Spy Trojan

Trojan-Spy.Win32.Zbot.sbcm (file analysis)

Malware Removal

The Trojan-Spy.Win32.Zbot.sbcm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan-Spy.Win32.Zbot.sbcm virus can do?

  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan-Spy.Win32.Zbot.sbcm?


File Info:

name: C971C49A6519EA48D478.mlw
path: /opt/CAPEv2/storage/binaries/56a8659087d1fc46150883cb8f9dbc657b8b874a08d1717600a74504c0d0d3d7
crc32: 4A5DEE5C
md5: c971c49a6519ea48d47823cce435d13c
sha1: 2fcba2a35896a0c0d56311892ffe2c9210bc1ea9
sha256: 56a8659087d1fc46150883cb8f9dbc657b8b874a08d1717600a74504c0d0d3d7
sha512: 19edf6933e28092a0fd96df0883a8b93f58b7a127a9e463c162483bab36166bb35f006f306f3267edb0290b7842732905f82eb6ce44ea6434bd3ed052b999289
ssdeep: 384:MUJ8OPegdcntQWRRsy13vfdHldhwLGEGi+OGa0MF:daXthRD13vfdHldhwyEr+OGa0MF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T121C2B862F6848CD8D46316B4D87ACF1165677E1A04B38D1DABAF328665B33C254B3B0F
sha3_384: 2da00158beec2bd7c0c843bbfb6f96c15c1deeacb4fcff7220e170de7232b80d7a33c5affd8b34b4d69e2d5b1e630604
ep_bytes: 6a00e89d0b0000a310314000e88d0b00
timestamp: 2014-05-21 10:54:01

Version Info:

0: [No Data]

Trojan-Spy.Win32.Zbot.sbcm also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Trojan.Ipatre.1
ClamAVWin.Downloader.Upatre-9966873-0
FireEyeGeneric.mg.c971c49a6519ea48
ALYacGen:Trojan.Ipatre.1
CylanceUnsafe
VIPREGen:Trojan.Ipatre.1
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 0040f8431 )
K7GWTrojan-Downloader ( 0040f8431 )
Cybereasonmalicious.a6519e
BaiduWin32.Trojan-Downloader.Waski.a
CyrenW32/S-94becf64!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/TrojanDownloader.Waski.E
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Spy.Win32.Zbot.sbcm
BitDefenderGen:Trojan.Ipatre.1
NANO-AntivirusTrojan.Win32.Zbot.cyusur
AvastWin32:TrojanX-gen [Trj]
TencentTrojan-Downloader.Win32.Upatre.we
Ad-AwareGen:Trojan.Ipatre.1
TACHYONTrojan-Spy/W32.ZBot.27648.R
SophosML/PE-A + Mal/Zbot-RJ
ComodoTrojWare.Win32.TrojanDownloader.Waski.E@5ag7i4
DrWebTrojan.DownLoad3.33216
TrendMicroTROJ_GEN.R002C0DI222
McAfee-GW-EditionDownloader-FBVU!B5ED9CE8EEFC
Trapminemalicious.high.ml.score
EmsisoftGen:Trojan.Ipatre.1 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.1RU97SN
JiangminTrojanSpy.Zbot.eedu
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.5125
ArcabitTrojan.Ipatre.1
MicrosoftTrojan:Win32/Waski.E!MTB
GoogleDetected
AhnLab-V3Trojan/Win32.Zbot.R107311
McAfeeArtemis!C971C49A6519
MAXmalware (ai score=80)
VBA32SScope.Trojan-Downloader.1454
MalwarebytesTrojan.Email.FakeDoc
TrendMicro-HouseCallTROJ_GEN.R002C0DI222
RisingTrojan.DL.Win32.Upatre.aaa (CLASSIC)
IkarusTrojan-Downloader.Win32.Upatre
FortinetW32/Waski.E!tr
BitDefenderThetaGen:NN.ZexaF.34606.auW@aGMFhPni
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Trojan-Spy.Win32.Zbot.sbcm?

Trojan-Spy.Win32.Zbot.sbcm removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment