Malware

ML/PE-A + Troj/Zbot-KDF removal

Malware Removal

The ML/PE-A + Troj/Zbot-KDF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Troj/Zbot-KDF virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine ML/PE-A + Troj/Zbot-KDF?



File Info:

name: 7F5CF566AD89CE139C9A.mlw
path: /opt/CAPEv2/storage/binaries/ef681b2780fb35649a2ddab37e60656eb899a65abd4687e3b2502ac4b198baa9
crc32: 97CD4340
md5: 7f5cf566ad89ce139c9a4be589d92c81
sha1: 82c27d38d52463acec088abd5e9454e569952b3e
sha256: ef681b2780fb35649a2ddab37e60656eb899a65abd4687e3b2502ac4b198baa9
sha512: 927700acef4ba8556a3e87f8663c215ad13ea5f6118e06d2b29045bd302640237a8d4bb58c1b69f41a314a791add92dd7c3e207dc95d67c23fc8b9bf75790fe9
ssdeep: 12288:28UGseyj8UKZJN92Yk3JX1TtmPEgcDHeejj:NAKZJNYYkHtCEaIj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BAE48CE739F1807BD67201744E957B78A6EBDA500F227AD32389878D5E35CC24B36236
sha3_384: 3131a45b42d6fb6d83fdbebb45a8ae5aa344f732d8dd2bb1669f9d07125a77a6fe8c54672ad408da2a414149d024a200
ep_bytes: 558bec6aff68088d470068b810410064
timestamp: 2015-08-30 19:42:50


Version Info:

CompanyName: Simon Tatham
ProductName: PuTTY suite
FileDescription: SSH, Telnet and Rlogin client
InternalName: PuTTY
OriginalFilename: PuTTY
FileVersion: Release 0.64
ProductVersion: Release 0.64
LegalCopyright: Copyright © 1997-2015 Simon Tatham.
Translation: 0x0809 0x04b0

ML/PE-A + Troj/Zbot-KDF also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.BPAZ
FireEyeGeneric.mg.7f5cf566ad89ce13
McAfeePWSZbot-FAKV!7F5CF566AD89
CylanceUnsafe
ZillyaTrojan.Yakes.Win32.38479
CrowdStrikewin/malicious_confidence_80% (W)
K7GWTrojan ( 004cec631 )
K7AntiVirusTrojan ( 004cec631 )
BitDefenderThetaGen:NN.ZexaF.34294.Qy0@aaGcYxqj
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Injector.CHVM
APEXMalicious
ClamAVWin.Dropper.Gh0stRAT-6992354-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Agent.BPAZ
NANO-AntivirusTrojan.Win32.Yakes.dvwxuw
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b28989
Ad-AwareTrojan.Agent.BPAZ
SophosML/PE-A + Troj/Zbot-KDF
ComodoTrojWare.Win32.Dynamer.AS@60elso
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_INJECTOR_EK0404FE.UVPM
McAfee-GW-EditionPWSZbot-FAKV!7F5CF566AD89
EmsisoftTrojan.Agent.BPAZ (B)
JiangminTrojan.Generic.esyvx
WebrootW32.Gen.BT
AviraTR/AD.CeeInject.neyzo
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.14009E3
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Bulta!rfn
GDataTrojan.Agent.BPAZ
CynetMalicious (score: 100)
VBA32Trojan.Yakes
ALYacTrojan.Agent.BPAZ
MalwarebytesTrojan.Bunitu.ED
TrendMicro-HouseCallTROJ_INJECTOR_EK0404FE.UVPM
RisingTrojan.Generic@ML.98 (RDML:NIJ62yiB0yrUN7MY1aJjTw)
YandexTrojan.GenAsa!kKe9y6fX6qI
IkarusTrojan.Win32.Injector
FortinetW32/Injector.CGQK!tr
AVGWin32:Malware-gen
Cybereasonmalicious.6ad89c
PandaTrj/Genetic.gen
MaxSecureTrojan.Malware.300983.susgen

How to remove ML/PE-A + Troj/Zbot-KDF?

ML/PE-A + Troj/Zbot-KDF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment