Malware

What is “Troj/Zbot-PQI”?

Malware Removal

The Troj/Zbot-PQI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Zbot-PQI virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Zbot-PQI?



File Info:

name: 9392F100C7EE0773FE58.mlw
path: /opt/CAPEv2/storage/binaries/4d5b8592574b94f5202daa9227ca3e236e7dac23bc4b038cfd68db2f75dd6663
crc32: 8A30D23E
md5: 9392f100c7ee0773fe58a6f6ac2de1ad
sha1: d6df5e718c1beeb3f1b1e2ee2ee4be0bb54f6c66
sha256: 4d5b8592574b94f5202daa9227ca3e236e7dac23bc4b038cfd68db2f75dd6663
sha512: 23cd5a662eef6befcdc7ec0f7bf4e573d3778936e627c34c05d5e0d38a64eb0a22a82fcd18445fa85fa84cafe0d8462b4f9cce3efee7ec3179ee9ff090da455d
ssdeep: 768:xW9+F8BPtElggggggLvggggggggUaocdF+qqPbNMugJrp04dAU:ekoqzqTNMDVpLB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E6337C382AD51572E37B8EB585F151CEB96DBC1339035C4E4072F3450AB3BD2ADA191E
sha3_384: 29ce4a87433d542c8b1d8d2310eafa6c29b18918fd7265abf67618b52e69335cb6f66872bf9c77dee0af93833618e065
ep_bytes: 558bec6aff68b8324000680010400064
timestamp: 1992-05-31 15:52:29


Version Info:

CompanyName: Juice
FileDescription: Juice proged
FileVersion: Version 2.1.1
InternalName: Juice
LegalCopyright: Copyright by Sego© 
OriginalFilename: iJuice
Translation: 0x0409 0x04e3

Troj/Zbot-PQI also known as:

BkavW32.FamVT.GeND.Trojan
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.7586
MicroWorld-eScanTrojan.Ppatre.Gen.1
ClamAVWin.Malware.Upatre-9848438-0
FireEyeGeneric.mg.9392f100c7ee0773
McAfeeDownloader-FAGS!9392F100C7EE
MalwarebytesWaski.Trojan.Downloader.DDS
VIPRETrojan.Ppatre.Gen.1
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0052964f1 )
AlibabaRansom:Win32/Cryptodef.be7f8d3a
K7GWTrojan ( 0052964f1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.36196.dq2@amcHZdhi
VirITTrojan.Win32.Panda.LFU
CyrenW32/Upatre.OI.gen!Eldorado
SymantecSMG.Heur!gen
tehtrisGeneric.Malware
ESET-NOD32Win32/TrojanDownloader.Waski.A
ZonerTrojan.Win32.25356
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Cryptodef.zv
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.Cryptodef.ddoxyv
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Downloader.zv
EmsisoftTrojan.Ppatre.Gen.1 (B)
F-SecureTrojan.TR/Kuluoz.lrse
BaiduWin32.Trojan-Downloader.Waski.a
ZillyaTrojan.Cryptodef.Win32.2887
TrendMicroTROJ_UPATRE.SMX2
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.pt
Trapminemalicious.high.ml.score
SophosTroj/Zbot-PQI
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan-Downloader.Upatre.BK
JiangminTrojan/Cryptodef.az
AviraTR/Kuluoz.lrse
MAXmalware (ai score=86)
Antiy-AVLVirus/Win32.Expiro.imp
XcitiumTrojWare.Win32.TrojanDownloader.Waski.DA@5iyglc
ArcabitTrojan.Ppatre.Gen.1
ZoneAlarmTrojan-Ransom.Win32.Cryptodef.zv
MicrosoftTrojan:Win32/Zbot.svfs!MTB
GoogleDetected
AhnLab-V3Trojan/Win.Cryptodef.R415348
Acronissuspicious
VBA32TrojanRansom.Cryptodef
ALYacTrojan.Ppatre.Gen.1
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_UPATRE.SMX2
RisingDownloader.Waski!1.A489 (CLASSIC)
YandexTrojan.GenAsa!e4l/xyQI0s0
IkarusTrojan.Win32.Bublik
FortinetW32/Waski.A!tr.dldr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.0c7ee0
DeepInstinctMALICIOUS

How to remove Troj/Zbot-PQI?

Troj/Zbot-PQI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment