HackTool:Win32/CobaltStrike!pz (file analysis)

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/CobaltStrike!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Binary file triggered YARA rule

How to determine HackTool:Win32/CobaltStrike!pz?


File Info:
name: 244F1152E424AB56FDCE.mlw
path: /opt/CAPEv2/storage/binaries/ff0d1c863962a3bbf60d7436413dcb8d238f49baaf2ef2f5c44e538d53cdf7ec
crc32: 8C909D01
md5: 244f1152e424ab56fdce8fbd3272b4aa
sha1: 07aeed11f2192cafd2186a0550ecbabf8a0ef7cc
sha256: ff0d1c863962a3bbf60d7436413dcb8d238f49baaf2ef2f5c44e538d53cdf7ec
sha512: 784f5b2ac41ee105a35d4a780790e010f95550dd262916af5f95e04197215fb23ce3b9524d2f38e89c2d9f67c8b7798dbff6aa7cd029165ece60ac7e78370298
ssdeep: 24576:vBF6727itqTgtkFKifDMW7T2wVwVybPR0fyk7nADHVZ:rSUZwSV0AD1Z
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19D350191CEAF55F5D60A2230546F6B7F66222B081F38EDDBC3C81D86C696FF1013252A
sha3_384: 7deaaccf049dcbdd6a3c3dc02bbca9f1fe66179b9ed2879920885ba91f38812998cf3474fd6584d79311b82d639b9696
ep_bytes: 77544278484765734c4259446e686350
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav	W32.AIDetectMalware
Skyhigh	BehavesLike.Win32.Generic.th
McAfee	GenericRXNR-AT!244F1152E424
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Suspicious.Win32.Save.a
Symantec	Packed.Generic.551
Elastic	malicious (moderate confidence)
APEX	Malicious
ClamAV	Win.Trojan.Razy-7331672-0
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
DrWeb	Trojan.PWS.Banker1.30278
FireEye	Generic.mg.244f1152e424ab56
Sophos	Troj/Miner-ABH
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.Agent.KRRSQ2
Google	Detected
Varist	W32/S-8f4e9221!Eldorado
Antiy-AVL	Trojan/Win32.AGeneric
Xcitium	TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
Microsoft	HackTool:Win32/CobaltStrike!pz
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Banload.C3470781
Acronis	suspicious
VBA32	TrojanPSW.Banker
Rising	Trojan.Generic@AI.100 (RDML:FHROVi4yx2T555I5FjrtAA)
Ikarus	Trojan.Win64.CoinMiner
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Agent.7267!tr
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Trojan:Win/CoinMiner.UXW

How to remove HackTool:Win32/CobaltStrike!pz?

HackTool:Win32/CobaltStrike!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X