HackTool:Win32/CobaltStrike!pz removal

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/CobaltStrike!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine HackTool:Win32/CobaltStrike!pz?


File Info:
name: 0C102C841048ACE27B57.mlw
path: /opt/CAPEv2/storage/binaries/ce0e3a05840c7408ae21859b6dc2987477c62b65f653634cbe8b226a7bc70ecc
crc32: 0C6DF251
md5: 0c102c841048ace27b57c042832efe3d
sha1: b99c3370c02bf4211fc512bf1a96207ab2fc6b46
sha256: ce0e3a05840c7408ae21859b6dc2987477c62b65f653634cbe8b226a7bc70ecc
sha512: d70b127d3715f378a34f76259b20eb9080b8332f8309f400508d06926c24c4a2ebcb16fae361f5bc5704b79a1ea0a0aacb83e40e7b831862a1c8a52ee0ec4f6f
ssdeep: 24576:vBWelxqsfNMNr79DsIZcGf3ggHFlyyJ4kmCahuGUDRNr+mvQWwTOhmU7D4Sp6Pfj:8F/Y2jSzUxmQd6PM/WLkWyqjN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10C8523038E3A5C7BCB5C127C14BF1B8F73A85D408214A9D7BAD66DD5C28EE5A14332AC
sha3_384: 9a1b4f9b98d659867e7712d73f45262ab0acb058d7cbb0a83c64d768234e90c56637d2b5e42e641e86461f037e9f65ee
ep_bytes: 7a59766e70706c5661645848556b7258
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Banload.4!c
DrWeb	Trojan.PWS.Banker1.30278
FireEye	Generic.mg.0c102c841048ace2
Skyhigh	BehavesLike.Win32.Generic.tm
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Suspicious.Win32.Save.a
Alibaba	HackTool:Win32/CobaltStrike.b1658a22
Symantec	Packed.Generic.551
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ClamAV	Win.Trojan.Banload-9853585-0
NANO-Antivirus	Trojan.Win32.Miner.jeccbt
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
Sophos	Troj/Miner-ABM
SentinelOne	Static AI – Malicious PE
Varist	W32/S-8f4e9221!Eldorado
Antiy-AVL	Trojan/Win32.AGeneric
Microsoft	HackTool:Win32/CobaltStrike!pz
Xcitium	TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
GData	Win32.Trojan.Agent.P8YLEG
Google	Detected
AhnLab-V3	Trojan/Win32.Banload.C3470781
Acronis	suspicious
VBA32	TrojanPSW.Banker
Rising	Trojan.Vindor!8.10CC (RDMK:cmRtazp8s+EWeEFAjF6tX6atT+Az)
Ikarus	Trojan.Win64.CoinMiner
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Banload.BD2A!tr
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Trojan:Win/CoinMiner.UXW

How to remove HackTool:Win32/CobaltStrike!pz?

HackTool:Win32/CobaltStrike!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X