HackTool:Win32/CobaltStrike!pz (file analysis)

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/CobaltStrike!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine HackTool:Win32/CobaltStrike!pz?


File Info:
name: 79DDF956C947B78198E2.mlw
path: /opt/CAPEv2/storage/binaries/9f4950d04634879a48f6f88b14b0de1e99df7a035a47c64b1efad349e3083352
crc32: 75AFE8AE
md5: 79ddf956c947b78198e2fa6ca6517cde
sha1: 89cde01a7e11a40b0f7060537a82192b3732d26e
sha256: 9f4950d04634879a48f6f88b14b0de1e99df7a035a47c64b1efad349e3083352
sha512: d9fca05356e800a5834895102d31e2fdb2533c2789e8f24bc47de53dda4ca1968057ad98caa531dcc6b35f5ffed072f02b6d5c0ab141e5cd77fb89741725aeaf
ssdeep: 24576:vBWelxqsfNMNr79DsIZcGf3ggHFlyyJ4kmCahuGUDRNr+mvQWwTOhmU7Da/GiPUX:8F/Y2jSzUxmQMc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B57523028E6E4CBFCB5C1178047F0BCF63956F418614A9EBA6CB6CD6C28EA95143367D
sha3_384: 88b97705bf80ed5d71ab95acd281fbcfc82a10fc066e2af0cf406ffdf328ef26ebe858cc4180ff2646e9a03f54c98465
ep_bytes: 7a59766e70706c5661645848556b7258
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Banload.4!c
Elastic	malicious (moderate confidence)
FireEye	Generic.mg.79ddf956c947b781
Skyhigh	BehavesLike.Win32.Generic.tm
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	HackTool:Win32/CobaltStrike.b1658a22
Symantec	Packed.Generic.551
ClamAV	Win.Trojan.Banload-9853585-0
NANO-Antivirus	Trojan.Win32.Miner.jeccbt
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
DrWeb	Trojan.PWS.Banker1.30278
Sophos	Troj/Miner-ABM
Ikarus	Trojan.Win64.CoinMiner
Google	Detected
Varist	W32/S-8f4e9221!Eldorado
Antiy-AVL	Trojan/Win32.AGeneric
Microsoft	HackTool:Win32/CobaltStrike!pz
Xcitium	TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
GData	Win32.Trojan.Agent.SE03N2
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Banload.C3470781
Acronis	suspicious
McAfee	Artemis!79DDF956C947
VBA32	TrojanPSW.Banker
Malwarebytes	Generic.Malware.AI.DDS
Rising	Trojan.Vindor!8.10CC (RDMK:cmRtazp8s+EWeEFAjF6tX6atT+Az)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Banload.BD2A!tr
DeepInstinct	MALICIOUS

How to remove HackTool:Win32/CobaltStrike!pz?

HackTool:Win32/CobaltStrike!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X