Categories: Malware

Exploit:Win32/ShellCode!pz removal tips

The Exploit:Win32/ShellCode!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Exploit:Win32/ShellCode!pz virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
Executable file is packed/obfuscated with ASPack
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the shellcode get eip malware family
Yara detections observed in process dumps, payloads or dropped files

How to determine Exploit:Win32/ShellCode!pz?


File Info:
name: 741BCC9B9B9D9D8B97A4.mlwpath: /opt/CAPEv2/storage/binaries/7942049ddbce13390ee0234e0399bf8988169549285ca52fd796e9d0bc0e8463crc32: 93E80CE6md5: 741bcc9b9b9d9d8b97a436a1e8285e81sha1: e8ad56cb37aed395e71b56de401768f897eb16b2sha256: 7942049ddbce13390ee0234e0399bf8988169549285ca52fd796e9d0bc0e8463sha512: c6964ed929842968f9226cb19d4453f842c39bc683c6a741237928d3ccb1d9b8c4d709ba97487fa8e265c3f5249a844934232f712b490271ecf64e6b2fd24be8ssdeep: 3072:GniXS4Rz+tCROI+dHOo0p0auPxshFUf8W9tr:PnYoRODkBaauPxsRYttype: PE32 executable (DLL) (GUI) Intel 80386, for MS Windowstlsh: T19BD3AE72E602B173C496013232566FBF6FE96F7B5568DC0BCB508A0A3AF47E2D630156sha3_384: 0953460d0d5a0aa0bba304e5825cf7570464f7dac1db1d70f9932b4dfb5adec9bece3491dd3d2dd2e4aa1cbad7403fa9ep_bytes: 558bec83ec208365fc00837d0c027426timestamp: 2010-12-25 17:55:54
Version Info:
0: [No Data]

Exploit:Win32/ShellCode!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Virus.Win32.Otwycal.lmr7
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Graftor.18440
FireEye	Generic.mg.741bcc9b9b9d9d8b
CAT-QuickHeal	Exploit.ShellCode.Gen
Skyhigh	BehavesLike.Win32.Generic.ch
McAfee	GenericRXAF-NX!741BCC9B9B9D
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Backdoor.Agent.Win32.43751
Sangfor	Suspicious.Win32.Save.ins
Alibaba	Exploit:Win32/ShellCode.c5c2537d
CrowdStrike	win/malicious_confidence_100% (D)
Baidu	Win32.Virus.Agent.m
VirIT	Backdoor.Win32.Agent.AJNJ
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Wapomi.U
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Agent.grbz
BitDefender	Gen:Variant.Graftor.18440
NANO-Antivirus	Trojan.Win32.TrjGen.cxkodp
Avast	Win32:AutoRun-BSV [Wrm]
Tencent	Backdoor.Win32.Agent.ans
Emsisoft	Gen:Variant.Graftor.18440 (B)
F-Secure	Backdoor:W32/Agent.DQJS
DrWeb	BackDoor.Siggen.34257
VIPRE	Gen:Variant.Graftor.18440
TrendMicro	PE_WAPOMI.SM-O
Trapmine	malicious.high.ml.score
Sophos	Mal/Emogen-Y
Ikarus	Trojan-Dropper.Win32.Small
GData	Gen:Variant.Graftor.18440
Jiangmin	Backdoor/Agent.crev
Webroot
Varist	W32/Agent.JH.gen!Eldorado
Avira	EXP/ShellCode.bal
Antiy-AVL	Trojan[Backdoor]/Win32.Agent
Kingsoft	malware.kb.b.999
Xcitium	Backdoor.Win32.Agent.bsva@4nyf05
Arcabit	Trojan.Graftor.D4808
ZoneAlarm	Backdoor.Win32.Agent.grbz
Microsoft	Exploit:Win32/ShellCode!pz
Google	Detected
AhnLab-V3	Backdoor/Win32.Agent.R63375
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZedlaF.36744.iG4@aCfZdFfb
ALYac	Gen:Variant.Graftor.18440
MAX	malware (ai score=100)
VBA32	Backdoor.Agent
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	PE_WAPOMI.SM-O
Rising	Trojan.Wapomi!1.DCFE (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.9729719.susgen
Fortinet	W32/Agent.JH!tr
AVG	Win32:AutoRun-BSV [Wrm]
DeepInstinct	MALICIOUS