Categories: Trojan

TrojanDownloader:Win32/Zlob.AMP removal tips

The TrojanDownloader:Win32/Zlob.AMP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanDownloader:Win32/Zlob.AMP virus can do?

Yara rule detections observed from a process memory dump/dropped files/CAPE
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Attempts to modify proxy settings
Deletes executed files from disk

How to determine TrojanDownloader:Win32/Zlob.AMP?


File Info:
name: 18AF64F6DB0416842B06.mlwpath: /opt/CAPEv2/storage/binaries/516f73e12385a3e8f0b79e4e04704cbc41bba094f7d369ce2b6d93311ac43912crc32: D4692B33md5: 18af64f6db0416842b06af2944b6b2b1sha1: 0ba495aa7a0eac0db85c29ae08346b63afe205aesha256: 516f73e12385a3e8f0b79e4e04704cbc41bba094f7d369ce2b6d93311ac43912sha512: 6fd90d10a6f2dc42d860bb87f5f0cb75e8775ecd2f8c1e2076d55aac515f6ca62a7ce3ed802c25eab88a6b5a7a8a32c50cd02d6e37b0001eb36a2893639298fassdeep: 384:9EYT+T1A3CxdeaDi4UGxWKsEX2TtW3+n:9dT+RUnKsEOtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1C942AD2FF3086BC7D0965733221B472A09DAADF84338FB194804705BF269AF83699434sha3_384: 93afd8106300ceb5d9a8e9c691d4bd32c9502d767af3485d9e9b577470c2eee9dfd8e8362d471e7d71be624bf26d6135ep_bytes: 60be007040008dbe00a0ffff57eb0b90timestamp: 2008-04-04 09:04:49
Version Info:
0: [No Data]

TrojanDownloader:Win32/Zlob.AMP also known as:

MicroWorld-eScan	Gen:Trojan.Heur.amGfrT3KmEncu
ClamAV	Win.Trojan.Zlob-4932
FireEye	Generic.mg.18af64f6db041684
CAT-QuickHeal	Downloader.Zlob.8145
ALYac	Gen:Trojan.Heur.amGfrT3KmEncu
Cylance	Unsafe
VIPRE	Gen:Trojan.Heur.amGfrT3KmEncu
CrowdStrike	win/malicious_confidence_90% (W)
K7GW	Trojan-Downloader ( 0055e3da1 )
K7AntiVirus	Trojan-Downloader ( 0055e3da1 )
VirIT	Trojan.Win32.ZLOB
Cyren	W32/Downldr2.BMKO
Symantec	Trojan.Zlob
Elastic	malicious (moderate confidence)
ESET-NOD32	Win32/TrojanDownloader.Zlob.BTE
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	Trojan-Downloader.Win32.Zlob.lps
BitDefender	Gen:Trojan.Heur.amGfrT3KmEncu
NANO-Antivirus	Trojan.Win32.Zlob.wtzr
Avast	Win32:Malware-gen
Tencent	Malware.Win32.Gencirc.114c3587
Ad-Aware	Gen:Trojan.Heur.amGfrT3KmEncu
Sophos	ML/PE-A + Troj/ZlobPx-Gen
Comodo	TrojWare.Win32.TrojanDownloader.Zlob.BTE@as5s
DrWeb	Trojan.DownLoader.63612
Zillya	Downloader.Zlob.Win32.9786
TrendMicro	TROJ_ZLOB.EWP
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.lh
Emsisoft	Gen:Trojan.Heur.amGfrT3KmEncu (B)
SentinelOne	Static AI – Suspicious PE
GData	Gen:Trojan.Heur.amGfrT3KmEncu
Jiangmin	TrojanDownloader.Zlob.hyq
Avira	TR/Crypt.CFI.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.1BB
Kingsoft	Win32.Troj.ZlobT.xr.40960.(kcloud)
Arcabit	Trojan.Heur.amGfrT3KmEncu
Microsoft	TrojanDownloader:Win32/Zlob.AMP
Google	Detected
AhnLab-V3	Win-Trojan/Zlob6.Gen
McAfee	generic!bg
MAX	malware (ai score=81)
VBA32	TrojanDownloader.Zlob
Malwarebytes	Malware.AI.1744106140
TrendMicro-HouseCall	TROJ_ZLOB.EWP
Rising	Malware.Undefined!8.C (TFE:5:sti4ippiEVD)
Yandex	Trojan.GenAsa!wxICTJruug0
Ikarus	Trojan.Zlob
Fortinet	W32/Zlob.RF!tr
BitDefenderTheta	AI:Packer.E041B24B1D
AVG	Win32:Malware-gen
Cybereason	malicious.6db041
Panda	Adware/Netproject