Malware

What is “ML/PE-A + Mal/Zbot-AV”?

Malware Removal

The ML/PE-A + Mal/Zbot-AV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Mal/Zbot-AV virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid

How to determine ML/PE-A + Mal/Zbot-AV?



File Info:

name: C84D2203CF4569966E2F.mlw
path: /opt/CAPEv2/storage/binaries/c9ef78930f698a378af8703bf36cf0bd76b2cbcf930d4988d12a656739c3bf36
crc32: 68DFE8B8
md5: c84d2203cf4569966e2f477999e9299c
sha1: 93895f9a01c9fc95dc8e3e8b7d0e3f6842d5463b
sha256: c9ef78930f698a378af8703bf36cf0bd76b2cbcf930d4988d12a656739c3bf36
sha512: 0e75fdae6daf3cdcb04cd0887e4e62f0f2bf0b1d90d841954cc34c1249d9d03bfab5da51a6a5f106caa3039cca44ab29c664eb76a9958362622ed6ada5a214f5
ssdeep: 3072:p+2ArwRYwMBEWuh/twsI++eEz/CwjCXio51E1i5hxfte:p+2AcR7wcFws2quCS6/5hxFe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T140E3CF5A51C9C73BC2F8473ABC452C5BF22C71A9A6F0470B1B449F62BDFB69D4623221
sha3_384: 118ed5263f9ab81e0464c9dbc28582000c9d50a1e8800b8d34f46dfbbd1807e4346a2848c7e372c7c66e9edfabe82242
ep_bytes: 558bec83c4e08d4de8518d45ec505152
timestamp: 2006-07-22 10:33:44


Version Info:

0: [No Data]

ML/PE-A + Mal/Zbot-AV also known as:

BkavW32.AIDetect.malware1
LionicHacktool.Win32.Krap.x!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Dreidel.iqW@xODcRkkc
FireEyeGeneric.mg.c84d2203cf456996
McAfeeArtemis!C84D2203CF45
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.924590
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
AlibabaTrojanPSW:Win32/Kryptik.67a319de
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.3cf456
ArcabitTrojan.Mint.Dreidel.ED84B8
VirITTrojan.Win32.Panda.OT
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.JMH
APEXMalicious
Paloaltogeneric.ml
KasperskyPacked.Win32.Krap.ae
BitDefenderGen:Heur.Mint.Dreidel.iqW@xODcRkkc
NANO-AntivirusTrojan.Win32.Zbot.cwqwr
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
AvastWin32:Trojan-gen
TencentWin32.Trojan.Zbot.Kush
Ad-AwareGen:Heur.Mint.Dreidel.iqW@xODcRkkc
EmsisoftGen:Heur.Mint.Dreidel.iqW@xODcRkkc (B)
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
DrWebTrojan.PWS.Panda.383
VIPREPacked.Win32.PWSZbot.gen (v)
TrendMicroTROJ_SPYEYE.SMEP
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
SophosML/PE-A + Mal/Zbot-AV
IkarusTrojan.Win32.Spyeye
JiangminTrojan/Generic.dovr
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan[Packed]/Win32.Krap
KingsoftWin32.Troj.Krap.ae.(kcloud)
MicrosoftPWS:Win32/Zbot.gen!Y
ZoneAlarmPacked.Win32.Krap.ae
GDataGen:Heur.Mint.Dreidel.iqW@xODcRkkc
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R2835
Acronissuspicious
BitDefenderThetaAI:Packer.F26570F31F
ALYacGen:Heur.Mint.Dreidel.iqW@xODcRkkc
MAXmalware (ai score=100)
VBA32Trojan.Insider.xh
TrendMicro-HouseCallTROJ_SPYEYE.SMEP
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.GenAsa!6sMquxdnKWw
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptic!tr
AVGWin32:Trojan-gen
PandaBck/Qbot.AO
CrowdStrikewin/malicious_confidence_100% (W)

How to remove ML/PE-A + Mal/Zbot-AV?

ML/PE-A + Mal/Zbot-AV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment