Spy Trojan

Trojan-Spy.Win32.Zbot.ahkp removal instruction

Malware Removal

The Trojan-Spy.Win32.Zbot.ahkp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.Win32.Zbot.ahkp virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid

How to determine Trojan-Spy.Win32.Zbot.ahkp?



File Info:

name: 6C4225F36732FE88F70E.mlw
path: /opt/CAPEv2/storage/binaries/35c7917582bbb21121d5ff6fefc27c0756e487e89c196d58690cdf10801b8d07
crc32: 0E595511
md5: 6c4225f36732fe88f70e5d0ab9a8d040
sha1: b35ab6a06ea2ebc2d549cc3f6348fcc676fc39dc
sha256: 35c7917582bbb21121d5ff6fefc27c0756e487e89c196d58690cdf10801b8d07
sha512: 12304c4ea0666c20b82bd209e951f327b897843087cbbbd922d4a018609745e6cd44d3ef1fbd006741787972b2806fdce66c6f9c20d3cc60d9e34acd37ce55d8
ssdeep: 6144:+av8Cou+taeHzIw8rvNlEFrKVg9tTTbUm6KEmvx/l9RQSed3SzA/:+i899t4dTSmVg9tgmpEcRsd/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B284D0035099B85CE120D6787793DE9B67D024EA0439EEE1AD90DDDBC8FE26C319A770
sha3_384: 496bc940049636758530e7b61ffec3101a76018dcda37a9248e7f65680556ea531b93ea47bc87e9c94cb267a49f80146
ep_bytes: 684674336a68e4cfb6a6689bf99af2e8
timestamp: 2005-02-15 21:02:39


Version Info:

CompanyName: йГЗЯрпеарЭГГзсЧКзлЗрЭкььюлЛК
FileDescription: ряшЬоячСЫЛхСщгБюывТглЦаяПщя
FileVersion: ХмРЪлЦрзгщмСЙрЪфвятУяб
InternalName: ЪбймщУаЖчЬхУбХэФжГЯжцэдЦЮун
LegalCopyright: ЮзТгракяЭЭЩхяыеЖФНФхЙф
OriginalFilename: ХгЛРВоювЩСжИдРлГЙКждДВДЭсЯнч
ProductName: ЦбЪязРэЪеГЛъШСраЧЫУщтПбН
ProductVersion: гЙлЫйШчХШдОеъЧУОжЛНЗЫЫсВэРшлщ
Translation: 0x0008 0x0000

Trojan-Spy.Win32.Zbot.ahkp also known as:

LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.6c4225f36732fe88
McAfeeW32/Pinkslipbot.gen.b
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.98885
SangforTrojan.Win32.Zbot.ahkp
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanSpy:Win32/Obfuscator.48c8d626
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.36732f
BitDefenderThetaAI:Packer.D13F27AA1F
VirITTrojan.Win32.Packed.BECL
SymantecW32.Qakbot
ESET-NOD32Win32/Spy.Zbot.JF
TrendMicro-HouseCallBKDR_QAKBOT.SMB
Paloaltogeneric.ml
KasperskyTrojan-Spy.Win32.Zbot.ahkp
BitDefenderGen:Heur.Krypt.28
NANO-AntivirusTrojan.Win32.Zbot.ijadc
MicroWorld-eScanGen:Heur.Krypt.28
APEXMalicious
TencentMalware.Win32.Gencirc.114c0a12
Ad-AwareGen:Heur.Krypt.28
SophosMal/Generic-R + Mal/Qbot-B
ComodoMalCrypt.Indus!@1qrzi1
DrWebTrojan.Packed.20343
VIPRETrojan.Win32.Nedsym.f (v)
TrendMicroBKDR_QAKBOT.SMB
McAfee-GW-EditionBehavesLike.Win32.Worm.fc
EmsisoftGen:Heur.Krypt.28 (B)
SentinelOneStatic AI – Suspicious PE
GDataGen:Heur.Krypt.28
JiangminTrojanSpy.Zbot.acuf
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.94C8F
ZoneAlarmTrojan-Spy.Win32.Zbot.ahkp
MicrosoftPWS:Win32/Zbot.gen!Q
Acronissuspicious
VBA32Trojan.Zeus.EA.0999
ALYacGen:Heur.Krypt.28
PandaTrj/Krapack.gen
RisingTrojan.Win32.Spy.wbb (CLOUD)
YandexTrojan.GenAsa!2ZgCBfeec2I
IkarusTrojan-Spy.Win32.Zbot
FortinetW32/Kryptik.DKU!tr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan-Spy.Win32.Zbot.ahkp?

Trojan-Spy.Win32.Zbot.ahkp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment