What is “HackTool:Win32/CobaltStrike!pz”?

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/CobaltStrike!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine HackTool:Win32/CobaltStrike!pz?


File Info:
name: CE5939CE2E1B43213D13.mlw
path: /opt/CAPEv2/storage/binaries/9ed0e344420237e202b93daa51fb5d6e549bc8aa1088ff86a3902af496393802
crc32: 56695967
md5: ce5939ce2e1b43213d13b7a758bed3f3
sha1: d9e4d797a543c7e44c970971e72ebec141aff2c6
sha256: 9ed0e344420237e202b93daa51fb5d6e549bc8aa1088ff86a3902af496393802
sha512: fe5aa8c5cd648fb2276ff72227aa6b67209890200f1e471ed35a82e0a041ffc6274e2195fd38e0e54afe81249f8cce4f798638075e2ee2cafda28b5c8bb40eac
ssdeep: 24576:vBWelxqsfNMNr79DsIZcGf3ggHFlyyJ4kmCahuGUDRNr+eAZogD:8F/Y2jSzUYZp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13D5523028D6F4CBECB5D127C042F0B8F73952E409324A5D7EADA6D95C15EAAB14336BC
sha3_384: 852c3145c7e06cdd23e059eddf74f516f92c9fad520df61fc38c0b31dac93e97417305408e86518e72ba4dca2770987c
ep_bytes: 7a59766e70706c5661645848556b7258
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Banload.4!c
FireEye	Generic.mg.ce5939ce2e1b4321
Skyhigh	BehavesLike.Win32.Generic.tm
McAfee	Artemis!CE5939CE2E1B
Sangfor	Suspicious.Win32.Save.a
Alibaba	HackTool:Win32/CobaltStrike.a7c59272
Symantec	Packed.Generic.551
Elastic	malicious (moderate confidence)
ClamAV	Win.Trojan.Banload-9853585-0
NANO-Antivirus	Trojan.Win32.Miner.jeccbt
Sophos	Troj/Miner-ABM
DrWeb	Trojan.PWS.Banker1.30278
Ikarus	Trojan.Win64.CoinMiner
GData	Win32.Trojan.Agent.XTSV9S
Google	Detected
Varist	W32/S-8f4e9221!Eldorado
Antiy-AVL	Trojan/Win32.AGeneric
Xcitium	TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
Microsoft	HackTool:Win32/CobaltStrike!pz
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Banload.C3470781
Acronis	suspicious
VBA32	TrojanPSW.Banker
Malwarebytes	Generic.Malware.AI.DDS
Rising	Trojan.Vindor!8.10CC (RDMK:cmRtazp8s+EWeEFAjF6tX6atT+Az)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Banload.BD2A!tr
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Trojan:Win/CoinMiner.UXW

How to remove HackTool:Win32/CobaltStrike!pz?

HackTool:Win32/CobaltStrike!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X