Categories: Backdoor

Backdoor:Win32/Zegost.L removal guide

The Backdoor:Win32/Zegost.L is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Zegost.L virus can do?

Executable code extraction
At least one process apparently crashed during execution
Creates RWX memory
Network anomalies occured during the analysis.
Starts servers listening on 0.0.0.0:26571
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Checks the system manufacturer, likely for anti-virtualization
Uses suspicious command line tools or Windows utilities

Related domains:

edns.duckdns.org

How to determine Backdoor:Win32/Zegost.L?


File Info:
crc32: DF46BFEEmd5: 3869c43bea2e3de41971f22e10182fb2name: 64ja.exesha1: 5209ece6f4a6ca119c94ef040a2007a12a881b2dsha256: 3d8b9caf9c4c837701eb2f92d103c15936d96e47ea0eae7a0d6aad0067d41d35sha512: dba3115c06e515788f04f5f5bc044a31f666e97f6753da12183e82518fed2f99a826cd4ff364a6ff8f6bed054257448b6fd22a978eb88394829f8365ddedf6dcssdeep: 98304:i2YsWcaRNzMJl7x4WU+e0g8yrLwLmgIn9Ab55:p/u+34ttBwLPu6type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
FileVersion: 5.9.4.10795ProductVersion: 5.9Translation: 0x0804 0x04b0

Backdoor:Win32/Zegost.L also known as:

DrWeb	BackDoor.PcClient.6599
MicroWorld-eScan	Trojan.GenericKD.42253209
FireEye	Generic.mg.3869c43bea2e3de4
CAT-QuickHeal	Trojan.Mauvaise.S1125931
Qihoo-360	Win32/Trojan.ae7
ALYac	Trojan.GenericKD.42253209
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan ( 005104ad1 )
BitDefender	Trojan.GenericKD.42253209
K7GW	Trojan ( 005104ad1 )
CrowdStrike	win/malicious_confidence_90% (W)
TrendMicro	BKDR_ZEGOST.SM45
BitDefenderTheta	Gen:NN.ZexaF.34090.pi0faqO9XDhi
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
ClamAV	Win.Trojan.Pcclient-6959093-0
GData	Trojan.GenericKD.42253209
Kaspersky	Trojan-GameThief.Win32.Magania.uglq
NANO-Antivirus	Trojan.Win32.Agent.erpjbl
Rising	Trojan.ShadowBrokers!8.B976 (CLOUD)
Ad-Aware	Trojan.GenericKD.42253209
Sophos	Mal/Generic-S
F-Secure	Exploit.EXP/Agent.asbdu
Zillya	Trojan.GenericKD.Win32.62840
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Dropper.rc
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.GenericKD.42253209 (B)
Ikarus	Backdoor.Pcclient
Cyren	W32/Trojan.CTWK-5954
Jiangmin	Trojan.Imeternal.d
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1036226
MAX	malware (ai score=84)
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D284BB99
ZoneAlarm	Trojan-GameThief.Win32.Magania.uglq
Microsoft	Backdoor:Win32/Zegost.L
Acronis	suspicious
McAfee	Artemis!3869C43BEA2E
VBA32	TrojanDropper.Agent
Malwarebytes	PUP.Optional.ChinAd
Zoner	Trojan.Win32.64540
ESET-NOD32	Win32/Farfli.CJT
TrendMicro-HouseCall	BKDR_ZEGOST.SM45
Tencent	Win32.Trojan-gamethief.Magania.Lkeb
Yandex	Trojan.DR.Agent!ivI7Xr566q8
SentinelOne	DFI – Suspicious
eGambit	Unsafe.AI_Score_94%
Fortinet	W32/ZEGOST.SM45!tr.bdr
AVG	Win32:Malware-gen
Cybereason	malicious.bea2e3
Panda	Trj/Genetic.gen
MaxSecure	Win.MxResIcn.Heur.Gen