Malware

Mal/Zbot-QL information

Malware Removal

The Mal/Zbot-QL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Zbot-QL virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Mal/Zbot-QL?



File Info:

name: 82EB041049B48ADBB3EA.mlw
path: /opt/CAPEv2/storage/binaries/b89d0d78bf1689fd7fed5eeed058b5a4ee3ff1a4fc64d4af7da1923bf2d080c2
crc32: E96891F5
md5: 82eb041049b48adbb3ea92d2b35c986c
sha1: d73db98914e5658263d3235265c397e7f794e0a0
sha256: b89d0d78bf1689fd7fed5eeed058b5a4ee3ff1a4fc64d4af7da1923bf2d080c2
sha512: 648a509aa7b1c73cebc549deb1cca18c7b597f4ae67f96eede803b8c6bce7721fd0efd625fabd7b0e3848d82769ff8e2707a9b2fa435db90100f65f1df6c94ff
ssdeep: 768:xW9+F8BPtElggggggLvggggggggUaocdF+qqPbNMugJx:ekoqzqTNMD/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BC238B382AD51572E37B8EB585F251CEA96DBC233903584E4071F3450AF3BD2EDA1A1E
sha3_384: 578bf7e79dceba4f99c3ecd023fd23d1444564eabe5f1beb516c7303cc86feb39c58ef357342388298ba512541e54bb6
ep_bytes: 558bec6aff68b8324000680010400064
timestamp: 1992-05-31 15:52:29


Version Info:

CompanyName: Juice
FileDescription: Juice proged
FileVersion: Version 2.1.1
InternalName: Juice
LegalCopyright: Copyright by Sego© 
OriginalFilename: iJuice
Translation: 0x0409 0x04e3

Mal/Zbot-QL also known as:

BkavW32.FamVT.GeND.Trojan
AVGWin32:Evo-gen [Trj]
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ppatre.Gen.1
FireEyeGeneric.mg.82eb041049b48adb
ALYacTrojan.Ppatre.Gen.1
MalwarebytesWaski.Trojan.Downloader.DDS
ZillyaTrojan.Cryptodef.Win32.2887
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 0052964f1 )
K7AntiVirusTrojan ( 0052964f1 )
BaiduWin32.Trojan-Downloader.Waski.a
VirITTrojan.Win32.Panda.LFU
CyrenW32/Upatre.OI.gen!Eldorado
SymantecTrojan.Gen.MBT
tehtrisGeneric.Malware
ESET-NOD32Win32/TrojanDownloader.Waski.A
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Malware.Upatre-9848438-0
KasperskyTrojan-Ransom.Win32.Cryptodef.zv
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.Cryptodef.ddoxyv
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Downloader.zv
SophosMal/Zbot-QL
F-SecureTrojan.TR/Kuluoz.lrse
DrWebTrojan.PWS.Panda.7586
VIPRETrojan.Ppatre.Gen.1
TrendMicroTROJ_UPATRE.SMX2
McAfee-GW-EditionBehavesLike.Win32.Generic.pt
Trapminemalicious.high.ml.score
EmsisoftTrojan.Ppatre.Gen.1 (B)
IkarusTrojan.Win32.Bublik
GDataWin32.Trojan-Downloader.Upatre.BK
JiangminTrojan/Cryptodef.az
AviraTR/Kuluoz.lrse
Antiy-AVLVirus/Win32.Expiro.imp
XcitiumTrojWare.Win32.TrojanDownloader.Waski.DA@5iyglc
ArcabitTrojan.Ppatre.Gen.1
ZoneAlarmTrojan-Ransom.Win32.Cryptodef.zv
MicrosoftTrojan:Win32/Zbot.svfs!MTB
GoogleDetected
AhnLab-V3Trojan/Win.Cryptodef.R415348
Acronissuspicious
McAfeeDownloader-FAGS!82EB041049B4
MAXmalware (ai score=89)
VBA32TrojanRansom.Cryptodef
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_UPATRE.SMX2
RisingDownloader.Waski!1.A489 (CLASSIC)
YandexTrojan.GenAsa!e4l/xyQI0s0
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Waski.A!tr.dldr
BitDefenderThetaGen:NN.ZexaF.36132.cq2@amcHZdhi
ZonerTrojan.Win32.25356
DeepInstinctMALICIOUS

How to remove Mal/Zbot-QL?

Mal/Zbot-QL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment