Malware

Should I remove “Mal/Generic-S + Mal/Zbot-QL”?

Malware Removal

The Mal/Generic-S + Mal/Zbot-QL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-S + Mal/Zbot-QL virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Mal/Generic-S + Mal/Zbot-QL?



File Info:

name: 430FDBDDB4B1E68FA967.mlw
path: /opt/CAPEv2/storage/binaries/1bda9e318847acefe4596d8dfcd877b0d83e79d954f847d02969564691712795
crc32: BF66EE94
md5: 430fdbddb4b1e68fa9674158321977f2
sha1: ce30aeece125f4a51c9c37c23140afce4183d50c
sha256: 1bda9e318847acefe4596d8dfcd877b0d83e79d954f847d02969564691712795
sha512: 5b24428a6a9ba6ad40ac5a2cbe07be55619786d452b1678d3b0da033aedd72f2c9d957fd17445b6c002ad72c552066e2ee2b3423b12c53e3d014f166c633b3b1
ssdeep: 768:M1z6pLMxj999999996cgoYkytbdH4bdxN5agUFGwoXfTm:wwM9999999996FoYkytbdH4bd7Qr8a
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AD33CD386AE55632E3F7CF7586F299C6A935B8223C06590D148643490933F1AFDE1B2F
sha3_384: 2c7b9da15d1b733bffc27a289394ec6a12b94ed89f18a2e4e5fa8901542ac07113af17755d9a58f5754811a4508b5e79
ep_bytes: 55bd00104000e86cf0ffffe967010000
timestamp: 2013-07-16 04:04:26


Version Info:

0: [No Data]

Mal/Generic-S + Mal/Zbot-QL also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.lX56
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.50377823
FireEyeGeneric.mg.430fdbddb4b1e68f
ALYacTrojan.GenericKD.50377823
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0052964f1 )
AlibabaMalware:Win32/km_2438e7.None
K7GWTrojan ( 0052964f1 )
Cybereasonmalicious.db4b1e
BitDefenderThetaGen:NN.ZexaF.34742.dqY@aq!pKBki
CyrenW32/Upatre.IQ.gen!Eldorado
tehtrisGeneric.Malware
ESET-NOD32Win32/TrojanDownloader.Waski.A
BaiduWin32.Trojan-Downloader.Waski.a
TrendMicro-HouseCallTROJ_UPATRE.SMBB
Paloaltogeneric.ml
ClamAVWin.Malware.Upatre-9636023-0
KasperskyHEUR:Trojan.Win32.Delf.gen
BitDefenderTrojan.GenericKD.50377823
NANO-AntivirusTrojan.Win32.DownLoad3.cwhcpm
AvastWin32:Agent-AUID [Trj]
TencentTrojan-Downloader.Win32.Waski.16000151
Ad-AwareTrojan.GenericKD.50377823
SophosMal/Generic-S + Mal/Zbot-QL
ComodoTrojWare.Win32.TrojanDownloader.Waski.ZR@59gqq9
DrWebTrojan.DownLoad3.28161
IkarusPacker.Win32.Krap
TrendMicroTROJ_UPATRE.SMBB
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.qz
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.50377823 (B)
APEXMalicious
GDataWin32.Trojan.PSE.1760W76
JiangminTrojan/Generic.azrzw
AviraTR/Yarwi.clep
ViRobotTrojan.Win32.Z.Upatre.53282.B
ZoneAlarmHEUR:Trojan.Win32.Delf.gen
MicrosoftTrojan:Win32/Trickbot.GML!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Upatre.C3112737
McAfeeUpatre-FAEM!430FDBDDB4B1
MAXmalware (ai score=82)
VBA32BScope.TrojanSpy.Zbot
MalwarebytesTrojan.Upatre.Generic
RisingTrojan.Generic@AI.100 (RDML:xKzhtjFyu26wTOsVqbZDEw)
YandexTrojan.GenAsa!RXv/MEdB7LY
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Kryptik.YY!tr
AVGWin32:Agent-AUID [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Mal/Generic-S + Mal/Zbot-QL?

Mal/Generic-S + Mal/Zbot-QL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment