Categories: Trojan

Trojan.Win32.Pakes.ozs (file analysis)

The Trojan.Win32.Pakes.ozs is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Pakes.ozs virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid

How to determine Trojan.Win32.Pakes.ozs?


File Info:
name: 871145CFBC4DAAC40C63.mlwpath: /opt/CAPEv2/storage/binaries/58fa5f2a2c6cf7d97b338a8239989a81ca0c3bf4f9dee2a33e629433c23d7820crc32: 395AFECFmd5: 871145cfbc4daac40c6354a8d7f4c238sha1: 0313f7a20632d3c568761abecc1ecc6609c6d119sha256: 58fa5f2a2c6cf7d97b338a8239989a81ca0c3bf4f9dee2a33e629433c23d7820sha512: 9eaf119b26d9842ee4b432ae7688292b639d5a4930ce875c5c16c8b81e7ce58b7d439f4eb158adc6b42522ce1739a696a54e42354bed90be716bed7b110d4cb3ssdeep: 3072:oIBmj8j+/7d9cmBTquRB5Z41dkGctB83UqWlY6k5/J:J0wj+zNBlRB5ZudFHk7k7type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T142C312C061E539CAD47048BC7621FFF5EB94A566B80AF2006F5B9BC9DA37DC4D441227sha3_384: fb5277631cac186ea257a9ebc9a463bf06b93124c08062dea8f3ea6d9a4cc218182e5622a7e5de804268970f5e71062eep_bytes: 60be151071008dbeebffceff5783cdfftimestamp: 2007-09-28 16:46:49
Version Info:
CompanyName: Hwvaloami ShidbegFileDescription: Hwvaloami Pombicfucy UplfgokbenFileVersion: 73, 92, 83, 58InternalName: HwvaloamiLegalCopyright: Copyright © Hwvaloami Shidbeg 2003-2010OriginalFilename: Hwvaloami.exeProductName: Hwvaloami Pombicfucy UplfgokbenProductVersion: 4, 112, 21, 96Translation: 0x0409 0x04e4

Trojan.Win32.Pakes.ozs also known as:

Bkav	W32.MosquitoQKK.Fam.Trojan
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.VIZ.2
FireEye	Generic.mg.871145cfbc4daac4
CAT-QuickHeal	Worm.SlenfBot.Gen
McAfee	W32/Pinkslipbot.gen.af
Cylance	Unsafe
Zillya	Trojan.Zbot.Win32.33671
Sangfor	Trojan.Win32.Zbot.ZA
K7AntiVirus	Trojan ( f1000f011 )
Alibaba	TrojanPSW:Win32/Pakes.21ac7463
K7GW	Trojan ( f1000f011 )
Cybereason	malicious.fbc4da
BitDefenderTheta	Gen:NN.ZexaF.34212.hmKfaO9JRaoc
VirIT	Trojan.Win32.Generic.AOCI
Cyren	W32/Zbot.CN.gen!Eldorado
Symantec	W32.Qakbot!gen5
ESET-NOD32	Win32/Spy.Zbot.YW
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Dropper.Zeus-9902088-0
Kaspersky	Trojan.Win32.Pakes.ozs
BitDefender	Gen:Heur.VIZ.2
NANO-Antivirus	Trojan.Win32.Qbot.jgkvo
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Pakes.Dypt
Ad-Aware	Gen:Heur.VIZ.2
Emsisoft	Gen:Heur.VIZ.2 (B)
Comodo	Malware@#3tmvgv6vx996p
VIPRE	Backdoor.Win32.Qakbot.ax (v)
TrendMicro	BKDR_QAKBOT.SMG
McAfee-GW-Edition	W32/Pinkslipbot.gen.af
Sophos	Mal/Generic-S + Mal/FakeAV-IU
Ikarus	Trojan.Win32.Pakes
GData	Gen:Heur.VIZ.2
Jiangmin	TrojanSpy.Zbot.awmg
Avira	TR/PSW.Zbot.Y.151
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Generic.ASMalwS.324306A
Kingsoft	Win32.Troj.Unknown.c.(kcloud)
ViRobot	Trojan.Win32.A.Pakes.123392.A[UPX]
ZoneAlarm	Trojan.Win32.Pakes.ozs
Microsoft	PWS:Win32/Zbot!rfn
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Zbot.R5479
VBA32	Trojan.Zeus.EA.0999
ALYac	Gen:Heur.VIZ.2
TrendMicro-HouseCall	BKDR_QAKBOT.SMG
Rising	Spyware.Zbot!8.16B (CLOUD)
Yandex	Trojan.GenAsa!vL7ZL9om8yo
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.2151505.susgen
Fortinet	W32/Kryptik.NAS!tr
AVG	Win32:Malware-gen
Panda	Bck/Qbot.AO
CrowdStrike	win/malicious_confidence_60% (D)