Categories: Backdoor

What is “Backdoor:Win32/Zegost.Z”?

The Backdoor:Win32/Zegost.Z is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Zegost.Z virus can do?

Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Reads data out of its own binary image
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Sniffs keystrokes

Related domains:

z.whorecord.xyz

a.tomx.xyz

zzayy.3322.org

How to determine Backdoor:Win32/Zegost.Z?


File Info:
crc32: 81DF3686md5: 8d13afecb1d4afa2de77fc77211b202cname: 8D13AFECB1D4AFA2DE77FC77211B202C.mlwsha1: 593c0bcc2d8f8f90946d8db491e4d0886c43031fsha256: dd807ac5ab5263aea7465e1f340cee76e51faea67632244885e5b0f59d35258dsha512: f0acb9701298fd55684b511328d5734d687fc4a365ee4614af6554311a5d8452fdea0ac703b2451d91181466f769baedd1f98cf4f5f09b3480cea0da224435dfssdeep: 3072:9qzWvebdAKi8dZInyR2RcoUp0L9d46gHKu1kC:90WvWfig0pd46kbtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: AntiVir? is a registered trademark of Avira GmbH, GermanyInternalName: AntiVir/Win32FileVersion: 0, 0, 0, 0CompanyName: Avira GmbHPrivateBuild: LegalTrademarks: Comments: ProductName: AVVDFSpecialBuild: ProductVersion: 1, 0, 0, 1001FileDescription: AntiVir Engine Module for WindowsOriginalFilename: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Translation: 0x0804 0x04b0

Backdoor:Win32/Zegost.Z also known as:

Bkav	W32.AIDetectVM.malware1
MicroWorld-eScan	Backdoor.Generic.692498
FireEye	Generic.mg.8d13afecb1d4afa2
McAfee	Artemis!8D13AFECB1D4
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic.pak!cobra
Sangfor	Malware
BitDefender	Backdoor.Generic.692498
K7GW	Trojan ( 0055e3e41 )
K7AntiVirus	Trojan ( 0055e3e41 )
Cyren	W32/FakeAlert.LE.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
ClamAV	Win.Trojan.Ag-1
Kaspersky	Trojan-Dropper.Win32.Dinwod.zru
NANO-Antivirus	Trojan.Win32.Dwn.sshzz
ViRobot	Trojan.Win32.A.PSW-Magania.240956[UPX]
Ad-Aware	Backdoor.Generic.692498
Sophos	Mal/Generic-S + Troj/YonSole-A
Comodo	Backdoor.Win32.PcClient.~d26@1oom5f
F-Secure	Heuristic.HEUR/AGEN.1101600
DrWeb	Trojan.DownLoader5.2494
Zillya	Trojan.Magania.Win32.45137
TrendMicro	TROJ_AGENT_004362.TOMB
McAfee-GW-Edition	GenericRXCP-AS!095D4870564A
Emsisoft	Backdoor.Generic.692498 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan/Generic.igxc
Avira	HEUR/AGEN.1101600
Antiy-AVL	Trojan[GameThief]/Win32.Magania
Microsoft	Backdoor:Win32/Zegost.Z
ZoneAlarm	Trojan-Dropper.Win32.Dinwod.zru
GData	Backdoor.Generic.692498
Cynet	Malicious (score: 85)
AhnLab-V3	Trojan/Win32.Magania.R13682
BitDefenderTheta	Gen:NN.ZexaF.34804.hmMfayIixmnb
ALYac	Backdoor.Generic.692498
MAX	malware (ai score=87)
VBA32	BScope.TrojanDropper.Dinwod
Malwarebytes	Malware.Heuristic.1003
Panda	Generic Malware
ESET-NOD32	a variant of Win32/Farfli.FB
TrendMicro-HouseCall	TROJ_AGENT_004362.TOMB
Rising	Backdoor.Yonsole!8.31D (TFE:5:dtMkLjFsp0O)
Yandex	Trojan.Farfli!xNlzo4wCgRY
Ikarus	Virus.Win32.Vundo
Fortinet	W32/Farfli.BVV!tr
AVG	FileRepMalware
Cybereason	malicious.cb1d4a
Avast	FileRepMalware
Qihoo-360	Win32/Backdoor.Agent.AN