The Mal/Zbot-AH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
Gridinsoft Anti-Malware
Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
What Mal/Zbot-AH virus can do?
- Behavioural detection: Executable code extraction – unpacking
- Sample contains Overlay data
- CAPE extracted potentially suspicious content
- The binary contains an unknown PE section name indicative of packing
- Authenticode signature is invalid
- CAPE detected the embedded win api malware family
- Yara detections observed in process dumps, payloads or dropped files
How to determine Mal/Zbot-AH?
File Info:
name: 3AA782C5E0C68E5FAC16.mlwpath: /opt/CAPEv2/storage/binaries/4a6f05cc371add6a5c86d94f2cf0364a3b46279fd1259c1dd401fc89ba2ab018crc32: FB3F6D28md5: 3aa782c5e0c68e5fac16d0ee330ea0e7sha1: cb8337d52461f8c7f297becc2ffc1bb83ae5a3ebsha256: 4a6f05cc371add6a5c86d94f2cf0364a3b46279fd1259c1dd401fc89ba2ab018sha512: f576c2716e25dbecb1c92040814cf6527312ca15759a83d9a702e7de63a01476a8ef59d1bceac5975294c7bda658a3bed88283e4f1ac1c0b08717c8878748e4dssdeep: 12288:nhf5ZlTAvTkeeYgvRtwBJ7OhII89ZGxsDoXgajFmrfs3pp:hfXKTkeUtwBJ7OhlplSfKtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T137C423A63AAC5E2AF6E6CBB117F25710D52297D41C1803DF2336B0C416F71A5BE4D22Bsha3_384: 705a1bed6f77a4bf072bc6dae944fe12d7082b223b68c7e04abdc600eda507c3398e0f53934a485008850c06d3f44d39ep_bytes: 609896e92cd60100c744242457e24100timestamp: 2005-07-12 17:07:59Version Info:
CompanyName: SOFTWIN드䚨긬挶揁곺䡤⣁ud8e1⎽㽢怀緷銹皍ⳟ蟙ꔐ莃響僷귦udb6e㮴뫵됢跌⻛₱뺝豢ٙ곷璡弓妿洊⬑ꥺ엾곇㩰쉉쒘闢ࢆ防鯷鸉쑮픢蒆퐎펆ٮⴶ呥䷱ō㧼튩縖獛뵐ᘘ星崘쒰稒㩻镧찛涞䌐䚗眻放᪫⎴쵏䬂⇦ꣾ꩖䅘糛俺䅻稜: ᜄᰎ⨟ᵦくఋຸㅂ䙡琋ⶪ쩭ɯȁቨቒ㫧㠢ᒇఙ、 㜘䥏펀၁؈丂蘶儿嘛汷䐦簆芗歮ᱍժ煖ܵఒἪ谶ㄺ匒ؚ䡇ࠆᶱ万傡᪙溿Ú㽅䈸恼༄ᕉᙀ⁸丆⚶蘄鄅娽倢辬ᯣȯ܃ᬑℷ镳ἃ乆╆圊伸ᑀ稩ⴆ啓䠐준☗ᬯ⼒Ὰ缋ᜯ㌐ꍵㅁ⠣䅀⤄ᄃ塼☂ᔉ䴆⎅焽떕嬑ʸྣॹ㘺ᢑ홳ጌ⨍٘戻⥖㌘耷ጨᨽĄ塝ؑ㈀偕ప七ᕝ吁؉ཫ㐘㤔᾿ďભ㋒ᤩ၌帋Ƅʝ堤䀗ꯐ嬴匂②؏㠱輐鬅攽؟ᑌ广ཨ⌈谄༕ᰀ䀃ㄤᘯᰝ脵ȇ䜙訖ɂ瀠⼵䬀㞩ଈ㑉ꉀ植ԫ࡙㐠ฟԄȚਾ氮ᖭḍ؝蠁橵䱕ᬾ褃ⵧృཕⱉᕁ㣓ᡣᥓἭᨏᬂܗ詤嘐ᘓ爁䤁芍籜ȓudb09⼕땪ơ扡蝡㘓᭕༑븓㛭箛㞍䢿‼㰀欜戢ꙙ㐡䴤㌩ᢘ뮈㠕㜅ย䫓圼ᚃ⸫ᴪ㈤ⶁ稄ဝന斺눀⫛㌀ㄗ摅ᢗኋ⸽顩̄Вᠽ᪙䘘楰ᫎ㔂⠰⼖࿇윛稵ԓᨙᬡ孰넦坢г䘛핯ẃ∣㬞㞃⡆鼁Ⰻ⃝絽⍿Ԁ⼔㠂Όᘟ䰈ᔁㄮ爌ܲ䢁䀖ማ愳鐐a䜓턂흚ᐁ䎎읆蘟ဇ託掊⼹刿戅ȉИ᐀谅㐢‧꜓欔逄斏ܜŒ⼃⥕ѣ嗍ᰍँud92a㘄ud9b4漐傄␇ậഉଃൟ洦䐋牐ⱍ梾⨏က攞쑼ฺ抵岙ᑄ煟Ȉ㰯ᅎ㤇ᘇʤȷ匯㜙밽鉘㆕ㄬఖɴ㜜歭䨵蠊ᠯЈĘ䨄ঈశ褍䌐ᅤ欘刂́扱㨀㰨ᔌ␥ɩḨሜ挃䰧ᤙ乡ѫ͢ጨ幠⤏㬰赞䎋ࡳ眎崶݃蜢8ᢣ桼笗⤃ⱅ摶㜅።ላ倹ါ╆⌌笲넨寖娈≟٪ᔀ̒圅ᩏ譒㴁ͫą䊖ݖፒ븺 ⬥䬆эฆ萎꼟ఓ〵Ȇဋ틐♯༥㗈纕蔈쎛픗䡊㌆㬗톉붏猻䒣攺ၗḑꤒ⸚ἔԕఞ᠐ᴂاꔈᮋ൙ѱ嬇⤏ᰞ将㭏Я땂㌜䈿楝ᕧ材䴈ബᔛ䈧鱄✚ܚ霊ԑϦԎ阆匧⤋㕢ʏ漋䔶ᰀࢉ㴓腟䴀讗ऴ☦༝䨪億Ğᩒ्ꬋ篠㔄ᤎ굫朥娪䨇ీ缓划戇기䥛Ȇц㌰栁Ⱥธ≫┚䴅യ崤ⵃਪ㼈帐ຕ堀ᤇ衸䕓鸣艼ude08斁䖏ᬳᐈဒ娂䨃♒䍭┇㐅⍆お䥵呫孱扰ᰫ옇ᘲ曝ᨗ賃ₓ瀤警开灂ⅴ丿ẗ鰖㐁ଈ洠❲Ŕ୧ᱵ卬䨴ᘂ樖ꚍᠾཋ㌓ݐ䪹唏ک熄༖庆≘⸌ीࠓఁ퉎ؤ夐㑯腚㉘،䠊怂✝啾പ麻ᨥဥࠗ禓⸍আ錑ᬯㄘݮ㆘ろݯļ笁ؗ瓂ܓر末Ḭܕ叕ࡩ罴ꋦ몟ud80cଁ橽悎㐍䠜薎ᨂȀ栊b鸁钋會✀Ɯ悼漼㸆ᄓ䬆⼄捐ඐ帻䬊䴔剏ʹ蜢ᬂ㴍㜐「ⴁࢫ塃ы㔫Åഃ࠙跛鞧耜ѐॉ侥幩謪Ĭ椃縆抮ᠦ䈁Λ䢠㠌س붜㈥⼁ㅍ杔㐝쁟娈㈼蠷↗樞㌂듐࠴␘㞜噟楞ɶűᶕ靧ʽᘔᗔꍪ娏ఖऄ‑ı謐揖ud854น肊ȋ鄩༛ȁἰ굶͌㈈㉞䔊ి再砭䷫᥎䈏博羅⢂ଓ葡ੴᐼⲟ佌ⱜ 꺕䲠㡞؇㜂đḏᡸ桰吀ᰖ䳂鮴ᄏ⌖⺆ꬋ␏䠖̃ꢍሼࠝ潡ၡ娐ຕ텛Ă᳗ ̦娛ᄆ摩ȗᄧℙ㐶䠦↓㘬嬹䶢春᠀̰ἄ뎆愶㌮ਠ崲鬈ଥ䘢ᡧ쬲䔋䐆ܗ⌄M䰫㲔؆Ṝ䌃ၡܻ䐻Ҍř䬰紖᭖ㄈ∘朝ц∠猓鉔䠔ᰶɫᜇ恆䀊实栬䈕蘀☱㠔啨䘻攪Ћ㬬툈윘ᔊ㬱ቋud85b琂〾깊吮ข䔡ስ閈砧เ㮋鬋切쌏ᨠ⡶夥憝呗⢥䀀ꐹ䜷✯錂㖃Љ坟슔尉ȁ䈴ᬠ쌏뜆⤙吆䄉ᐉ䂨㍠Ћഘᡑค䥊โ 䰆蕮စ⸚榝ࠢ娊睟༶પ묂䴊ᴙ℀佉ॖ䁪䨖位ः鱂⬶℅Ɖढ़༾㬑␋тࠟ༰ѓࠝ╡ᔆጷ㔾ྮ屖蠪ၢ洅䠀ȉ㬕਼zࠔ℀匌ᕍ唡łꀦޞ䅃㥘垥ണh嵓兦䨡⭥䭒✱㵛͟漏❔䔡㬾錓ˊܭ␀᠃焳Ő⍗㩉┱ਅ鈯䤉鮓讟孅趇┧ḉȟ剹ℸ䤋㊨▐ባ″訥怎㜊⥗蕶 ᅎԑᴺെ伜넖㤨剶윮䄚☼㖺₋缲先ꔊ挻렁譋尖ѾІud802ṵ❤礴㐙ଓ깽ㄎĢ成䔹ݨ❊ԏŎ≖ꪕ有ⴽᥛ┉ꄗ꾄㉂捧ᜈὠั̉ค亏呙䱎ʘᆦ鄂ʿ഻udd01ᐅ。⨠㘺ᖙ檙杜漥夔✅ꑺॉ날ഒ╆⌙ᴤ䅇Dዂ̏Ɉᬆ뾏 ἴĺ㙰䐀瀗堕⡳ἀ 敇ḇȱдฒĹ플䨒ۀ밅‐ጤॱ蕧蘁䡉Ɇ᭙ਈ田య␍̥嘓ᲞڋÓؐ⌯뀛ጫ䰍ࠀ岠瘫▋Ἆၻ⬀ē唻鼀Ꮑᱻ霕ķꨲ؏ܢᆣ玤Ɵ㉅क़㬒ὒɺ䒦䜘찪∧݀䈈㴒͔扨⬏䔊搪匶ख⥃ࠊᕖ䠼圼ᔑ⤛夁栂ꄞ⼊帑䌛हꐄȝᵝ鲥옂ਂ≵՟嬏݂餫졉̅ݷ᳚⬉ĝ딌̑ሆ鈖伊讂眶湭ఌЍ∌⚲Ἐᑸἲꈃ鬀䉯ḿᝑꘀ⚬犆譺㵸琽斖㼋夤〕⭃끊漚ஂ䵤礧化ܨš⪉ഡ࠱ᴠꊀ␛ሁऔᄐ䕜笾ጆᴢ軆꼔䨊ᔄ℧㨹ꔁ䈉遻ͬ䨁㹯ࠍĚ적㸹疢⢕ଋ㨷ॡᵋ㤇䯬╱ᥟ㙲ⴲⴊ蜸㌏丑鄫杌ud81aᨆࡗ崊⠂捚痠ᰙᤙ䝏㐆ᘨᒚꀜᝣ枙넰怌皶ⶣଢ଼Gਘခ敐䒪⼃ᐤ㸝駑̙䄳㐎p䔗譇㱩蝢朷妢쐃Оļ伲܁␓帕⭶稗ഺ谑猂䄢餣ᴖᢩᠬȝ़輙ꤗܐᯉ怘ṍ啔尅刴䪳䐾舀ᙗ㡙䜅Җġ抌᥌䉛ก䡽)㨆ओ쩁⁷ᰇ⭕ᨺ䐖밮Ḏᤚ匃䛧玧왆茤屠欽ᄆ皣猪ᘘ㴰䎐ဘ᱐ᩕ阛䊵刞鼣ጫ㼙㮥ᅮᄰ䉔㊈⸤䬔Ԋ複啚堘Ŗ褒܍䮥ฅuda5c㴂螙СΜ剅⠞ԃ虻垢⊙梂蠐脵ᶝ㜝↥⨏뜗渜ਝⷦꌟ퍁㰃蜊✂Зݤᩨ匲挀ₛ怰犴〉璍፮Ж唼ᬂᩭ┿匡ḧᰱ┶е⡜枪氥䠙⼱ܳጀ୯萾❥ṅ与ἆ̪茽慓٤Ⱖὕ된ᐅᡇ찰အ씘祇ᬬ 岊౷卑욅ጭ䜉䑷㤤☙넀䁡㘶ᬊ㖿끌嶩⽦ݯጉ儸ጜ@ّࠢ覻㔝㬍射剸砙✌⌡䤬ᰵ䷒儫ऊେᗟЀᔄ且癲퐋㔡坧ਉᬂ㠥ⴖ༇ಌ☫烛긅ْ贈Ўሢudc8a愞⩭ᒊᵄᒞ籏⡷籏啞ቫࡄ睄㉑彉⡏㼍༮ܹ䁠䈂ਏ댿煋♎ঐ⏜Ḝ⤘㼎桊ꆠ畇ဃࠄȃ㘳༅/Ἴ傥똾倉⤊ጢ鸊ရ嘫ଂज٩ᝂ㐥̈ㄕ̺䴫㪁䴥䠌鹪ҝ㢊ᅴ―ग़ᤳĩ枋ďএ猔ᝢᴗ夅ചል挵ቆ༆ਫ਼ᴎ㳂ԭ㥦∆ᬈ㤚磈ƒਛʪĈ䌊ᘒ阆䑕ࠊⴘ묊궬暦⬁ላ३9ሂ㎯斦줐Ȝ㸱甜栿॔⨁♛പᑆ䵯䬦䭝瀆舤᠕첹Лሓ쁔ᐕ㠞ⴇ중複፳ሀ圍͙ᘆ䖓❓䄇ଠȁᆐ㵊Ω暢窹现⠄礗ƒ谳ॳ䧙娗!ד昷ᬱ港ᤨᤉ䐵㹹琄턽−⽣鬕栀洦ⵓ
Mal/Zbot-AH also known as:
| Bkav | W32.AIDetectMalware |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Gen:Variant.Zbot.10 |
| FireEye | Generic.mg.3aa782c5e0c68e5f |
| Skyhigh | BehavesLike.Win32.Generic.hc |
| ALYac | Gen:Variant.Zbot.10 |
| Zillya | Trojan.Scar.Win32.27913 |
| Sangfor | Trojan.Win32.Save.a |
| K7AntiVirus | Spyware ( 0055e3db1 ) |
| Alibaba | Packed:Win32/FakeAlert.ca5076a3 |
| K7GW | Spyware ( 0055e3db1 ) |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Arcabit | Trojan.Zbot.10 |
| BitDefenderTheta | Gen:NN.ZexaF.36744.IK3@aC0661nG |
| VirIT | Trojan.Win32.Cryptic.AJT |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | Win32/Spy.Zbot.UN |
| APEX | Malicious |
| ClamAV | Win.Trojan.Scar-4380 |
| Kaspersky | Packed.Win32.Krap.hl |
| BitDefender | Gen:Variant.Zbot.10 |
| NANO-Antivirus | Virus.Win32.Gen.ccmw |
| Avast | Win32:MalOb-CK [Cryp] |
| Tencent | Win32.Packed.Krap.Jqil |
| Emsisoft | Gen:Variant.Zbot.10 (B) |
| F-Secure | Trojan.TR/Crypt.ZPACK.Gen |
| DrWeb | Trojan.PWS.Panda.171 |
| VIPRE | Gen:Variant.Zbot.10 |
| TrendMicro | TROJ_KRYPTK.SMM |
| Sophos | Mal/Zbot-AH |
| SentinelOne | Static AI – Malicious PE |
| Jiangmin | Trojan/Scar.acqi |
| Webroot | W32.Backdoor.Gen |
| Detected | |
| Avira | TR/Crypt.ZPACK.Gen |
| Varist | W32/FakeAlert.OG.gen!Eldorado |
| Antiy-AVL | Trojan[Packed]/Win32.Krap |
| Kingsoft | Win32.HeurC.KVMH008.a |
| Xcitium | Malware@#jw6bne8jjepu |
| Microsoft | Trojan:Win32/DSSDetection |
| ZoneAlarm | Packed.Win32.Krap.hl |
| GData | Gen:Variant.Zbot.10 |
| Cynet | Malicious (score: 100) |
| AhnLab-V3 | Packed/Win32.Krap.R41467 |
| Acronis | suspicious |
| McAfee | Artemis!3AA782C5E0C6 |
| VBA32 | Malware-Cryptor.General.3 |
| Panda | Trj/CI.A |
| TrendMicro-HouseCall | TROJ_KRYPTK.SMM |
| Rising | Trojan.Ditertag!8.F693 (TFE:1:7KS15PZcM0F) |
| Yandex | Trojan.Scar!szZ/mpJofVA |
| Ikarus | Trojan.Spy.ZBot |
| MaxSecure | Trojan.Malware.1439293.susgen |
| Fortinet | W32/Kryptik.AJ!tr |
| AVG | Win32:MalOb-CK [Cryp] |
| Cybereason | malicious.52461f |
| DeepInstinct | MALICIOUS |
How to remove Mal/Zbot-AH?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment