Trojan

How to remove “Trojan.Win32.Zapchast.axgr”?

Malware Removal

The Trojan.Win32.Zapchast.axgr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Zapchast.axgr virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • HTTPS urls from behavior.
  • Unconventionial language used in binary resources: Arabic (Oman)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Trojan.Win32.Zapchast.axgr?



File Info:

name: D753951A0BB8A5F07E78.mlw
path: /opt/CAPEv2/storage/binaries/356ae0f9e2b8bb3e29f78b90bb4a77b030f673f6f362b850cd51c59b70864d10
crc32: 8CC93137
md5: d753951a0bb8a5f07e78921d1fd79286
sha1: 5d4c64486788395de898fcb3603e5c7c6ebd45d5
sha256: 356ae0f9e2b8bb3e29f78b90bb4a77b030f673f6f362b850cd51c59b70864d10
sha512: 93ba22ca1a10159e01c071b2736cd910ecacc8112640962a52c95e12d26aba384f7df6521e0d9cda7c51fe87c9e9bcfaf5c4e9041a011b2a733393a6d76e0f70
ssdeep: 24576:8SI7C8W3zLG6G+4f9ZCjR1IKXcmdSiuE4Lsx:8Oz/Nk9Z06mIgz
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T15405AE43B34449D0CA7D22F136A7BB54A13AA631DF5CCE73BAC2E936CC756D168088D9
sha3_384: 8d8ae2753ba84a565178058f2c74ec41fdf47c370ea252187fc33061d0e5d80145dce0ed8783308d5df3cf7d2f411a75
ep_bytes: 5150528d0d18000000648b0101c801c8
timestamp: 2021-12-28 22:33:44


Version Info:

CompanyName: FreshTokenizer
FileDescription: Token Updater
FileVersion: 7272.5.13.1
InternalName: UpdateToken.exe
LegalCopyright: Tokenizer
OriginalFilename: SetToken.exe
ProductName: Token Updater
ProductVersion: 2.1.4.1
Translation: 0x041f 0x04b0

Trojan.Win32.Zapchast.axgr also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Zapchast.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.ZapchastRI.S25317706
ALYacTrojan.GenericKDZ.81157
MalwarebytesSpyware.PasswordStealer
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 0058dc741 )
AlibabaTrojan:Win32/Zapchast.db118702
K7GWTrojan-Downloader ( 0058b4731 )
Cybereasonmalicious.a0bb8a
VirITWin32.Expiro.CV
CyrenW32/Expiro.AN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Expiro.CP
APEXMalicious
AvastWin32:Xpirat-C [Inf]
ClamAVWin.Malware.Lazy-9918569-0
KasperskyTrojan.Win32.Zapchast.axgr
BitDefenderTrojan.GenericKDZ.81157
NANO-AntivirusVirus.Win32.Gen.ccmw
ViRobotTrojan.Win32.Z.Agent.843776.RS
MicroWorld-eScanTrojan.GenericKDZ.81157
RisingDownloader.Agent!8.B23 (CLOUD)
Ad-AwareTrojan.GenericKDZ.81157
SophosMal/EncPk-MK
DrWebTrojan.PWS.Stealer.31769
TrendMicroVirus.Win32.EXPIRO.AD
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
FireEyeGeneric.mg.d753951a0bb8a5f0
EmsisoftTrojan.GenericKDZ.81157 (B)
IkarusTrojan-Downloader.Win32.Agent
GDataTrojan.GenericKDZ.81157
JiangminTrojan.PSW.Stealer.abj
AviraW32/Infector.Gen8
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASVirus.315
ArcabitTrojan.Generic.D13D05
ZoneAlarmTrojan.Win32.Zapchast.axgr
MicrosoftTrojan:Win32/Raccoon.EC!MTB
AhnLab-V3Trojan/Win.Generic.R456588
Acronissuspicious
VBA32BScope.Trojan.Wacatac
CylanceUnsafe
TrendMicro-HouseCallVirus.Win32.EXPIRO.AD
TencentVirus.Win32.Expiro.ns
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.8012.susgen
FortinetW32/Expiro.NDG
BitDefenderThetaAI:Packer.A427B6BF1F
AVGWin32:Xpirat-C [Inf]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan.Win32.Zapchast.axgr?

Trojan.Win32.Zapchast.axgr removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment