The ML/PE-A + Mal/Zbot-AJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
Gridinsoft Anti-Malware
Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
What ML/PE-A + Mal/Zbot-AJ virus can do?
- Behavioural detection: Executable code extraction – unpacking
- Yara rule detections observed from a process memory dump/dropped files/CAPE
- Creates RWX memory
- Anomalous file deletion behavior detected (10+)
- Dynamic (imported) function loading detected
- At least one IP Address, Domain, or File Name was found in a crypto call
- Enumerates running processes
- Expresses interest in specific running processes
- Reads data out of its own binary image
- CAPE extracted potentially suspicious content
- Unconventionial language used in binary resources: Russian
- The binary contains an unknown PE section name indicative of packing
- Authenticode signature is invalid
- Code injection with CreateRemoteThread in a remote process
- Behavioural detection: Injection (inter-process)
- Behavioural detection: Injection with CreateRemoteThread in a remote process
- Tries to unhook or modify Windows functions monitored by Cuckoo
- Steals private information from local Internet browsers
- Collects and encrypts information about the computer likely to send to C2 server
- Attempts to modify browser security settings
- Collects information to fingerprint the system
- Anomalous binary characteristics
- Clears web history
How to determine ML/PE-A + Mal/Zbot-AJ?
File Info:
name: 95A8514DB7A58DBFECCF.mlwpath: /opt/CAPEv2/storage/binaries/46518a754409a5a82f6b3c3650422bf87e48575ecbed848654bb0c708890dc07crc32: 2906B1F3md5: 95a8514db7a58dbfeccfb65227cb1e94sha1: 4abb1bca1598366aa184d8486a560513c5eb920esha256: 46518a754409a5a82f6b3c3650422bf87e48575ecbed848654bb0c708890dc07sha512: 028787099c9ea2eb8ad38d6793669c1d892b13a4159d5fe93a49ba45fa7dcac74db7ee55c7c28e9c31147cb1c1e5aa595d17727b0345d0edb950fd64d121c586ssdeep: 768:VYJnyigqY0JJ/jt0wZO8+AR7qo6uRA2TNryfRwbQBlk+1fwG8qYPva5lQ0360XVm:VYdyihVt01xAAOA2TlypFlkK8wg0K0Etype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1C3A3F1677DAD1649CCCD0A3A10D75838EE27A711A7BB4211F145471F8F2EB82F62B868sha3_384: 8fbf3eeedba123cccd37cfed004e9a3f5679511d02bcdf70c7353ddc72eefcafdd76efef174d8fd169f6e0d676cbbb69ep_bytes: 68b6932b67660fbed0588d14f57e7cc8timestamp: 2005-03-12 08:38:52Version Info:
CompanyName: †SOFTWIN*ᑮudaf1濱瀔퐉듣틀Խ着騧ﳝ囅Ⴐ胱핀⿉䥏䂽ᔁ緢嘧브⭐쭂꼶ᡇ젖ﳸх䇫慨ꔂ黊︗轟Ə绐弽籩䌹鴁묌些㌻༡䋨铲署鑰⩁ꊶ줩ᜍud9b8쀑蜎쮛쳽勲⼛憙皩㬸弒䷼毴跨둶ꕔ鎅쬤덯嘱噋瑷묈꜎쨇偆ud8a1릊쓽곏쐓或麂䠋Χ콝꾞㎫◼㩡࠻ud81c㖇壜ʹ沓奥禭鬪ꘔudd4a鐛꾴옸ⴟ款ud9e9荊蝓㴂㛄轁ℙᵷ顆얊턻囘幱㘆쥞烖㱄駲홨떙፧뤃됨䯺飽鋧䖨囟䃹駰䱃Ӝዦ卓煕탨鈛搅䏮珀뚨혗臾䞇튫踚Ƣ焦䀹ᑂ芘嘶ሔ塚䏯Ɵ词尻雍鎙侨횒盶馐udedb둦麶鰭ꦫ獴鞢씣䭨䶗ꝏ痻鶋곆퍍趩ᬍ鋗䯮쀎廃⭑땤㈎ǜ账හ⪖힏쿥쵠鵞ﱦꄏ憌쨵ᘘ⟛끿ɴ졾봶먗ᕂudb61큧㍯볔䚣ఁ뛶熒阂ꄟ췔ﷻꍼ璜ṣ셲浑㑗ほꔐᘅ틒嘍練豏䤸특奯ude6c㭃㗂뾐ᷟ봼㼼浸敶獲潩㵮ㄢ〮•湥潣楤杮∽呕ⵆ∸猠慴摮污湯㵥礢獥㼢ാ㰊獡敳扭祬砠汭獮∽牵㩮捳敨慭業牣獯景潣㩭獡ㅶ•慭楮敦瑳敖獲潩㵮ㄢ〮㸢†愼獳浥汢䥹敤瑮瑩൹ ††瘠牥楳湯∽⸱⸰⸰∰†††牰捯獥潳䅲捲楨整瑣牵㵥堢㘸ഢ ††渠浡㵥䴢物湡慤䴮物湡慤䴮物湡慤ഢ ††琠灹㵥眢湩㈳ഢ ⼠ാ 㰠敤捳楲瑰潩㹮楍慲摮㱡搯獥牣灩楴湯ാ 㰠牴獵䥴普浸湬㵳產湲猺档浥獡洭捩潲潳瑦挭浯愺浳瘮∲ാ †㰠敳畣楲祴ാ ††㰠敲畱獥整偤楲楶敬敧㹳††††爼煥敵瑳摥硅捥瑵潩䱮癥汥†††††敬敶㵬愢䥳癮歯牥ഢ ††††甠䅩捣獥㵳昢污敳⼢ാ ††㰠爯煥敵瑳摥牐癩汩来獥ാ †㰠猯捥牵瑩㹹†⼼牴獵䥴普㹯†搼灥湥敤据㹹††搼灥湥敤瑮獁敳扭祬ാ †††㰠獡敳扭祬摉湥楴祴††††††祴数∽楷㍮∲††††††慮敭∽楍牣獯景楗摮睯潃浭湯䌭湯牴汯≳††††††敶獲潩㵮㘢〮〮〮ഢ †††††瀠潲散獳牯牁档瑩捥畴敲∽㡘∶††††††異汢捩敋呹歯湥∽㔶㔹㙢ㄴ㐴捣ㅦ晤ഢ †††††氠湡畧条㵥⨢ഢ †††⼠ാ †㰠搯灥湥敤瑮獁敳扭祬ാ 㰠搯灥湥敤据㹹†搼灥湥敤据㹹††搼灥湥敤瑮獁敳扭祬ാ †††㰠獡敳扭祬摉湥楴祴††††††祴数∽楷㍮∲††††††慮敭∽楍牣獯景楗摮睯摇灩畬≳††††††敶獲潩㵮ㄢ〮〮〮ഢ †††††瀠潲散獳牯牁档瑩捥畴敲∽㡘∶††††††異汢捩敋呹歯湥∽㔶㔹㙢ㄴ㐴捣ㅦ晤ഢ †††††氠湡畧条㵥⨢ഢ †††⼠ാ †㰠搯灥湥敤瑮獁敳扭祬ാ 㰠搯灥湥敤据㹹†挼浯慰楴楢楬祴砠汭獮∽牵㩮捳敨慭業牣獯景潣㩭潣灭瑡扩汩瑩ㅶ㸢††愼灰楬慣楴湯ാ ††㰠畳灰牯整佤⁓摉∽㍻ㄵ㠳㥢ⵡ搵㘹㐭扦ⵤ攸搲愭㐲〴㈲昵㌹絡⼢ാ †㰠愯灰楬慣楴湯ാ 㰠振浯慰楴楢楬祴ാ㰊愯獳浥汢㹹:
ML/PE-A + Mal/Zbot-AJ also known as:
| Bkav | W32.AIDetect.malware1 |
| Lionic | Hacktool.Win32.Krap.x!c |
| Elastic | malicious (high confidence) |
| DrWeb | Trojan.PWS.Panda.383 |
| MicroWorld-eScan | Trojan.Brsecmon.1 |
| FireEye | Generic.mg.95a8514db7a58dbf |
| CAT-QuickHeal | TrojanPWS.Zbot.Y10 |
| McAfee | Generic PWS.te |
| Cylance | Unsafe |
| Zillya | Trojan.Kryptik.Win32.72548 |
| Sangfor | Trojan.Win32.Brsecmon.1 |
| K7AntiVirus | Trojan ( 0056f48b1 ) |
| Alibaba | Packed:Win32/Kryptik.b3fa5c68 |
| K7GW | Trojan ( 0056f48b1 ) |
| Cybereason | malicious.db7a58 |
| Arcabit | Trojan.Brsecmon.1 |
| BitDefenderTheta | Gen:NN.ZexaF.34212.gO0@aec@WydI |
| VirIT | Trojan.Win32.Panda.OT |
| Cyren | W32/FakeAlert.OG.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win32/Kryptik.ASLG |
| TrendMicro-HouseCall | TROJ_KRYPTK.SMM |
| Paloalto | generic.ml |
| ClamAV | Win.Trojan.Agent-1016927 |
| Kaspersky | Packed.Win32.Krap.hd |
| BitDefender | Trojan.Brsecmon.1 |
| NANO-Antivirus | Trojan.Win32.Krap.dmngt |
| SUPERAntiSpyware | Trojan.Agent/Gen-Backdoor[Softwin] |
| Avast | Win32:MalOb-CK [Cryp] |
| Tencent | Malware.Win32.Gencirc.11bbf6ff |
| Ad-Aware | Trojan.Brsecmon.1 |
| Emsisoft | Trojan.Brsecmon.1 (B) |
| Comodo | Packed.Win32.Krap.hd@2nkc7n |
| F-Secure | Trojan.TR/Crypt.XPACK.Gen2 |
| VIPRE | Trojan.Win32.Generic!SB.0 |
| TrendMicro | TROJ_KRYPTK.SMM |
| McAfee-GW-Edition | Generic PWS.te |
| Sophos | ML/PE-A + Mal/Zbot-AJ |
| Ikarus | Packer.Win32.Krap |
| Jiangmin | Packed.Krap.dahr |
| Webroot | W32.InfoStealer.Zeus |
| Avira | TR/Crypt.XPACK.Gen2 |
| MAX | malware (ai score=100) |
| Antiy-AVL | Trojan[Packed]/Win32.Krap |
| Kingsoft | Win32.Heur.KVMH008.a.(kcloud) |
| Microsoft | PWS:Win32/Zbot |
| ZoneAlarm | Packed.Win32.Krap.hd |
| GData | Trojan.Brsecmon.1 |
| Cynet | Malicious (score: 99) |
| AhnLab-V3 | Win-Trojan/Kazy.Gen |
| Acronis | suspicious |
| VBA32 | Trojan.Zeus.EA.01000 |
| ALYac | Trojan.Brsecmon.1 |
| TACHYON | Trojan/W32.Krap.104448.AT |
| Malwarebytes | Malware.Heuristic.1003 |
| APEX | Malicious |
| Rising | Trojan.Kryptik!8.8 (CLOUD) |
| Yandex | TrojanSpy.Zbot.Gen!Pac.15 |
| SentinelOne | Static AI – Malicious PE |
| MaxSecure | Trojan.Malware.1440924.susgen |
| Fortinet | W32/Kryptik.AJ!tr |
| AVG | Win32:MalOb-CK [Cryp] |
| Panda | Trj/Krap.Y |
| CrowdStrike | win/malicious_confidence_100% (D) |
How to remove ML/PE-A + Mal/Zbot-AJ?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment