Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/Crack
Threat report

About “HackTool:Win32/CobaltStrike!pz” infection

Published Nov 27, 2023 Crack category 2 min read
Report context

What to verify before removal

This report keeps About “HackTool:Win32/CobaltStrike!pz” infection in the active library because the detection has enough technical context to support a careful second-opinion scan and cleanup decision.

Start by comparing the local file name with E802716C83BA4507A977.mlw, then review the behavior notes for persistence entries, dropped files, unusual processes, and browser or network changes. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
E802716C83BA4507A977.mlw
  • Compare the suspicious file name with E802716C83BA4507A977.mlw.
  • Confirm the detection name matches About “HackTool:Win32/CobaltStrike!pz” infection before removing related files.
  • Review the report for persistence entries, dropped files, unusual processes, and browser or network changes so the cleanup is based on observed behavior, not only the label.
  • Run a full scan, quarantine confirmed detections, and restart before signing back in to sensitive accounts.

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What HackTool:Win32/CobaltStrike!pz virus can do?

  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine HackTool:Win32/CobaltStrike!pz?



File Info:

name: E802716C83BA4507A977.mlw
path: /opt/CAPEv2/storage/binaries/003b70f886988aaa55935605261c64a275663d0e04aa1d0413f40a7675273117
crc32: 19F02E01
md5: e802716c83ba4507a9773c73b8a06236
sha1: 4a1c1d9ff9b9af7900274884e58c28dfa70ef010
sha256: 003b70f886988aaa55935605261c64a275663d0e04aa1d0413f40a7675273117
sha512: 38ed5f3c30b0c64d62827c31c24e35a61b5265abbde54c9e3da6158828c425831e393e402fa2dec1b7fe282a4a945823d0a86744bbd6d1912512fb72108d3f60
ssdeep: 24576:vBF672l6i2Ncb2ygupgrnACAmZ/NwFC31G3AcMaKUBhkKHkoc+ui8qY2itWDnDKA:r56uL3pgrCEd2KUgKmpKDDttOmJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B2658EA0DDEF00F0EA075870956BA23F5225270A9F38DDDBC6841E82D677EF1153396A
sha3_384: aa8fcae01381e6896214f00966dd08838d559dce449354b2a480d04778df5ca6dd38094eba7b35bf68d123222a885c06
ep_bytes: 83ec0c8b44240c8d5c24108944240489
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav W32.AIDetectMalware
MicroWorld-eScan Trojan.GenericKD.45989870
FireEye Generic.mg.e802716c83ba4507
Skyhigh BehavesLike.Win32.Generic.th
ALYac Trojan.GenericKD.45989870
Malwarebytes Generic.Malware.AI.DDS
Zillya Downloader.Banload.Win32.88671
Sangfor Trojan.Win32.Save.a
Symantec Packed.Generic.551
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
ClamAV Win.Malware.Generickdz-9831451-0
BitDefender Trojan.GenericKD.45989870
NANO-Antivirus Trojan.Win32.Banker1.inibrb
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik
Emsisoft Trojan.GenericKD.45989870 (B)
DrWeb Trojan.PWS.Banker1.30278
VIPRE Trojan.GenericKD.45989870
Sophos Troj/Miner-ABH
SentinelOne Static AI – Malicious PE
Jiangmin Trojan.Pushel.c
Varist W32/S-8f4e9221!Eldorado
Antiy-AVL Trojan/Win32.AGeneric
Kingsoft malware.kb.a.831
Microsoft HackTool:Win32/CobaltStrike!pz
Xcitium TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
Arcabit Trojan.Generic.D2BDBFEE
GData Trojan.GenericKD.45989870
Google Detected
AhnLab-V3 Trojan/Win32.Banload.C3470781
Acronis suspicious
McAfee GenericRXNR-AT!E802716C83BA
MAX malware (ai score=84)
VBA32 TrojanPSW.Banker
Rising Trojan.Generic@AI.100 (RDML:1z7aVdU3R5K15Cx0S+8jiw)
Ikarus Trojan.Win64.CoinMiner
Fortinet W32/Agent.7267!tr
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)

How to remove HackTool:Win32/CobaltStrike!pz?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.