Backdoor:Win32/Zegost.CN malicious file

Malware Removal

The Backdoor:Win32/Zegost.CN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor:Win32/Zegost.CN virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (2 unique times)
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
v1.v4yf.com

How to determine Backdoor:Win32/Zegost.CN?


File Info:

crc32: F6F70F48
md5: 7e8b82207edffe03ab64c431175c20ff
name: 7E8B82207EDFFE03AB64C431175C20FF.mlw
sha1: 0b2dcf9665a8c4e7155b6d193f3c67b12fa37668
sha256: d66515cc7441a1cc636e9ae6f48c467f1cb9f8a28bc40fdef508a0eae2f8d3fe
sha512: 59f075a72cd5b712a66cc85192738cdeea05e33f77f6690ca4f222a8a767ff03c590749e789b4428411560263c7da3a75af97b0bb46db87e3af77a827f541a03
ssdeep: 6144:MrhqCdtnr5BPLcqBKAawvRKn6hm3xnKnCTa3R///V6mtME2wY2enZb1MJ8v2T3P:IYCf/tjjvQV38Ce3ZtaykruT3siHofj
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: 2009-2013 The Bitcoin developers 2011-2013 The Litecoin developers
InternalName: litecoin-qt
FileVersion: 0.8.6.1
CompanyName: Litecoin
LegalTrademarks1: Distributed under the MIT/X11 software license, see the accompanying file COPYING or http://www.opensource.org/licenses/mit-license.php.
ProductName: Litecoin-Qt
ProductVersion: 0.8.6.1
FileDescription: Litecoin-Qt (OSS GUI client for Litecoin)
OriginalFilename: litecoin-qt.exe
Translation: 0x0000 0x04e4

Backdoor:Win32/Zegost.CN also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Porcupine.vq0@aCbhtbbig
FireEyeGeneric.mg.7e8b82207edffe03
McAfeeGenericRXAA-AA!7E8B82207EDF
CylanceUnsafe
SangforMalware
BitDefenderGen:Heur.Mint.Porcupine.vq0@aCbhtbbig
Cybereasonmalicious.07edff
BitDefenderThetaAI:Packer.2F75AD421F
SymantecBackdoor.Trojan
APEXMalicious
AvastWin32:Trojan-gen
KasperskyUDS:DangerousObject.Multi.Generic
RisingMalware.Zbot!8.E95E (TFE:3:ZyXdVehQhiU)
Ad-AwareGen:Heur.Mint.Porcupine.vq0@aCbhtbbig
SophosMal/Generic-S
DrWebBackDoor.Siggen.56839
InvinceaMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.fc
EmsisoftGen:Heur.Mint.Porcupine.vq0@aCbhtbbig (B)
IkarusTrojan.Win32.Farfli
JiangminTrojan/PSW.Ruftar.fuk
AviraTR/Crypt.ZPACK.Gen
MicrosoftBackdoor:Win32/Zegost.CN
ArcabitTrojan.Mint.Porcupine.ED10A56
ZoneAlarmUDS:DangerousObject.Multi.Generic
GDataGen:Heur.Mint.Porcupine.vq0@aCbhtbbig
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Qhost.R96184
Acronissuspicious
VBA32BScope.Trojan.Flooder
ALYacGen:Heur.Mint.Porcupine.vq0@aCbhtbbig
MAXmalware (ai score=84)
ESET-NOD32a variant of Win32/Farfli.AQM
SentinelOneStatic AI – Malicious PE
AVGWin32:Trojan-gen
Qihoo-360HEUR/QVM20.1.58D1.Malware.Gen

How to remove Backdoor:Win32/Zegost.CN?

Backdoor:Win32/Zegost.CN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment