Malware

What is “Generic.ZegostB.A7A1D403”?

Malware Removal

The Generic.ZegostB.A7A1D403 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.ZegostB.A7A1D403 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine Generic.ZegostB.A7A1D403?



File Info:

name: 3FAAE7F3E70269F83513.mlw
path: /opt/CAPEv2/storage/binaries/6342aa73c3d04f7b1e474a8604c4b67e5962097678f9c6c079e2f935e6fd2d78
crc32: EE5D9F8C
md5: 3faae7f3e70269f835136422e4f3afad
sha1: 7d1129c92a372b838041315e05897db171cd724c
sha256: 6342aa73c3d04f7b1e474a8604c4b67e5962097678f9c6c079e2f935e6fd2d78
sha512: 7c84946c4b80d630d1fb5d622e2d55f823840b2087bdb6ad44afb5d0a2ca51a4fa330d72dad2c1853854a4db3182c1405e842f42b6475d6e1151ffa371c3ef8b
ssdeep: 3072:gobZWgTq/chM47QtQn1ikAK+3HF1Xs4cx1IqwcaiFxPTCi/xf8:JbZWaqUZQtQne3l1XsnxmqwcaqoA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T118E3120763CDCAC7E552433982037FF85750BF40B1286A9FB1E9BE1B3DA56219C19176
sha3_384: f8042c1969258058dc9eb7ac772bb6e3e07fbed27eff4ed5c1cc02226863b624df0970f0ad7b4d49d5566036525199ab
ep_bytes: 60be008045008dbe0090faff5783cdff
timestamp: 2018-04-10 14:00:35


Version Info:

CompanyName: 360.cn
FileDescription: 360安全卫士 隔离区模块
FileVersion: 2, 0, 0, 3065
InternalName: 360Restore
LegalCopyright: (C) 360.cn All Rights Reserved.
OriginalFilename: 360Restore.exe
ProductName: 360安全卫士
ProductVersion: 2, 0, 0, 3065
Translation: 0x0409 0x04b0

Generic.ZegostB.A7A1D403 also known as:

LionicTrojan.Win32.Siscos.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanDeepScan:Generic.ZegostB.A7A1D403
CAT-QuickHealTrojan.MauvaiseRI.S5264015
ALYacDeepScan:Generic.ZegostB.A7A1D403
CylanceUnsafe
ZillyaTrojan.Siscos.Win32.4981
K7AntiVirusTrojan ( 004d3cae1 )
K7GWTrojan ( 004d3cae1 )
Cybereasonmalicious.3e7026
CyrenW32/Zegost.ETSA-0213
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Farfli.BLH
APEXMalicious
AvastWin32:BackdoorX-gen [Trj]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Siscos.gen
BitDefenderDeepScan:Generic.ZegostB.A7A1D403
NANO-AntivirusTrojan.Win32.Farfli.fduear
SUPERAntiSpywareTrojan.Agent/Gen-ZegostB
TencentMalware.Win32.Gencirc.10b3fbcb
Ad-AwareDeepScan:Generic.ZegostB.A7A1D403
SophosTroj/AutoG-GH
ComodoBackdoor.Win32.Farfli.CJT@7jjkro
DrWebTrojan.MulDrop3.45645
VIPRETrojan.Win32.Generic!BT
TrendMicroBKDR_ZEGOST.SM13
McAfee-GW-EditionGenericRXEW-AK!829888087AB0
FireEyeGeneric.mg.3faae7f3e70269f8
EmsisoftTrojan.Agent (A)
Paloaltogeneric.ml
GDataDeepScan:Generic.ZegostB.A7A1D403
JiangminTrojan.Siscos.xf
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1138469
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
TACHYONBackdoor/W32.Zegost.444416
AhnLab-V3Trojan/Win32.Farfli.C2477292
McAfeeGenericRXAA-AA!3FAAE7F3E702
MAXmalware (ai score=82)
VBA32Trojan.Downloader
MalwarebytesMalware.AI.4241605469
TrendMicro-HouseCallBKDR_ZEGOST.SM13
RisingTrojan.Kryptik!1.B340 (CLASSIC)
YandexTrojan.GenAsa!bwuY5amzNxc
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_94%
FortinetMalwThreat!268cIV
BitDefenderThetaGen:NN.ZexaF.34084.jmKfaKu9VWnj
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Generic.ZegostB.A7A1D403?

Generic.ZegostB.A7A1D403 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment