Trojan

Trojan.Win32.Zenpak.bcin (file analysis)

Malware Removal

The Trojan.Win32.Zenpak.bcin is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Zenpak.bcin virus can do?

  • Executable code extraction
  • Compression (or decompression)
  • Attempts to connect to a dead IP:Port (4 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 127.0.0.1:17717
  • Unconventionial language used in binary resources: Norwegian (Nynorsk)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Exhibits possible ransomware file modification behavior
  • Collects information about installed applications
  • Creates a hidden or system file
  • Harvests credentials from local FTP client softwares
  • Anomalous binary characteristics

How to determine Trojan.Win32.Zenpak.bcin?



File Info:

crc32: 10F15B6F
md5: 3350aae4c4ebb8a9d200f05d1fd7950b
name: 3350AAE4C4EBB8A9D200F05D1FD7950B.mlw
sha1: 19468c85dd6772e7d5566bd9f3c216c4e8bfcfae
sha256: e3433215e57803029ce2a3e019d844b377aeb77ea11e0154289fbd4c24838d51
sha512: 0646016c83f4da20138a4a9c710b368de53152000e8bce6cebfedea787bb9a1c94068078b88ba557976c12fa009c6cb72305dcafacdb85a6d59587cac2aeef86
ssdeep: 98304:6BUTbjO/W5dAZ90tFI/SXlYKrDiaSROWH8Uyds3EpzesCSxph+2PKvP/3UcZXTo:SYGTKIGYCAROWcgsT6X/3Uc5W9ffUE6
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

InternalName: triwilbifor.acs
FileVersion: 6.26.361
Copyright: Copyrighz (C) 2020, vodkafuck
ProductVersion: 1.0.15
TranslationUsa: 0x0273 0x053a

Trojan.Win32.Zenpak.bcin also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.45301032
CAT-QuickHealTrojan.Multi
McAfeeArtemis!3350AAE4C4EB
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.45301032
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.4c4ebb
CyrenW32/Trojan.QKBX-0795
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:TrojanX-gen [Trj]
ClamAVWin.Malware.FickerStealer-9819303-1
KasperskyTrojan.Win32.Zenpak.bcin
AlibabaBackdoor:Win32/Glupteba.8488f802
ViRobotTrojan.Win32.Z.Malpack.4591104
AegisLabTrojan.Multi.Generic.4!c
RisingTrojan.Kryptik!8.8 (TFE:5:beSYtboWWOS)
Ad-AwareTrojan.GenericKD.45301032
EmsisoftTrojan.GenericKD.45301032 (B)
ComodoMalware@#bt1kdhsmt837
F-SecureTrojan.TR/Crypt.Agent.ajqig
DrWebTrojan.Siggen11.57180
ZillyaTrojan.Zenpak.Win32.5344
TrendMicroTrojan.Win32.MALREP.THAOGBA
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
FireEyeGeneric.mg.3350aae4c4ebb8a9
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
AviraTR/Crypt.Agent.ajqig
Antiy-AVLTrojan/Win32.Kryptik
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Glupteba.NW!MTB
GridinsoftTrojan.Win32.Packed.oa
ArcabitTrojan.Generic.D2B33D28
ZoneAlarmTrojan.Win32.Zenpak.bcin
GDataTrojan.GenericKD.45301032
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R361868
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34760.@pKfaGShQJmG
ALYacTrojan.GenericKD.45301032
MAXmalware (ai score=99)
VBA32Trojan.Glupteba
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Kryptik.HIOC
TrendMicro-HouseCallTrojan.Win32.MALREP.THAOGBA
TencentWin32.Trojan.Kryptik.Lhwq
YandexTrojan.Zenpak!LzAY/KTYqDM
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HIFA!tr
WebrootW32.Trojan.Gen
AVGWin32:TrojanX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_80% (W)
Qihoo-360Generic/HEUR/QVM11.1.562B.Malware.Gen

How to remove Trojan.Win32.Zenpak.bcin?

Trojan.Win32.Zenpak.bcin removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment