Categories: Backdoor

Backdoor:Win32/Zegost.CN malicious file

The Backdoor:Win32/Zegost.CN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Zegost.CN virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (2 unique times)
A process attempted to delay the analysis task.
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

v1.v4yf.com

How to determine Backdoor:Win32/Zegost.CN?


File Info:
crc32: F6F70F48md5: 7e8b82207edffe03ab64c431175c20ffname: 7E8B82207EDFFE03AB64C431175C20FF.mlwsha1: 0b2dcf9665a8c4e7155b6d193f3c67b12fa37668sha256: d66515cc7441a1cc636e9ae6f48c467f1cb9f8a28bc40fdef508a0eae2f8d3fesha512: 59f075a72cd5b712a66cc85192738cdeea05e33f77f6690ca4f222a8a767ff03c590749e789b4428411560263c7da3a75af97b0bb46db87e3af77a827f541a03ssdeep: 6144:MrhqCdtnr5BPLcqBKAawvRKn6hm3xnKnCTa3R///V6mtME2wY2enZb1MJ8v2T3P:IYCf/tjjvQV38Ce3ZtaykruT3siHofjtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: 2009-2013 The Bitcoin developers 2011-2013 The Litecoin developersInternalName: litecoin-qtFileVersion: 0.8.6.1CompanyName: LitecoinLegalTrademarks1: Distributed under the MIT/X11 software license, see the accompanying file COPYING or http://www.opensource.org/licenses/mit-license.php.ProductName: Litecoin-QtProductVersion: 0.8.6.1FileDescription: Litecoin-Qt (OSS GUI client for Litecoin)OriginalFilename: litecoin-qt.exeTranslation: 0x0000 0x04e4

Backdoor:Win32/Zegost.CN also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Mint.Porcupine.vq0@aCbhtbbig
FireEye	Generic.mg.7e8b82207edffe03
McAfee	GenericRXAA-AA!7E8B82207EDF
Cylance	Unsafe
Sangfor	Malware
BitDefender	Gen:Heur.Mint.Porcupine.vq0@aCbhtbbig
Cybereason	malicious.07edff
BitDefenderTheta	AI:Packer.2F75AD421F
Symantec	Backdoor.Trojan
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	UDS:DangerousObject.Multi.Generic
Rising	Malware.Zbot!8.E95E (TFE:3:ZyXdVehQhiU)
Ad-Aware	Gen:Heur.Mint.Porcupine.vq0@aCbhtbbig
Sophos	Mal/Generic-S
DrWeb	BackDoor.Siggen.56839
Invincea	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.fc
Emsisoft	Gen:Heur.Mint.Porcupine.vq0@aCbhtbbig (B)
Ikarus	Trojan.Win32.Farfli
Jiangmin	Trojan/PSW.Ruftar.fuk
Avira	TR/Crypt.ZPACK.Gen
Microsoft	Backdoor:Win32/Zegost.CN
Arcabit	Trojan.Mint.Porcupine.ED10A56
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Heur.Mint.Porcupine.vq0@aCbhtbbig
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Qhost.R96184
Acronis	suspicious
VBA32	BScope.Trojan.Flooder
ALYac	Gen:Heur.Mint.Porcupine.vq0@aCbhtbbig
MAX	malware (ai score=84)
ESET-NOD32	a variant of Win32/Farfli.AQM
SentinelOne	Static AI – Malicious PE
AVG	Win32:Trojan-gen
Qihoo-360	HEUR/QVM20.1.58D1.Malware.Gen