Categories: Malware

About “ML/PE-A + Mal/Zbot-IM” infection

The ML/PE-A + Mal/Zbot-IM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What ML/PE-A + Mal/Zbot-IM virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Enumerates running processes
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Arabic (Tunisia)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Deletes its original binary from disk
Creates a copy of itself
Anomalous binary characteristics

How to determine ML/PE-A + Mal/Zbot-IM?


File Info:
name: 9774E2E4CD4FDFC74262.mlwpath: /opt/CAPEv2/storage/binaries/0bfb42b4d6bb846d0ce3f30055c119d3304609b89039aa42eb51ad8885ef0284crc32: 31C11BDBmd5: 9774e2e4cd4fdfc742627dd6915cecafsha1: 8277daba2c272b7d6689867e2ee0aee7627a3769sha256: 0bfb42b4d6bb846d0ce3f30055c119d3304609b89039aa42eb51ad8885ef0284sha512: a528ba683a5637e16f325c666dcbff57206a28a05c4c8c9264b24cd6f2b7125d6f49b2ac8e3837a844af0f0696d8a887df5f9bd8b9e2da96e882c27b07b35440ssdeep: 384:sL6jh+Y1wy07bQgZ5lSEdM10F6d5MwORzd3Eqj:sL6jh+97bdhxodwXBtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T115925DD1BD6C15B5F5AE03B66AE25E1B4DB1716400BA8690CBD4123A2ADFED4FC31B03sha3_384: 04e13f613c8649c9c8b9331904838ba09c6555685b4d04d45e58dcf6e0da12ef58d0bad58ac27cc3690d41de667aa453ep_bytes: 9f68ffb38ce998660fbedb64a1300000timestamp: 2005-03-09 10:53:36
Version Info:
CompanyName: †SOFTWIN鼜갤䉓魗㱕៚䨩矧儥퍹ꌦ뇹㛌䌋뤖㶰䀱쮿合鱴謕ẉ渲沬釄⺁ᔟ䵳盇抝谣䌊쐼Ǔ骞Ὁၹ᦭퀾䴮貖茜틚违衜憅ᰉ墾糽재鹅欄혝봮꬘蝲きꥼᎷꠤ똸㖀테ぅ껬캀ꅽ췓奔來쨐ꥸ㚮ude12⫢紬঴鎝鐷硤쐹靱ꬶ⟜䖤諤㚞鲥韍䃠诰﯌렑櫀ᔫ鶸䈆퀭讋꠨뭏ᡃ퐐㺶愲帳쓸흃յ휓䊸秨華懸ɫ栎㉽斔拼ԡ셳丨♡甩ⱊ轎㟚䕛ḧʖ퍌첡䐅쾆鞹鼠춖뜷雷സ辊べ餽ἣ㲋ꄅ郷ꀭ瓄ᨰ⌫즤聪uda44㔭ᕿ녚﷪欙ዬ췃ഈ苕钇청uda1b槴䵃䜖膺蹚喴ご䋪ᨾᏋ儙娪肳夽짱俧䩽헔첕ፌ拷⼴监䡮藌뾨♉栎뿼鞰嬗Ⱐ⵾ꉌﴪ뽃顣꿼㹍▂ⶉ䵜﫰㺛㎅脹椱鿤㋄拌罵ud8eb椈峁ⲑᒾ煺ﷻ꜓ዄ왚ꮍꔜ徨脨ﯙ诲後霍⁌Ǽ뙼烆穝ꔭ嫻䃎ᄁ앟岡蓠ᶹ悂﫶極慃⢾쏩봪柠峲ᱠ鶛థ欩궻狷吇햊닖ੂ驫ೃඪ꺳ƒ竄澭鿮㾑呌佥䥭姇ᜇ쪪흋찒幛᾽ꢔ焨螷潰鰜ꈍ≷ud85f⧪삍しud934䠹ﳏ㙸ԁ⻼瓴⏲ধ팃ꏃ﫸͏劘ṯ媎⫮࣍鹞쫆볠阸搒udf9a䶎ꭖⵎ匤镴:

ML/PE-A + Mal/Zbot-IM also known as:

Lionic	Trojan.Win32.AntiAV.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen2.2443
MicroWorld-eScan	Gen:Variant.Zbot.10
FireEye	Generic.mg.9774e2e4cd4fdfc7
ALYac	Gen:Variant.Zbot.10
Cylance	Unsafe
VIPRE	Trojan.Win32.Zbot.im (v)
Sangfor	Trojan.Win32.Crypt.XPACK
K7AntiVirus	Trojan ( 001b96441 )
Alibaba	Trojan:Win32/Kryptik.8ed7281f
K7GW	Trojan ( 001b96441 )
Cybereason	malicious.4cd4fd
BitDefenderTheta	Gen:NN.ZexaF.34232.b00@aOpWLinG
Cyren	W32/FakeAlert.OG.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.ERB
TrendMicro-HouseCall	TSPY_ZBOT.SMZF
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Zbot.10
NANO-Antivirus	Trojan.Win32.AntiAV.qqmzt
Avast	Win32:MalOb-CK [Cryp]
Tencent	Win32.Trojan.Generic.Htvo
Ad-Aware	Gen:Variant.Zbot.10
Sophos	ML/PE-A + Mal/Zbot-IM
Comodo	Packed.Win32.Krap.hd@2nkc7n
TrendMicro	TSPY_ZBOT.SMZF
McAfee-GW-Edition	BehavesLike.Win32.ZBot.lt
Emsisoft	Gen:Variant.Zbot.10 (B)
Ikarus	Packer.Win32.Krap
GData	Gen:Variant.Zbot.10
Jiangmin	Trojan.Generic.hfebi
Avira	TR/Crypt.XPACK.Gen2
Antiy-AVL	Trojan/Generic.ASMalwS.AEC06B
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Ransom.Win32.Zbot.sa
Arcabit	Trojan.Zbot.10
Microsoft	Trojan:Win32/Tiggre!rfn
Acronis	suspicious
McAfee	PWS-Zbot.gen.avx
MAX	malware (ai score=100)
VBA32	Trojan.Zeus.EA.01000
APEX	Malicious
Rising	Trojan.Win32.Generic.1252497F (C64:YzY0OlWWx0WAjPEn)
Yandex	Trojan.Kryptik!vgVJSTV4nlU
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.4312652.susgen
Fortinet	W32/ZBOT.SMZF!tr
Webroot	W32.Trojan.Gen
AVG	Win32:MalOb-CK [Cryp]
Panda	Generic Malware
CrowdStrike	win/malicious_confidence_100% (W)