Spy Trojan

What is “Trojan-Spy.Win32.Zbot.zsfn”?

Malware Removal

The Trojan-Spy.Win32.Zbot.zsfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.Win32.Zbot.zsfn virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Created a process from a suspicious location
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan-Spy.Win32.Zbot.zsfn?



File Info:

name: 03D6C9C8820DCFACE6ED.mlw
path: /opt/CAPEv2/storage/binaries/0997ed6e3b10ab9715b698bf8f5ad21f3e65bd3f332aebaeffe535d60a6f1418
crc32: 471EBD48
md5: 03d6c9c8820dcface6ed9fc8afab2638
sha1: 2623a06137f05e98b2157a00214692115ba457f5
sha256: 0997ed6e3b10ab9715b698bf8f5ad21f3e65bd3f332aebaeffe535d60a6f1418
sha512: ada30013dec5c267e59baa7eb1e7aaf89189a284928534cc53a6984c8066b0bb14a5519ff0bf5867258bd9e3bcde1955e2ed0ad3633ac587cc40d9d9717a3248
ssdeep: 96:xQ/yyYKtUsxY4WQBtgDuAnQWRIUF2C6f32StXjee1Jau1z3HTRk7lbwkZb1bcUeE:Hym8TSrQWRIc+v2StX17jNkwc1Cqy/gT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F922A63C5ED55972D3BBDABA89F685C6BE75B02336028C5E50EB03840C63F13AD9261D
sha3_384: 25f3db6464fc46b56e88cebbc575b34a50e6cdc37c2fac9bdfa181205168a6c609beb5b798952049603a947b3af2d460
ep_bytes: 558bec81ec3808000053565733db53ff
timestamp: 2013-12-02 15:44:08


Version Info:

0: [No Data]

Trojan-Spy.Win32.Zbot.zsfn also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Zbot.tqYP
Elasticmalicious (high confidence)
DrWebTrojan.DownLoad3.28161
MicroWorld-eScanTrojan.Ppatre.Gen.1
FireEyeGeneric.mg.03d6c9c8820dcfac
McAfeeDownloader-FML!03D6C9C8820D
CylanceUnsafe
ZillyaDownloader.SmallGen.Win32.2
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 0048f6391 )
AlibabaMalware:Win32/km_2c98.None
K7GWTrojan-Downloader ( 0048f6391 )
Cybereasonmalicious.8820dc
BitDefenderThetaGen:NN.ZexaF.34182.auX@ayIbTQni
CyrenW32/S-654ac031!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrojanDownloader.Waski.A
TrendMicro-HouseCallTROJ_UPATRE.SM37
Paloaltogeneric.ml
ClamAVWin.Packed.Upatre-7168611-0
KasperskyTrojan-Spy.Win32.Zbot.zsfn
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.DownLoad.cqofta
AvastWin32:Waski-A [Trj]
RisingSpyware.Zbot!8.16B (CLOUD)
EmsisoftTrojan.Ppatre.Gen.1 (B)
ComodoTrojWare.Win32.TrojanDownloader.Waski.AQ@7t0jau
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionBehavesLike.Win32.Generic.zt
SophosML/PE-A + Mal/EncPk-ACO
IkarusTrojan-Downloader.Win32.Upatre
JiangminTrojanDownloader.Upatre.aerk
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan/Win32.SGeneric
MicrosoftTrojan:Win32/Waski.A!MTB
ZoneAlarmTrojan-Spy.Win32.Zbot.zsfn
GDataTrojan.Ppatre.Gen.1
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Upatre.R282018
VBA32Trojan.Agent
ALYacTrojan.Ppatre.Gen.1
TACHYONTrojan-Spy/W32.ZBot.10124.B
MalwarebytesMalware.AI.54078347
APEXMalicious
TencentMalware.Win32.Gencirc.10b0ccab
YandexTrojan.GenAsa!Iaz+na8i5c0
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_97%
FortinetW32/Waski.A!tr
AVGWin32:Waski-A [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan-Spy.Win32.Zbot.zsfn?

Trojan-Spy.Win32.Zbot.zsfn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment