What is “HackTool:Win32/CobaltStrike!pz”?

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/CobaltStrike!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine HackTool:Win32/CobaltStrike!pz?


File Info:
name: 44A081A7466E7C57F076.mlw
path: /opt/CAPEv2/storage/binaries/dbf3d277c868e8e8775233c38702897c1a20f0b7201c206bb614459b40aa6c96
crc32: CF630E9B
md5: 44a081a7466e7c57f076e0061fdc45c3
sha1: ce6e7e0b40710a4e3c88923fe5adb52679da2d25
sha256: dbf3d277c868e8e8775233c38702897c1a20f0b7201c206bb614459b40aa6c96
sha512: b6c55d8be0a09f1640c38c6e8c584d4c30b2a83594a1e6e399ef9993d9389f651731286c272d1c050e142a599922d87b6363d1391cca8b5056870c7cafa2c032
ssdeep: 24576:vBWelxqsfNMNr79DsIMDlTovQwlhAZWgaLdkpP6f:8FGkvHqrpP0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E90523159E7E44B9CB09227C1CBF5F5F23518A445308EDD3E3D92E91CB8AAEA013326D
sha3_384: b546477ea3287145a5eacba314854f73671bb6c24674ecfb733529c6920d16c27dc041badf05318fc9d21cb345ed9602
ep_bytes: 7a59766e70706c5661645848556b7258
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Gen:Variant.Ulise.267041
Skyhigh	BehavesLike.Win32.Generic.bm
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Variant.Ulise.267041
Sangfor	Suspicious.Win32.Save.a
Arcabit	Trojan.Ulise.D41321
Symantec	Packed.Generic.551
Cynet	Malicious (score: 100)
ClamAV	Win.Trojan.Banload-9853585-0
BitDefender	Gen:Variant.Ulise.267041
NANO-Antivirus	Trojan.Win32.Miner.jeccbt
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
Emsisoft	Gen:Variant.Ulise.267041 (B)
DrWeb	Trojan.PWS.Banker1.30278
Sophos	Troj/Miner-ABM
Ikarus	Trojan.Win64.CoinMiner
Varist	W32/S-8f4e9221!Eldorado
Antiy-AVL	Trojan/Win32.AGeneric
Kingsoft	malware.kb.a.993
Xcitium	TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
Microsoft	HackTool:Win32/CobaltStrike!pz
GData	Gen:Variant.Ulise.267041
Google	Detected
AhnLab-V3	Trojan/Win32.Banload.C3470781
Acronis	suspicious
ALYac	Gen:Variant.Ulise.267041
VBA32	TrojanPSW.Banker
Rising	Trojan.Generic@AI.100 (RDML:RQFg/bQ7PkRYUQ+UE0r9yw)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Banload.BD2A!tr
CrowdStrike	win/malicious_confidence_100% (W)

How to remove HackTool:Win32/CobaltStrike!pz?

HackTool:Win32/CobaltStrike!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X