Malware

What is “PWS:Win32/Zbot.M”?

Malware Removal

The PWS:Win32/Zbot.M is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PWS:Win32/Zbot.M virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine PWS:Win32/Zbot.M?



File Info:

name: 6240E914F42AC31DEBB5.mlw
path: /opt/CAPEv2/storage/binaries/8c3d300792e1bc9ab41afb7322a7699dfab620f42a46caa660cfd6856e9d1f05
crc32: EB2F3034
md5: 6240e914f42ac31debb55269bf39deb3
sha1: 154507b0e647b75e3009b456f93ba42394f5945a
sha256: 8c3d300792e1bc9ab41afb7322a7699dfab620f42a46caa660cfd6856e9d1f05
sha512: 30ee36a2cca033b1a8bf1735d5dd739f598643c5e1792c05dc45f5442695e4b227b891bc85bf793e2d021002a52b9ff43f9e5c54c7ac1268efb4690b158e51b5
ssdeep: 12288:iuyyoRb9zGEVTnHK+s1Cfj7KzlLZq0wdaD9Qf3BG:UyoRRfnHKjCb7UlLJD9QfBG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11F942257E72ED722E4A790B4A134E63884E5F0773F16464BF193216E0FCB2133CA6A95
sha3_384: 50fe4508d95e0664976059a9afadbb01e6f4a3d88c7cf8d643a8b8c6f4560709f83c7f2ed4b5ed18db149aa2553c9aa2
ep_bytes: 5589e583ec1c8d8d59ffffff9c5a89f0
timestamp: 2009-04-23 17:49:54


Version Info:

0: [No Data]

PWS:Win32/Zbot.M also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.114
MicroWorld-eScanGen:Trojan.Heur.GM.1040804800
FireEyeGeneric.mg.6240e914f42ac31d
ALYacGen:Trojan.Heur.GM.1040804800
CylanceUnsafe
VIPRETrojan-Spy.Win32.Zbot.gen (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusSpyware ( 0055e3db1 )
AlibabaTrojanPSW:Win32/EncPk.2e2066e2
K7GWSpyware ( 0055e3db1 )
Cybereasonmalicious.4f42ac
BitDefenderThetaAI:Packer.EB7A03D61D
VirITTrojan.Win32.ZBot.CV
CyrenW32/Zbot.O.gen!Eldorado
SymantecInfostealer
ESET-NOD32Win32/Spy.Zbot.PF
TrendMicro-HouseCallTSPY_ZBOT.AUH
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-155158
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Trojan.Heur.GM.1040804800
NANO-AntivirusTrojan.Win32.Zbot.hglb
AvastWin32:Zbot-BEJ [Trj]
RisingSpyware.Zbot!8.16B (CLOUD)
Ad-AwareGen:Trojan.Heur.GM.1040804800
SophosMal/Generic-S + Mal/EncPk-HZ
ComodoTrojWare.Win32.Spy.Zbot.SOT@1fhkhu
ZillyaTrojan.Zbot.Win32.104
TrendMicroTSPY_ZBOT.AUH
McAfee-GW-EditionBehavesLike.Win32.VirRansom.gc
EmsisoftGen:Trojan.Heur.GM.1040804800 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Heur.GM.1040804800
JiangminTrojanSpy.Zbot.htb
WebrootW32.InfoStealer.Zeus
AviraTR/Spy.Zbot.66560
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.CEF8F
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot.M
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.C88856
Acronissuspicious
McAfeeSpy-Agent.du
TACHYONTrojan-Spy/W32.ZBot.448000.D
VBA32Malware-Cryptor.Win32.Vals.22
APEXMalicious
TencentMalware.Win32.Gencirc.10b89527
YandexTrojan.GenAsa!W7X5iEyrg3o
IkarusTrojan-Spy.Win32.Zbot
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Kryptik.HZ!tr
AVGWin32:Zbot-BEJ [Trj]
PandaW32/Sinowal.WER.worm
CrowdStrikewin/malicious_confidence_100% (W)

How to remove PWS:Win32/Zbot.M?

PWS:Win32/Zbot.M removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment