Malware

About “Mal/ZboCheMan-B” infection

Malware Removal

The Mal/ZboCheMan-B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/ZboCheMan-B virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Mal/ZboCheMan-B?



File Info:

name: 9BAAB0689713CAD77F53.mlw
path: /opt/CAPEv2/storage/binaries/1378803be5dd2c466cdf7d955f63c57e669ad4fb8358d6f6b87e67d8a4943cdc
crc32: 89B1F720
md5: 9baab0689713cad77f53057e11f7ba94
sha1: fd5d94db0e0a996544d73b5ebd40b88e832dd81d
sha256: 1378803be5dd2c466cdf7d955f63c57e669ad4fb8358d6f6b87e67d8a4943cdc
sha512: 083e15a3e47540a106d114cd96617630de6ffb6d2589ae85ef903106b77afd387ff7fa86d93b3e1da67a3b7f2dc0417481c3aa67b598d89167e1ca9b240c349c
ssdeep: 3072:hLOA0qFEj+5aQNAKllzZP3XUjolCiQVqZjhnIf5O+xkqC1S3HVoD4VkHAvrulF:V0nwZMclCiQVqZjhnIf5O+xkqC1mHVWh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DF04D57DB390973EE416E2F6696A8398506D6E3A28D1E417F7C22B08B5F09E3D131353
sha3_384: 49c5845f19c24a8373612d32ce089b1e1393040b79a61bcdc2ef679b2bf691f19824bc8f8ab17dc57b97308967ddfe62
ep_bytes: 6874394000e8f0ffffff000000000000
timestamp: 2012-01-25 19:13:30


Version Info:

Translation: 0x0409 0x04b0
ProductName: XOsmEOYQR
FileVersion: 1.00
ProductVersion: 1.00
InternalName: TtAoASgy
OriginalFilename: TtAoASgy.exe

Mal/ZboCheMan-B also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Downloader.JPAN
ClamAVWin.Trojan.Vobfus-42
CAT-QuickHealTrojan.JorikVMF.S19739448
ALYacTrojan.Downloader.JPAN
MalwarebytesWorm.Obfuscator
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduWin32.Worm.Pronny.d
VirITTrojan.Win32.Zyx.HP
CyrenW32/Vobfus.AI.gen!Eldorado
SymantecW32.Changeup!gen15
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.AQZ
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Jorik.Vobfus.gtpg
BitDefenderTrojan.Downloader.JPAN
NANO-AntivirusTrojan.Win32.WBNA.chvyyl
SUPERAntiSpywareTrojan.Agent/Gen-Remnat[VB]
AvastWin32:AutoRun-COV [Trj]
TencentWorm.Win32.Vobfus.n
TACHYONTrojan/W32.Jorik.184464
EmsisoftTrojan.Downloader.JPAN (B)
F-SecureTrojan.TR/Otran.ammnb
DrWebTrojan.VbCrypt.60
VIPRETrojan.Downloader.JPAN
TrendMicroWORM_VOBFUS.SMAB
McAfee-GW-EditionBehavesLike.Win32.VBObfus.cm
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.9baab0689713cad7
SophosMal/ZboCheMan-B
IkarusWorm.Win32.Vobfus
JiangminWorm/WBNA.eucu
WebrootW32.Malware.Gen
AviraTR/Otran.ammnb
Antiy-AVLWorm/Win32.WBNA.gen
MicrosoftWorm:Win32/Vobfus.gen!P
XcitiumTrojWare.Win32.VB.AVA@4paxk7
ArcabitTrojan.Downloader.JPAN
ViRobotTrojan.Win32.A.VBKrypt.184320.CD
ZoneAlarmTrojan.Win32.Jorik.Vobfus.gtpg
GDataTrojan.Downloader.JPAN
GoogleDetected
AhnLab-V3Trojan/Win.VBKrypt.R557016
McAfeeVBObfus.cu
MAXmalware (ai score=88)
VBA32BScope.Trojan.VBCR.2512
Cylanceunsafe
PandaW32/Vobfus.GEW.worm
TrendMicro-HouseCallWORM_VOBFUS.SMAB
RisingWorm.VobfusEx!1.99DB (CLASSIC)
YandexTrojan.GenAsa!p5p9FWs+0AI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.11625478.susgen
FortinetW32/VBObfus.CM!tr
BitDefenderThetaGen:NN.ZevbaF.36250.lm1@aKMtHXdi
AVGWin32:AutoRun-COV [Trj]
Cybereasonmalicious.89713c
DeepInstinctMALICIOUS

How to remove Mal/ZboCheMan-B?

Mal/ZboCheMan-B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment