HackTool:Win32/CobaltStrike!pz malicious file

The HackTool:Win32/CobaltStrike!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/CobaltStrike!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine HackTool:Win32/CobaltStrike!pz?


File Info:
name: BFA3E54337C799F0FB3B.mlw
path: /opt/CAPEv2/storage/binaries/01baaae95b13cef5c29ca9b5fa76c16cba487972099cfde7bab3e313bc645268
crc32: 93355DFB
md5: bfa3e54337c799f0fb3b20ce0c829c18
sha1: 5ac567133350df53d128f95ea58b67773292adef
sha256: 01baaae95b13cef5c29ca9b5fa76c16cba487972099cfde7bab3e313bc645268
sha512: aefb6416e9e18d6e9596f1d49d3053ddbadeb0391ba0641d01b89750ca4c9456311b6f6d35ce758fad91158f33f5ce9ab58f0c32e69b5d11939e882e2d0b447b
ssdeep: 12288:wqBF6oVTk26GF15CUqbGuC4DCjBSwVd+1bBTDQlfweLoCBlHLnXxmCgv32QJ:vBF6727F15qbrund+fT+xLTlHLnhnMJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D2150195CEAF40F5E65B6130506BA73F962526090F38EDCBC3C40E86E76AFF01036969
sha3_384: f5ae8f040f84bc873a34eef11adbbec38b96721802aac3a60e74590888576d2eb0f8ac024f1cfd1c0b695a629011482e
ep_bytes: 5045715a4e47426244714f506a4a4f51
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

HackTool:Win32/CobaltStrike!pz also known as:

Bkav	W32.AIDetectMalware
ClamAV	Win.Trojan.Coinminer-7332655-0
Skyhigh	BehavesLike.Win32.Generic.ch
McAfee	GenericRXNR-AT!BFA3E54337C7
Sangfor	Trojan.Win32.Save.a
Symantec	Packed.Generic.551
APEX	Malicious
Cynet	Malicious (score: 100)
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
DrWeb	Trojan.PWS.Banker1.30278
FireEye	Generic.mg.bfa3e54337c799f0
Sophos	Troj/Miner-ABH
Ikarus	Trojan.Win64.CoinMiner
GData	Win32.Trojan.Agent.3X2V1R
Google	Detected
Antiy-AVL	Trojan/Win32.AGeneric
Kingsoft	malware.kb.a.963
Xcitium	TrojWare.Win32.TrojanDownloader.Banload.RES@8hfp75
Microsoft	HackTool:Win32/CobaltStrike!pz
Varist	W32/S-8f4e9221!Eldorado
AhnLab-V3	Trojan/Win32.Banload.C3470781
Acronis	suspicious
VBA32	TrojanPSW.Banker
Malwarebytes	Generic.Malware.AI.DDS
TrendMicro-HouseCall	TROJ_GEN.R03BH06BH24
Rising	Trojan.Generic@AI.100 (RDML:eJlEbntKL2w6RMiNZMvpNA)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Agent.7267!tr
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove HackTool:Win32/CobaltStrike!pz?

HackTool:Win32/CobaltStrike!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X