Trojan

Trojan.Win32.Zapchast.axcn removal tips

Malware Removal

The Trojan.Win32.Zapchast.axcn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Zapchast.axcn virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • HTTPS urls from behavior.
  • Unconventionial language used in binary resources: Arabic (Oman)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Trojan.Win32.Zapchast.axcn?



File Info:

name: D4BF508E70F4E4FD2AC8.mlw
path: /opt/CAPEv2/storage/binaries/359a95db89ef54f04efd17ccc4885dc68bc02caa940c9ef62e3294385420709c
crc32: 823E6148
md5: d4bf508e70f4e4fd2ac8c5013ff7af7f
sha1: 9f3e0f264cb4843c06f230378300f9c80c17ec14
sha256: 359a95db89ef54f04efd17ccc4885dc68bc02caa940c9ef62e3294385420709c
sha512: d971ce0701a9745fdaab59309247ceff256c056d511471a591235ef5a25539df9734db794f045de95db09c4a3bcc906233bd9d2053f706b431378291eeaee33c
ssdeep: 24576:JSF7C8W3zLG6G+4f9Z6zhXqftBNr3ruF:J/z/Nk9Z6zhXkB
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T14C05CF74F3C064EDC02A5F343CE9B790995BB62023069D53A9FA19390EB83E647649F7
sha3_384: 987c0441ac4b632b81c9dbe60dee11a3384fb92b1c13a73d5f3d4f4b6775ab3a2240febe59f0e8d0b9d87f316f727d7f
ep_bytes: 5150528d0d18000000648b0101c801c8
timestamp: 2022-01-16 06:10:48


Version Info:

CompanyName: FreshTokenizer
FileDescription: Token Updater
FileVersion: 7272.5.13.1
InternalName: UpdateToken.exe
LegalCopyright: Tokenizer
OriginalFilename: SetToken.exe
ProductName: Token Updater
ProductVersion: 2.1.4.1
Translation: 0x041f 0x04b0

Trojan.Win32.Zapchast.axcn also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Zapchast.4!c
Elasticmalicious (high confidence)
ClamAVWin.Malware.Lazy-9918569-0
CAT-QuickHealTrojan.ZapchastRI.S25317706
ALYacTrojan.GenericKDZ.81157
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 0058dc741 )
AlibabaTrojan:Win32/Zapchast.1a0280e8
K7GWTrojan-Downloader ( 0058b4731 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITWin32.Expiro.CV
CyrenW32/Expiro.AN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Expiro.CP
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Zapchast.axcn
BitDefenderTrojan.GenericKDZ.81157
NANO-AntivirusVirus.Win32.Gen.ccmw
MicroWorld-eScanTrojan.GenericKDZ.81157
AvastWin32:Xpirat-C [Inf]
RisingDownloader.Agent!8.B23 (TFE:5:qAQ2WPsJNDU)
Ad-AwareTrojan.GenericKDZ.81157
SophosMal/EncPk-MK
F-SecureMalware.W32/Infector.Gen8
DrWebTrojan.PWS.Stealer.31769
TrendMicroVirus.Win32.EXPIRO.AD
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
FireEyeGeneric.mg.d4bf508e70f4e4fd
EmsisoftTrojan.GenericKDZ.81157 (B)
IkarusTrojan-Downloader.Win32.Agent
GDataTrojan.GenericKDZ.81157
JiangminTrojan.Zapchast.adn
AviraW32/Infector.Gen8
Antiy-AVLTrojan/Generic.ASVirus.315
ArcabitTrojan.Generic.D13D05
ZoneAlarmTrojan.Win32.Zapchast.axcn
MicrosoftTrojan:Win32/Raccoon.EC!MTB
AhnLab-V3Trojan/Win.Generic.R456588
Acronissuspicious
MAXmalware (ai score=82)
VBA32BScope.Trojan.Wacatac
MalwarebytesSpyware.PasswordStealer
TrendMicro-HouseCallVirus.Win32.EXPIRO.AD
TencentVirus.Win32.Expiro.ns
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_100%
FortinetW32/Expiro.NDG
BitDefenderThetaAI:Packer.C9AE4B361F
AVGWin32:Xpirat-C [Inf]
Cybereasonmalicious.e70f4e
PandaTrj/GdSda.A

How to remove Trojan.Win32.Zapchast.axcn?

Trojan.Win32.Zapchast.axcn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment