12.27937
TrendMicro	BKDR_ZEGOST.SM40
McAfee-GW-Edition	GenericRXEN-ZP!D6B12A790AA0
Emsisoft	Gen:Variant.Mikey.116481 (B)
Ikarus	Backdoor.Win32.Farfli
GData	Win32.Trojan-Spy.IronTiger.A
Jiangmin	Backdoor/Zegost.ctj
Avira	HEUR/AGEN.1106463
MAX	malware (ai score=84)
Arcabit	Trojan.Mikey.D1C701
ZoneAlarm	Trojan-Downloader.Win32.Dupzom.awg
Microsoft	Backdoor:Win32/Zegost.BX
Cynet	Malicious (score: 85)
AhnLab-V3	Backdoor/Win32.Trojan.R117590
BitDefenderTheta	Gen:NN.ZexaF.34804.qq1@aeI7sqcb
ALYac	Gen:Variant.Mikey.116481
VBA32	BScope.Trojan.Keyloggerger
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Farfli.CVO
TrendMicro-HouseCall	BKDR_ZEGOST.SM40
Tencent	Win32.Trojan-downloader.Dupzom.Wstl
Yandex	Trojan.GenAsa!alFWMSP8kZ4
SentinelOne	Static AI – Malicious PE
eGambit	Trojan.Generic
Fortinet	W32/Farfli.TG!tr
AVG	Win32:Farfli-AH [Trj]
Qihoo-360	Win32/Backdoor.Zegost.HwcBBOcA