Malware

Heur.BZC.PZQ.Boxter.762.4CBD9A19 information

Malware Removal

The Heur.BZC.PZQ.Boxter.762.4CBD9A19 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Heur.BZC.PZQ.Boxter.762.4CBD9A19 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Collects and encrypts information about the computer likely to send to C2 server
  • A script or command line contains a long continuous string indicative of obfuscation
  • Attempts to execute suspicious powershell command arguments

How to determine Heur.BZC.PZQ.Boxter.762.4CBD9A19?



File Info:

name: 95D44FE08B1376C4FE43.mlw
path: /opt/CAPEv2/storage/binaries/47d52efa8e57e580dc7f6e64f5b2d9eeb955fbf1742778bc942a5c47004f171b
crc32: 325405C7
md5: 95d44fe08b1376c4fe43c9c8d192235d
sha1: 7980847060239e8e1110ce7cf820f2d7c4f29dd4
sha256: 47d52efa8e57e580dc7f6e64f5b2d9eeb955fbf1742778bc942a5c47004f171b
sha512: f35eb4cc95eb63fe96e614944f7d702ab41c5767f70644f9ef9fecc09b1ac55442a93070ae60fe9953fc53fae2fb81c4d782b4bf03d896bb48a00009ff51052f
ssdeep: 1536:wQ7ftfkS5g9YOms+gZcQipICdXkNDqLLZX9lItVGL++eIOlnToIfEw4IO1:wuFfHgTWmCRkGbKGLeNTBfEZ
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T116937C45F2E242F7E6F2053201A6716FE735A2388724E8DBC74C2D429953AD1A73D3E9
sha3_384: 0e7f37f3bdc70565d4d4edcbc5da18e9304d9099f6e760c1688c790b788d74a493e5da362baaf96bc71206b2706124c6
ep_bytes: 68ac00000068000000006868804100e8
timestamp: 2018-02-01 20:18:05


Version Info:

0: [No Data]

Heur.BZC.PZQ.Boxter.762.4CBD9A19 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MalwarebytesMalware.Heuristic.1008
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0052419b1 )
K7GWTrojan ( 0052419b1 )
Cybereasonmalicious.08b137
CyrenW32/SchoolBoy.B.gen!Eldorado
ESET-NOD32PowerShell/Kryptik.H
APEXMalicious
AvastWin32:Evo-gen [Susp]
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.PowerShell.Agent.gen
BitDefenderHeur.BZC.PZQ.Boxter.762.4CBD9A19
MicroWorld-eScanHeur.BZC.PZQ.Boxter.762.4CBD9A19
Ad-AwareHeur.BZC.PZQ.Boxter.762.4CBD9A19
EmsisoftHeur.BZC.PZQ.Boxter.762.4CBD9A19 (B)
F-SecureTrojan.TR/B2E.Dropper.Gen
McAfee-GW-EditionBehavesLike.Win32.Generic.mh
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.95d44fe08b1376c4
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.1EJV7NE
AviraTR/B2E.Dropper.Gen
MAXmalware (ai score=88)
ArcabitHeur.BZC.PZQ.Boxter.762.4CBD9A19
ZoneAlarmHEUR:Backdoor.PowerShell.Agent.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
Acronissuspicious
ALYacHeur.BZC.PZQ.Boxter.762.4CBD9A19
CylanceUnsafe
RisingTrojan.Generic@AI.100 (RDML:M1aNUM6cT0U9Jj7sOqpTmQ)
IkarusTrojan.PowerShell.Crypt
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:Evo-gen [Susp]

How to remove Heur.BZC.PZQ.Boxter.762.4CBD9A19?

Heur.BZC.PZQ.Boxter.762.4CBD9A19 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment