Trojan

Trojan.Win32.Zapchast.axgs (file analysis)

Malware Removal

The Trojan.Win32.Zapchast.axgs is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Zapchast.axgs virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • HTTPS urls from behavior.
  • Unconventionial language used in binary resources: Arabic (Oman)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Trojan.Win32.Zapchast.axgs?



File Info:

name: 4EFDF9B59F34CCF96F5B.mlw
path: /opt/CAPEv2/storage/binaries/2d9f56fad6013dfb81489bc028d1a169945a7ef0cfc5fc20bb5b16f0f8af41b3
crc32: FCE14E8D
md5: 4efdf9b59f34ccf96f5b8f226a2e1f4b
sha1: 63dfb766ad3cdbe8e7f17bea3dbdf4b025c06d9a
sha256: 2d9f56fad6013dfb81489bc028d1a169945a7ef0cfc5fc20bb5b16f0f8af41b3
sha512: f5b2545bbbd81b733c890cbdd8027758f312ef558ea3753d75bd171209dcd0ac8d12127b4bdf285ccabcb6bd8bf4a25e26d094b17f646a4e064e03a6f06471a7
ssdeep: 24576:7F7C8W3zLG6G+4f9ZK6zpKH5Anf/1NzlP:6z/Nk9ZLzOOnf/f
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T17905CE74B74324EDD02A1FF437E9B7909958B66023029853AA9B6D1D0EB43E24377BC7
sha3_384: bcf618a73f2e5431b1958c650eb420f1be143c228b2d1dc5650043501f8d4a008e9940a2017bd85473f44267d8f1a2a5
ep_bytes: 5150528d0d18000000648b0101c801c8
timestamp: 2021-09-07 21:32:06


Version Info:

CompanyName: FreshTokenizer
FileDescription: Token Updater
FileVersion: 7272.5.13.1
InternalName: UpdateToken.exe
LegalCopyright: Tokenizer
OriginalFilename: SetToken.exe
ProductName: Token Updater
ProductVersion: 2.1.4.1
Translation: 0x041f 0x04b0

Trojan.Win32.Zapchast.axgs also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
ClamAVWin.Malware.Lazy-9918569-0
CAT-QuickHealTrojan.ZapchastRI.S25317706
ALYacTrojan.GenericKDZ.81157
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 0058dc741 )
AlibabaTrojan:Win32/Zapchast.1f228307
K7GWTrojan-Downloader ( 0058b4731 )
Cybereasonmalicious.59f34c
VirITWin32.Expiro.CV
CyrenW32/Expiro.AN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Expiro.CP
APEXMalicious
AvastWin32:Xpirat-C [Inf]
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Zapchast.axgs
BitDefenderTrojan.GenericKDZ.81157
NANO-AntivirusVirus.Win32.Gen.ccmw
ViRobotTrojan.Win32.Z.Agent.843776.RR
MicroWorld-eScanTrojan.GenericKDZ.81157
TencentVirus.Win32.Expiro.ns
Ad-AwareTrojan.GenericKDZ.81157
SophosMal/EncPk-MK
DrWebTrojan.PWS.Stealer.31769
TrendMicroVirus.Win32.EXPIRO.AD
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
FireEyeGeneric.mg.4efdf9b59f34ccf9
EmsisoftTrojan.GenericKDZ.81157 (B)
IkarusTrojan-Downloader.Win32.Agent
GDataTrojan.GenericKDZ.81157
JiangminTrojan.Strab.tr
AviraW32/Infector.Gen8
Antiy-AVLTrojan/Generic.ASVirus.315
ArcabitTrojan.Generic.D13D05
ZoneAlarmTrojan.Win32.Zapchast.axgs
MicrosoftTrojan:Win32/Raccoon.EC!MTB
AhnLab-V3Trojan/Win.Generic.R456588
Acronissuspicious
MAXmalware (ai score=80)
VBA32BScope.Trojan.Wacatac
MalwarebytesSpyware.PasswordStealer
TrendMicro-HouseCallVirus.Win32.EXPIRO.AD
RisingDownloader.Agent!8.B23 (CLOUD)
SentinelOneStatic AI – Malicious PE
FortinetW32/Expiro.NDG
BitDefenderThetaAI:Packer.79494BF01F
AVGWin32:Xpirat-C [Inf]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan.Win32.Zapchast.axgs?

Trojan.Win32.Zapchast.axgs removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment