Spy Trojan

Trojan.Spy.Zbot.FOF information

Malware Removal

The Trojan.Spy.Zbot.FOF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Spy.Zbot.FOF virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to identify installed AV products by registry key

How to determine Trojan.Spy.Zbot.FOF?



File Info:

name: 2D4C75703EA65FCD8E37.mlw
path: /opt/CAPEv2/storage/binaries/fafb7422f7f6d577030d7c12d91142914734137e283ff76df336be3989dde348
crc32: D9872F76
md5: 2d4c75703ea65fcd8e37df1db25aa862
sha1: 0a621e31b72320ba367bad9cbc3ff8bf0ca11583
sha256: fafb7422f7f6d577030d7c12d91142914734137e283ff76df336be3989dde348
sha512: 33e3b9cb30fd45560a806bea721f642c5c9cf5b8739d7e6222053f57ab4fa8791d2e70772face5d27b17aed240657d74d8bc12a033a2e0b45f3fc7466dbc6440
ssdeep: 6144:KsXeMUkYZkDX+ii/JvvD3b+e3tWnOahz7ms48BhvCO:pOzksk74Bv7rdOFM8T
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A154123B3092B687EFD589B2161290EC9B85DB62119F978F0CC80F1ADD53256CB325DE
sha3_384: ae5ca9b45ed219d6b92f565bed16146f90d13a1297fdf4854e151693a2f2aa163211a861900ff67b11fc774751df685c
ep_bytes: 558bec6aff68a0ab400068908d400064
timestamp: 1992-06-08 07:06:30


Version Info:

Comments: LazUI
CompanyName: Carbonite, Inc.
FileDescription: cANlue
FileVersion: 55, 0, 0, 3
InternalName: AGZD
LegalCopyright: Copyright © 2017
LegalTrademarks: 
OriginalFilename: inaViH6 dljGIo
PrivateBuild: 
ProductName: oo5LYnJY E0L
ProductVersion: 3, 0, 0, 22
SpecialBuild:

Trojan.Spy.Zbot.FOF also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.m1Ua
MicroWorld-eScanTrojan.Spy.Zbot.FOF
ClamAVWin.Trojan.Zbot-61544
FireEyeGeneric.mg.2d4c75703ea65fcd
CAT-QuickHealTrojanpws.Zbot.28799
ALYacTrojan.Spy.Zbot.FOF
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.169525
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 004b02be1 )
K7GWTrojan ( 004b02be1 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Trojan.Kryptik.hx
VirITTrojan.Win32.Zyx.AHR
CyrenW32/Skintrim.1!Generic
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Spy.Zbot.ABP
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Spy.Win32.Zbot.sbkt
BitDefenderTrojan.Spy.Zbot.FOF
NANO-AntivirusTrojan.Win32.TrjGen.diaxbr
SUPERAntiSpywareTrojan.Agent/Gen-Skintrim
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b079f3
Ad-AwareTrojan.Spy.Zbot.FOF
TACHYONTrojan-Spy/W32.ZBot.288731
EmsisoftTrojan.Spy.Zbot.FOF (B)
ComodoTrojWare.Win32.PSW.Zbot.GSB@5h3b4u
DrWebTrojan.Siggen6.22973
VIPRETrojan.Spy.Zbot.FOF
McAfee-GW-EditionPWSZbot-FAFF!2D4C75703EA6
Trapminemalicious.moderate.ml.score
SophosML/PE-A + Troj/Wonton-JF
IkarusTrojan-Spy.Agent
GDataTrojan.Spy.Zbot.FOF
JiangminTrojanSpy.Zbot.egig
WebrootTrojan.Dropper.Gen
AviraTR/PSW.Zbot.gsbee
Antiy-AVLTrojan/Generic.ASMalwS.31
KingsoftWin32.Troj.Zbot.sb.(kcloud)
ArcabitTrojan.Spy.Zbot.FOF
MicrosoftPWS:Win32/Zbot
GoogleDetected
AhnLab-V3HEUR/UnSec.X1469
McAfeePWSZbot-FAFF!2D4C75703EA6
MAXmalware (ai score=87)
VBA32BScope.Trojan.Waldek
RisingTrojan.Spy.Win32.Zbot.hdz (CLASSIC)
YandexTrojanSpy.Zbot!eGcvpBQ/lKY
SentinelOneStatic AI – Malicious PE
FortinetW32/Yakes.GAKM!tr
BitDefenderThetaGen:NN.ZexaF.34646.rq3@aya2FFiI
AVGWin32:Malware-gen
Cybereasonmalicious.03ea65
PandaTrj/Genetic.gen

How to remove Trojan.Spy.Zbot.FOF?

Trojan.Spy.Zbot.FOF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment