Trojan.Spy.ZBot.KH (file analysis)

The Trojan.Spy.ZBot.KH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Spy.ZBot.KH virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan.Spy.ZBot.KH?


File Info:
name: AC7323F778244063EFF7.mlw
path: /opt/CAPEv2/storage/binaries/2bcdfea848204bbd00f6fe942246089076bc3e72ae182977ee48e0683439b6f4
crc32: 7335593D
md5: ac7323f778244063eff71cfa1a2bcecf
sha1: ee6bbae63aee87a7118eafe748fc369490e2fe48
sha256: 2bcdfea848204bbd00f6fe942246089076bc3e72ae182977ee48e0683439b6f4
sha512: eca11a63462b89b76dd88d3c61a6bf81db1d4dd8ac8a578917ef7cd8ddb40a4a56dd23a9689d9dc744716609ff1256169641384597decbb8ef9db9958a47eb7d
ssdeep: 1536:bH/eE3ow3VYglD9VPvsexxOCuQ8n2WIhYC3wlVM7GA8:zYE3VjxFcVM7t8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T182338E927BD0FCB1DD624930A3547B7363BFF8304E661C0783A40D895AB99938627B5B
sha3_384: 8d25489bae45b403d48b50f5c5c2ea76ece67fba51ecc978f5514f6c9171cd1122232515b11e043851c50619efc52198
ep_bytes: 00009d774000670000009d7740006500
timestamp: 2007-04-02 14:19:08

Version Info:
0: [No Data]

Trojan.Spy.ZBot.KH also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Panda.4
MicroWorld-eScan	Trojan.Spy.ZBot.KH
FireEye	Generic.mg.ac7323f778244063
McAfee	GenericRXRO-DF!AC7323F77824
Malwarebytes	Malware.AI.3115846813
VIPRE	Trojan.Spy.ZBot.KH
BitDefender	Trojan.Spy.ZBot.KH
Cybereason	malicious.778244
BitDefenderTheta	Gen:NN.ZexaF.34698.dqW@aiHCsLh
Cyren	W32/Zbot.UUFM-8555
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Spy.Zbot.JF
ClamAV	Win.Malware.Zbot-9951823-0
Avast	Sf:Zbot-JD [Trj]
Rising	Spyware.Zbot!8.16B (TFE:1:qhTjhnXlN6O)
Ad-Aware	Trojan.Spy.ZBot.KH
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.Spy.Zbot.ABA@1pe611
McAfee-GW-Edition	BehavesLike.Win32.Generic.qh
Trapmine	malicious.moderate.ml.score
Emsisoft	Trojan.Spy.ZBot.KH (B)
Google	Detected
Avira	TR/Spy.Zbot.dyy
MAX	malware (ai score=88)
Microsoft	Trojan:Win32/Zbot.GTT!MTB
GData	Trojan.Spy.ZBot.KH
Cynet	Malicious (score: 100)
AhnLab-V3	Spyware/Win32.Zbot.C169793
ALYac	Trojan.Spy.ZBot.KH
Cylance	Unsafe
APEX	Malicious
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Wsnpoem.EL!tr
AVG	Sf:Zbot-JD [Trj]
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Trojan.Spy.ZBot.KH?

Trojan.Spy.ZBot.KH removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X