Backdoor

What is “Backdoor:Win32/Zegost!ml”?

Malware Removal

The Backdoor:Win32/Zegost!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Zegost!ml virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Backdoor:Win32/Zegost!ml?



File Info:

name: BB3467F9E60089C0A242.mlw
path: /opt/CAPEv2/storage/binaries/6433c70af644b0b7f8e74dd522e0db47174cf0b4b9c0a01bac4de8b34bff6bb5
crc32: 1E166F7F
md5: bb3467f9e60089c0a242cd9f5bbfac57
sha1: fd89169ef7384fa6685ce1d4fc5561fd342d2d4a
sha256: 6433c70af644b0b7f8e74dd522e0db47174cf0b4b9c0a01bac4de8b34bff6bb5
sha512: 01be87331499affd4f22d573ab10d9bb990503094b68e3de3771c3462c5577fb9e94d199d11f163c6a4caf187b0632a8a67812f29d54488e6d8aa2bc0d5257cb
ssdeep: 49152:m84yIzUBrjW0xp/Sugw3M0FbCcK3aV1c23VQ5H9dm9QhTw6j80MFP/dBMFjo:mcAUE0xp/Snw3fbCcKqVq8SYuhMmE8jo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DE062309AA9170F3CA61C8375965B5715329BE210F12CEB767F87D29A8331D47320BAF
sha3_384: 4ec4b468623b70d6fd49842bb09f58ed2f920247e4b11387815b926fb98b69675f2a073b25615f43f182bb5e960329b5
ep_bytes: e864040000e988feffff3b0d68e64300
timestamp: 2021-06-11 09:16:47


Version Info:

0: [No Data]

Backdoor:Win32/Zegost!ml also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
CynetMalicious (score: 100)
CylanceUnsafe
Cybereasonmalicious.ef7384
CyrenW32/Trojan.FFG.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
APEXMalicious
AvastWin32:Evo-gen [Susp]
ClamAVWin.Packed.Bladabindi-9840992-0
SophosGeneric ML PUA (PUA)
F-SecureHeuristic.HEUR/AGEN.1215870
DrWebTrojan.Inject3.3994
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
FireEyeGeneric.mg.bb3467f9e60089c0
SentinelOneStatic AI – Malicious SFX
AviraHEUR/AGEN.1215870
MicrosoftBackdoor:Win32/Zegost!ml
AhnLab-V3Trojan/Win.Generic.R419630
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34606.fzW@aKMZj2m
VBA32Trojan.Zpevdo
MalwarebytesMalware.AI.4076630999
RisingTrojan.Generic@AI.99 (RDMK:cmRtazrdD8rkZgEeeWynRJ12QVfh)
IkarusTrojan.Rasftuby
AVGWin32:Evo-gen [Susp]

How to remove Backdoor:Win32/Zegost!ml?

Backdoor:Win32/Zegost!ml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment