Trojan

Trojan.Zeus.EA.0999 malicious file

Malware Removal

The Trojan.Zeus.EA.0999 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Zeus.EA.0999 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Creates a copy of itself

How to determine Trojan.Zeus.EA.0999?



File Info:

name: 7458421B1930FD0689AB.mlw
path: /opt/CAPEv2/storage/binaries/f372d8ac4b190b1079120513f04e10f1306c60aa4a2861b679c47a66884963b5
crc32: 57347450
md5: 7458421b1930fd0689abd0f4c8506bdc
sha1: 75913d1e4d9fd8c2736fc5101430c60d44022e12
sha256: f372d8ac4b190b1079120513f04e10f1306c60aa4a2861b679c47a66884963b5
sha512: bb6e278ca57515df25a6b0fa7f95b93150328ef2f3330e1822514a57fdbaa4b5e416b16987c57af18e2216d53e5fbab0428dd226661bfe417bad80ce431ad409
ssdeep: 196608:rn5fbutnKAt5gdnlp2oZVCZJxUg+XQVm8lA:rn5fa8At5Il3QKg+XQVk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10B66332FE86E9889CD839AFDDFBF5252650DCE065DD0AD55AAC0074B680B6D03F18EC1
sha3_384: ead78777138ef9562adc6c077044393d1716931c6aa0b4e1c13c4dca1b9c4ef3629ad0f5399eb01cf023a4b77fe28b94
ep_bytes: 60be00504a008dbe00c0f5ff57eb0b90
timestamp: 2005-05-17 14:15:44


Version Info:

CompanyName: Kawetyl Osclmswfb
FileDescription: Kawetyl Ugntspq Rywhbps
FileVersion: 52,71,79,88
InternalName: Kawetyl
LegalCopyright: Copyright © Kawetyl Osclmswfb 2004-2007
OriginalFilename: Kawetyl.exe
ProductName: Kawetyl Ugntspq Rywhbps
ProductVersion: 95,17,57,80
Translation: 0x0409 0x04e4

Trojan.Zeus.EA.0999 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.VIZ.!e!.1
FireEyeGeneric.mg.7458421b1930fd06
CAT-QuickHealWorm.SlenfBot.Gen
McAfeeSefnit.ad
CylanceUnsafe
VIPRETrojan.Win32.Kryptik.lbu (v)
SangforTrojan.Win32.Sefnit.G
AlibabaVirTool:Win32/Obfuscator.99839d00
Cybereasonmalicious.b1930f
CyrenW32/Sefnit.G.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Kryptik.LDY
Paloaltogeneric.ml
ClamAVWin.Trojan.Kolab-1583
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.VIZ.!e!.1
NANO-AntivirusTrojan.Win32.Kolab.btuwkw
SUPERAntiSpywareTrojan.Agent/Gen-Faldesc[Cont]
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b9f2bb
Ad-AwareGen:Heur.VIZ.!e!.1
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
DrWebTrojan.Siggen2.31997
ZillyaWorm.Kolab.Win32.5256
TrendMicroWORM_KOLAB.SMB
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
EmsisoftGen:Heur.VIZ.!e!.1 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.VIZ.!e!.1
JiangminWorm/Kolab.gdq
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.184C105
ViRobotWorm.Win32.A.Net-Kolab.2427753[UPX]
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Sefnit.G
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.FraudPack.R3415
VBA32Trojan.Zeus.EA.0999
ALYacGen:Heur.VIZ.!e!.1
TrendMicro-HouseCallWORM_KOLAB.SMB
RisingTrojan.Win32.fedoN.hi (CLOUD)
YandexTrojan.GenAsa!rTvAwvnOGnE
IkarusTrojan.Win32.Sefnit
eGambitGeneric.Malware
FortinetW32/Kryptik.NAS!tr
BitDefenderThetaGen:NN.ZexaF.34212.@pNfaiX!zMfc
AVGWin32:Malware-gen
PandaBck/Qbot.AO
MaxSecureTrojan.Malware.7164915.susgen

How to remove Trojan.Zeus.EA.0999?

Trojan.Zeus.EA.0999 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment