Trojan

Trojan.Win32.APosT.jzj removal instruction

Malware Removal

The Trojan.Win32.APosT.jzj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Win32.APosT.jzj virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to remove evidence of file being downloaded from the Internet
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Nanocore RAT
  • CAPE detected the NanoCore malware family
  • Creates a copy of itself
  • Mimics icon used for popular non-executable file format
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Trojan.Win32.APosT.jzj?


File Info:

name: AA6BB8B3DEFE7BD49429.mlw
path: /opt/CAPEv2/storage/binaries/dd1e3daf4cf999944d5087ca1a78e808f98333d13e35666975111b8d90ded32a
crc32: 4881A784
md5: aa6bb8b3defe7bd49429213691fce7aa
sha1: 353b850977ae2ce558c7d9efed05cbe28d43760c
sha256: dd1e3daf4cf999944d5087ca1a78e808f98333d13e35666975111b8d90ded32a
sha512: 1a99ee23d6c0a4865549db61366303bec77781e49819d2975991bac5723aecd4ee6b57a58671543f57e311459bc9597157f822b4d48d2a8fa361d4a9aa783391
ssdeep: 24576:Ku6Jx3O0c+JY5UZ+XC0kGso/Wa1JLy/wsNT6/mI9sWY:8I0c++OCvkGsUWa/LY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DC55C052A3DDC2E1CE2661B3FE1973426F7B6C314630B4572F982D6DAD62171022DBA3
sha3_384: 3c65cba6abe02cc85dc8194fc7819773967e53a1305fdec787809f255326832f10d2428c99a9e3bac03b656be43bbda9
ep_bytes: e8b5d00000e97ffeffffcccccccccccc
timestamp: 2019-12-06 08:17:02

Version Info:

Translation: 0x0809 0x04b0

Trojan.Win32.APosT.jzj also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.APosT.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader32.41793
MicroWorld-eScanTrojan.GenericKD.32788538
ALYacTrojan.GenericKD.32788538
CylanceUnsafe
VIPREWin32.Malware!Drop
K7AntiVirusTrojan ( 004bebf41 )
AlibabaTrojan:Win32/AutoitU.ali2000008
K7GWTrojan ( 004bebf41 )
Cybereasonmalicious.3defe7
CyrenW32/AutoIt.OW.gen!Eldorado
SymantecPacked.Generic.548
ESET-NOD32MSIL/NanoCore.E
TrendMicro-HouseCallBackdoor.Win32.NANOCORE.TIAOODGA
Paloaltogeneric.ml
ClamAVWin.Packed.Autoit-7441299-0
KasperskyTrojan.Win32.APosT.jzj
BitDefenderTrojan.GenericKD.32788538
NANO-AntivirusTrojan.Win32.NanoCore.gurdwu
AvastOther:Malware-gen [Trj]
TencentWin32.Trojan.Apost.Lnod
Ad-AwareTrojan.GenericKD.32788538
SophosMal/Generic-R + Mal/AuItInj-A
ComodoMalware@#231d6yy2myot6
TrendMicroBackdoor.Win32.NANOCORE.TIAOODGA
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.th
FireEyeGeneric.mg.aa6bb8b3defe7bd4
EmsisoftTrojan.GenericKD.32788538 (B)
IkarusTrojan-Spy.Keylogger.AgentTesla
GDataWin32.Trojan.Agent.KQIPP5
AviraTR/Spy.Autoit.N
MAXmalware (ai score=80)
ArcabitTrojan.Generic.D1F4503A
MicrosoftTrojan:Win32/Skeeyah.A!MTB
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Autoinj05.Exp
McAfeeArtemis!AA6BB8B3DEFE
VBA32Trojan.APosT
MalwarebytesTrojan.MalPack.AutoIt
APEXMalicious
RisingTrojan.Obfus/Autoit!1.C045 (CLASSIC)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.ERP!tr
AVGOther:Malware-gen [Trj]
PandaTrj/WLT.F
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.APosT.jzj?

Trojan.Win32.APosT.jzj removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment