The ML/PE-A + Mal/Zbot-IM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
Gridinsoft Anti-Malware
Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
What ML/PE-A + Mal/Zbot-IM virus can do?
- Behavioural detection: Executable code extraction – unpacking
- Yara rule detections observed from a process memory dump/dropped files/CAPE
- Creates RWX memory
- Enumerates running processes
- CAPE extracted potentially suspicious content
- Unconventionial language used in binary resources: Arabic (Tunisia)
- The binary likely contains encrypted or compressed data.
- Authenticode signature is invalid
- Deletes its original binary from disk
- Creates a copy of itself
- Anomalous binary characteristics
How to determine ML/PE-A + Mal/Zbot-IM?
File Info:
name: 9774E2E4CD4FDFC74262.mlwpath: /opt/CAPEv2/storage/binaries/0bfb42b4d6bb846d0ce3f30055c119d3304609b89039aa42eb51ad8885ef0284crc32: 31C11BDBmd5: 9774e2e4cd4fdfc742627dd6915cecafsha1: 8277daba2c272b7d6689867e2ee0aee7627a3769sha256: 0bfb42b4d6bb846d0ce3f30055c119d3304609b89039aa42eb51ad8885ef0284sha512: a528ba683a5637e16f325c666dcbff57206a28a05c4c8c9264b24cd6f2b7125d6f49b2ac8e3837a844af0f0696d8a887df5f9bd8b9e2da96e882c27b07b35440ssdeep: 384:sL6jh+Y1wy07bQgZ5lSEdM10F6d5MwORzd3Eqj:sL6jh+97bdhxodwXBtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T115925DD1BD6C15B5F5AE03B66AE25E1B4DB1716400BA8690CBD4123A2ADFED4FC31B03sha3_384: 04e13f613c8649c9c8b9331904838ba09c6555685b4d04d45e58dcf6e0da12ef58d0bad58ac27cc3690d41de667aa453ep_bytes: 9f68ffb38ce998660fbedb64a1300000timestamp: 2005-03-09 10:53:36Version Info:
CompanyName: †SOFTWIN鼜갤䉓魗㱕៚䨩矧儥퍹ꌦ뇹㛌䌋뤖㶰䀱쮿合鱴謕ẉ渲沬釄⺁ᔟ䵳盇抝谣䌊쐼Ǔ骞Ὁၹ퀾䴮貖茜틚违衜憅ᰉ墾糽재鹅欄혝봮蝲きꥼᎷꠤ똸㖀테ぅ껬캀ꅽ췓奔來쨐ꥸ㚮ude12⫢紬鎝鐷硤쐹靱ꬶ⟜䖤諤㚞鲥韍䃠诰렑櫀ᔫ鶸䈆퀭讋꠨뭏ᡃ퐐㺶愲帳쓸흃յ휓䊸秨華懸ɫ栎㉽斔拼ԡ셳丨♡甩ⱊ轎㟚䕛ḧʖ퍌첡䐅쾆鞹鼠춖뜷雷സ辊べ餽ἣ㲋ꄅ郷ꀭ瓄ᨰ⌫즤聪uda44㔭ᕿ녚欙ዬ췃ഈ苕钇청uda1b槴䵃䜖膺蹚喴ご䋪ᨾᏋ儙娪肳夽짱俧䩽헔첕ፌ拷⼴监䡮藌뾨♉栎뿼鞰嬗Ⱐꉌﴪ뽃顣꿼㹍▂ⶉ䵜㺛㎅脹椱鿤㋄拌罵ud8eb椈峁ⲑᒾ煺ﷻ꜓ዄ왚ꮍꔜ徨脨ﯙ诲後霍⁌Ǽ뙼烆穝ꔭ嫻䃎ᄁ앟岡蓠ᶹ悂極慃⢾쏩봪柠峲ᱠ鶛థ欩궻狷吇햊닖ੂ驫ೃඪ꺳ƒ竄澭鿮㾑呌佥䥭姇ᜇ쪪흋찒幛᾽ꢔ焨螷潰鰜ꈍ≷ud85f⧪삍しud934䠹ﳏ㙸ԁ瓴⏲ধ팃ꏃ͏劘ṯ媎⫮࣍鹞쫆볠阸搒udf9a䶎ꭖⵎ匤镴:
ML/PE-A + Mal/Zbot-IM also known as:
| Lionic | Trojan.Win32.AntiAV.4!c |
| Elastic | malicious (high confidence) |
| DrWeb | Trojan.Siggen2.2443 |
| MicroWorld-eScan | Gen:Variant.Zbot.10 |
| FireEye | Generic.mg.9774e2e4cd4fdfc7 |
| ALYac | Gen:Variant.Zbot.10 |
| Cylance | Unsafe |
| VIPRE | Trojan.Win32.Zbot.im (v) |
| Sangfor | Trojan.Win32.Crypt.XPACK |
| K7AntiVirus | Trojan ( 001b96441 ) |
| Alibaba | Trojan:Win32/Kryptik.8ed7281f |
| K7GW | Trojan ( 001b96441 ) |
| Cybereason | malicious.4cd4fd |
| BitDefenderTheta | Gen:NN.ZexaF.34232.b00@aOpWLinG |
| Cyren | W32/FakeAlert.OG.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win32/Kryptik.ERB |
| TrendMicro-HouseCall | TSPY_ZBOT.SMZF |
| Paloalto | generic.ml |
| Cynet | Malicious (score: 100) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| BitDefender | Gen:Variant.Zbot.10 |
| NANO-Antivirus | Trojan.Win32.AntiAV.qqmzt |
| Avast | Win32:MalOb-CK [Cryp] |
| Tencent | Win32.Trojan.Generic.Htvo |
| Ad-Aware | Gen:Variant.Zbot.10 |
| Sophos | ML/PE-A + Mal/Zbot-IM |
| Comodo | Packed.Win32.Krap.hd@2nkc7n |
| TrendMicro | TSPY_ZBOT.SMZF |
| McAfee-GW-Edition | BehavesLike.Win32.ZBot.lt |
| Emsisoft | Gen:Variant.Zbot.10 (B) |
| Ikarus | Packer.Win32.Krap |
| GData | Gen:Variant.Zbot.10 |
| Jiangmin | Trojan.Generic.hfebi |
| Avira | TR/Crypt.XPACK.Gen2 |
| Antiy-AVL | Trojan/Generic.ASMalwS.AEC06B |
| Kingsoft | Win32.Troj.Undef.(kcloud) |
| Gridinsoft | Ransom.Win32.Zbot.sa |
| Arcabit | Trojan.Zbot.10 |
| Microsoft | Trojan:Win32/Tiggre!rfn |
| Acronis | suspicious |
| McAfee | PWS-Zbot.gen.avx |
| MAX | malware (ai score=100) |
| VBA32 | Trojan.Zeus.EA.01000 |
| APEX | Malicious |
| Rising | Trojan.Win32.Generic.1252497F (C64:YzY0OlWWx0WAjPEn) |
| Yandex | Trojan.Kryptik!vgVJSTV4nlU |
| SentinelOne | Static AI – Malicious PE |
| MaxSecure | Trojan.Malware.4312652.susgen |
| Fortinet | W32/ZBOT.SMZF!tr |
| Webroot | W32.Trojan.Gen |
| AVG | Win32:MalOb-CK [Cryp] |
| Panda | Generic Malware |
| CrowdStrike | win/malicious_confidence_100% (W) |
How to remove ML/PE-A + Mal/Zbot-IM?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment