Spy Trojan

MemScan:Trojan.Spy.ZBot.EQH (B) (file analysis)

Malware Removal

The MemScan:Trojan.Spy.ZBot.EQH (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MemScan:Trojan.Spy.ZBot.EQH (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine MemScan:Trojan.Spy.ZBot.EQH (B)?



File Info:

name: 9E300551143D73B21456.mlw
path: /opt/CAPEv2/storage/binaries/d45f61d2d049e6fed8e984f1a477eaef02dc976885c97be8338e5eb0ed671ef5
crc32: 6DCA4C33
md5: 9e300551143d73b2145626efeec78b0d
sha1: 74a6d7e49fbc47c7b70a5bc14ff9306a00b77679
sha256: d45f61d2d049e6fed8e984f1a477eaef02dc976885c97be8338e5eb0ed671ef5
sha512: e0d38abdcaf3dc609af703600442895385b343433c66f97f8c9abb08a8658f537f3f6db3a8029742cc8a69d8a7f2d36af28775c9bad3a0eb1b1caa98430abe57
ssdeep: 3072:1aDtD6uXj39X7dSWdaL4uETexVkl3hhLjdpufZOCx7Y4V+:2tDnZLdRSd2/j61RFV+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15014E02255C0AB37C3F41732FE181DA7E66E349A4BB1461BC7921D085CFFAADE903964
sha3_384: d5a71545c4cdc0ca9cd485da72aa3786fc22917314670cfff9f8d58030fc7453671cbfb361e3e1811b78bc530d3e1dc4
ep_bytes: 558bec83c4ccff75f08d45e45068714b
timestamp: 2004-01-18 15:30:17


Version Info:

0: [No Data]

MemScan:Trojan.Spy.ZBot.EQH (B) also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.9e300551143d73b2
McAfeePWS-Spyeye.fc
CylanceUnsafe
VIPREPacked.Win32.PWSZbot.gen (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
AlibabaTrojanSpy:Win32/Kryptik.50c8e0a0
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.1143d7
BitDefenderThetaGen:NN.ZexaF.34212.myW@a0yTmwnc
VirITTrojan.Win32.Panda.OX
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.JSA
TrendMicro-HouseCallTSPY_ZBOT.SMIB
Paloaltogeneric.ml
KasperskyTrojan-Spy.Win32.Zbot.ayhd
BitDefenderMemScan:Trojan.Spy.ZBot.EQH
NANO-AntivirusTrojan.Win32.Zbot.cxzxb
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
MicroWorld-eScanMemScan:Trojan.Spy.ZBot.EQH
AvastWin32:Trojan-gen
TencentWin32.Trojan-spy.Zbot.Huyy
Ad-AwareMemScan:Trojan.Spy.ZBot.EQH
ComodoMalware@#3zwjm7rioqs7
DrWebTrojan.PWS.Panda.387
ZillyaTrojan.Zbot.Win32.296
TrendMicroTSPY_ZBOT.SMIB
EmsisoftMemScan:Trojan.Spy.ZBot.EQH (B)
APEXMalicious
GDataMemScan:Trojan.Spy.ZBot.EQH
JiangminTrojanSpy.Zbot.aueh
AviraTR/Crypt.XPACK.Gen2
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASMalwS.187DE1E
MicrosoftPWS:Win32/Zbot.gen!Y
SentinelOneStatic AI – Malicious PE
AhnLab-V3Trojan/Win32.Zbot.R2835
Acronissuspicious
VBA32Trojan.Zeus.EA.0999
ALYacMemScan:Trojan.Spy.ZBot.EQH
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojanSpy.Zbot!BXwlI4FWtSw
IkarusTrojan.Win32.Spyeye
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.NAS!tr
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove MemScan:Trojan.Spy.ZBot.EQH (B)?

MemScan:Trojan.Spy.ZBot.EQH (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment