HackTool:Win32/CobaltStrike!pz removal instruction

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/CobaltStrike!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine HackTool:Win32/CobaltStrike!pz?


File Info:
name: A29C3DD6BE8C6DC1A02A.mlw
path: /opt/CAPEv2/storage/binaries/c5cb305344c0697a77f9cf015f87eddec416b2db436d4d925dc340fbfcb41637
crc32: 9C0C4443
md5: a29c3dd6be8c6dc1a02ae427f2ecd148
sha1: 87a35510c5b4033a92090b412ed1558fa81488e1
sha256: c5cb305344c0697a77f9cf015f87eddec416b2db436d4d925dc340fbfcb41637
sha512: a114dd9c8ffc6d269df1f3390229e7e6295968a35b2aac096f2c19ab493989d1073de6a15d5cd54c9cdafeeaeb9399b3c6deab636205f5c5234199fcadd5406f
ssdeep: 24576:vBWelxqsfNMNr79DsIZcGf3ggHFlyyJ4kmCahuGUDRNr+mvQWwTOhmU7Da/GiPUk:8F/Y2jSzUxmQMh7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15D7523028E6E4CBFCF5C1178047F0BCF63655F418214A9EBAAC66DD6C28EA9514336BD
sha3_384: 204627717c1c383cd439d330af9d2892f68b925905f9f04f004df18171178d40d1587cb7b0b99b22c6fed4c8ecda770d
ep_bytes: 7a59766e70706c5661645848556b7258
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Banload.4!c
FireEye	Generic.mg.a29c3dd6be8c6dc1
Skyhigh	BehavesLike.Win32.Generic.tm
McAfee	Artemis!A29C3DD6BE8C
Sangfor	Suspicious.Win32.Save.a
Alibaba	HackTool:Win32/CobaltStrike.b1658a22
Symantec	Packed.Generic.551
Elastic	malicious (moderate confidence)
ClamAV	Win.Trojan.Banload-9853585-0
NANO-Antivirus	Trojan.Win32.Miner.jeccbt
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
DrWeb	Trojan.PWS.Banker1.30278
Sophos	Troj/Miner-ABM
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.Agent.CLLJ7P
Google	Detected
Varist	W32/S-8f4e9221!Eldorado
Antiy-AVL	Trojan/Win32.AGeneric
Kingsoft	malware.kb.a.995
Xcitium	TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
Microsoft	HackTool:Win32/CobaltStrike!pz
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Banload.C3470781
Acronis	suspicious
VBA32	TrojanPSW.Banker
Malwarebytes	Generic.Malware.AI.DDS
Rising	Trojan.Vindor!8.10CC (RDMK:cmRtazp8s+EWeEFAjF6tX6atT+Az)
Ikarus	Trojan.Win64.CoinMiner
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Banload.BD2A!tr
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove HackTool:Win32/CobaltStrike!pz?

HackTool:Win32/CobaltStrike!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X