What is “HackTool:Win32/CobaltStrike!pz”?

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/CobaltStrike!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine HackTool:Win32/CobaltStrike!pz?


File Info:
name: AE2EC8B6289153BC0895.mlw
path: /opt/CAPEv2/storage/binaries/70c61517219c0cc5f133f5af2454a90b15d1a751d1428ea7ea4fb7d6b4e1f8fb
crc32: A42B1B64
md5: ae2ec8b6289153bc0895dfed7e48907c
sha1: 15e6414c8bb1b0c29c5bafa592090faa5f78a713
sha256: 70c61517219c0cc5f133f5af2454a90b15d1a751d1428ea7ea4fb7d6b4e1f8fb
sha512: 82d0ea52f30b07c48a632de63b00c88e8f917dd41710c007925488e8e2b0f9ef56e224a359fa3a608b1fb3921d210ad8e454f218b56be4cb3111f5391d9626a7
ssdeep: 24576:vBF672l6i2NcXu8WZW3DwNCX84AXiJRh+1lzsvXw9y:r56GskAXiJCwB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18D25D0A4CEEB50F1D60B5470996BA77F9622230A1F34ECCBC7C41E86D7A6EF11032965
sha3_384: a8d324523eadc6d2c5dbb7c3fc587961739785674fe547ce65e5336624a4f54448021642b25eafaab6750dedac4544c0
ep_bytes: 4e676c656d645463474b586c68466371
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
FireEye	Generic.mg.ae2ec8b6289153bc
Skyhigh	BehavesLike.Win32.Generic.dh
McAfee	GenericRXNR-AT!AE2EC8B62891
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Trojan.Win32.Save.a
Alibaba	HackTool:Win32/CobaltStrike.b6f41cd9
Symantec	Packed.Generic.551
Cynet	Malicious (score: 100)
ClamAV	Win.Trojan.Ulise-9837707-0
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
DrWeb	Trojan.PWS.Banker1.30278
Sophos	Troj/Miner-ABH
Ikarus	Trojan.Win64.CoinMiner
GData	Win32.Trojan.Agent.ZC15UH
Varist	W32/S-8f4e9221!Eldorado
Antiy-AVL	Trojan/Win32.AGeneric
Xcitium	TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
Microsoft	HackTool:Win32/CobaltStrike!pz
Google	Detected
AhnLab-V3	Trojan/Win32.Banload.C3470781
Acronis	suspicious
VBA32	TrojanPSW.Banker
TrendMicro-HouseCall	TROJ_GEN.R03BH06BF24
Rising	Trojan.CoinMiner!8.30A (TFE:2:WsehCmMFCLF)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Agent.7267!tr
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove HackTool:Win32/CobaltStrike!pz?

HackTool:Win32/CobaltStrike!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X