Malware

Exploit:Win32/ShellCode!pz removal guide

Malware Removal

The Exploit:Win32/ShellCode!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Exploit:Win32/ShellCode!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode patterns malware family
  • Attempts to modify proxy settings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Exploit:Win32/ShellCode!pz?



File Info:

name: 57B03BA1B2FB630CA529.mlw
path: /opt/CAPEv2/storage/binaries/c14d29ac25c4361c5a94789ffebc64982130680af653f7186c1d26cbc8abe6cf
crc32: 6FD27C44
md5: 57b03ba1b2fb630ca529318e9db9589d
sha1: 8898329a81d5841595be84d15b08c28306ff3f93
sha256: c14d29ac25c4361c5a94789ffebc64982130680af653f7186c1d26cbc8abe6cf
sha512: 596e6e6330973a48ecafb8b0cc4c68712228125ce38978db4dfad2b65a6b9d31626ca06feefac20ac8e6eef94507d8c7655c8ba930e5dc93b7e894b9e0f6ac5c
ssdeep: 49152:R6ikU0bnaT6VESGIJ20KcPYN2t+5pC1yyIq3xrpj8yNvY1R4P7HjC2KymhuXJIfm:IbLVEetDAN2tEC1yyIq3xrpj8yNvY1Ry
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13495CF2577439A32E2B200B5252FC6E97A1C7E31072494C3B2C85D7F3273AD2AA77657
sha3_384: d10dcebdc1a6279c059dc50395a8974f6b01926e44b30e64e8dbc83054b758370edebaad8cc8cab8811ae8aa71228ac4
ep_bytes: e802ad0000e978feffff6a0c68b87b4d
timestamp: 1997-12-04 16:30:18


Version Info:

CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 1.0.0.1
InternalName: d3demo.exe
LegalCopyright: TODO: (C) 。保留所有权利。
OriginalFilename: d3demo.exe
ProductName: TODO: 
ProductVersion: 1.0.0.1

Exploit:Win32/ShellCode!pz also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebWin32.HLLP.Siggen.54
MicroWorld-eScanTrojan.GenericKDZ.96852
ClamAVWin.Exploit.Zusy-9875675-0
FireEyeGeneric.mg.57b03ba1b2fb630c
ALYacTrojan.GenericKDZ.96852
Cylanceunsafe
SangforVirus_Suspicious.Win32.Sality.bh
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaVirus:Win32/Obfuscated.105e
K7GWTrojan ( 0057f6c71 )
K7AntiVirusTrojan ( 0057f6c71 )
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/Agent.NFN
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Exploit.Win32.Shellcode.gen
BitDefenderTrojan.GenericKDZ.96852
TencentVirus.Win32.Agent.kk
EmsisoftTrojan.GenericKDZ.96852 (B)
F-SecureTrojan.TR/Patched.Ren.Gen
VIPRETrojan.GenericKDZ.96852
Trapminemalicious.high.ml.score
SophosTroj/Patched-BS
SentinelOneStatic AI – Malicious PE
GoogleDetected
AviraTR/Patched.Ren.Gen
MicrosoftExploit:Win32/ShellCode!pz
ArcabitTrojan.Generic.D17A54
ViRobotTrojan.Win32.LockBit.1315470
ZoneAlarmHEUR:Exploit.Win32.Shellcode.gen
GDataWin32.Trojan.PSE.1FG34MX
VaristW32/Sality.E.gen!Eldorado
AhnLab-V3Trojan/Win.MalForm.R632150
McAfeeArtemis!57B03BA1B2FB
MAXmalware (ai score=81)
VBA32BScope.Exploit.Shellcode
MalwarebytesGeneric.Malware.AI.DDS
RisingTrojan.Patch!1.B0CF (CLASSIC)
IkarusTrojan.Win32.Patched
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Patched.IW!tr
DeepInstinctMALICIOUS
alibabacloudExploit:Win/ShellCode.gen

How to remove Exploit:Win32/ShellCode!pz?

Exploit:Win32/ShellCode!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment