About “HackTool:Win32/CobaltStrike!pz” infection

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/CobaltStrike!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine HackTool:Win32/CobaltStrike!pz?


File Info:
name: 9ED64E33500FE76DAAA0.mlw
path: /opt/CAPEv2/storage/binaries/53324db2756b4449f0a0991a8d48c4e419974e82fe4ae38959642c31d3d2ba57
crc32: 26E88279
md5: 9ed64e33500fe76daaa07ffd9fe09832
sha1: 74494d3a9b83e30b345f185149b081774d4c2def
sha256: 53324db2756b4449f0a0991a8d48c4e419974e82fe4ae38959642c31d3d2ba57
sha512: f6d9fc51937018b8198a6918d4b982dc4a1425c37450ca8d1062e4ea79486a74e4759032b2387e6afe443b3976c8d18a22bdd47b524bd64dbac0c72aef7d8ddd
ssdeep: 12288:wqBF6oVTk26GXLNaGUnFsnEV+43Ykj7MwunhnmISA37xJEx09yul+C:vBF6727XL1+Ki+4inDH7gx09T+C
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T170F4F191DDAF14F5D60B6130546FAA2F562226491F38EDDBC3C01D8AD36BFF2103296A
sha3_384: 8494a7a5668b81a50aece692f24e2bf63f2644e7f0399ec73914c614712390ee35b9d35a12516dc76ed53cf33d23db92
ep_bytes: 4c6e45584e67696350694c70724b6465
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
FireEye	Generic.mg.9ed64e33500fe76d
Skyhigh	BehavesLike.Win32.Generic.bh
McAfee	GenericRXNR-AT!9ED64E33500F
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Symantec	Packed.Generic.551
APEX	Malicious
ClamAV	Win.Trojan.Razy-7332610-0
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
Rising	Trojan.Generic@AI.100 (RDML:fM1sWVO7LYxMVf+yPKBA4w)
DrWeb	Trojan.PWS.Banker1.30278
Sophos	Troj/Miner-ABH
Ikarus	Trojan.Win64.CoinMiner
Google	Detected
Varist	W32/S-8f4e9221!Eldorado
Antiy-AVL	Trojan/Win32.AGeneric
Kingsoft	malware.kb.a.967
Microsoft	HackTool:Win32/CobaltStrike!pz
Xcitium	TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
GData	Win32.Trojan.Agent.C8YQWH
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Banload.C3470781
Acronis	suspicious
VBA32	TrojanPSW.Banker
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Agent.7267!tr

How to remove HackTool:Win32/CobaltStrike!pz?

HackTool:Win32/CobaltStrike!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X