Spy Trojan

What is “TrojanSpy:Win32/Bancos.ZN”?

Malware Removal

The TrojanSpy:Win32/Bancos.ZN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What TrojanSpy:Win32/Bancos.ZN virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine TrojanSpy:Win32/Bancos.ZN?


File Info:

name: E35B8BEDF401CC39C4CB.mlw
path: /opt/CAPEv2/storage/binaries/d3ad72b722d6fa33923737681aada15014eae5d2147afe55b0f8dcdeedae1761
crc32: 4111978F
md5: e35b8bedf401cc39c4cb4790818c587a
sha1: d84d8bcc63dff9046a8ff083b971228dc2ed27f7
sha256: d3ad72b722d6fa33923737681aada15014eae5d2147afe55b0f8dcdeedae1761
sha512: 38dd8d09042af005c8def8e196153989130f5aa59623cb9a950d0c5ab7a2ef4d51904e2d4288cabb6ada656801a945f67a71b0276c3cbb3f6cf816bfee05ece0
ssdeep: 12288:mutrzh9xOXkNmQwXdCn7k7eXTC02Y2G8c3pMM+xJwJB:mutr5OUNmQEdC7k7gGGnpExib
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17EB4122733D144BADAE3A6306FF9169E927DEC32627D5603E722110D7BF19A18016B73
sha3_384: 896ffe97e68b7d6e22f5bab362e8176af4b3f9805e2336567e0ac1f761e31c9410ed8efdb2c47380640a1116cf86bfa8
ep_bytes: e8e3feffff33c050505050e8be2b0000
timestamp: 2010-03-15 06:27:50

Version Info:

0: [No Data]

TrojanSpy:Win32/Bancos.ZN also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Banker.3
ClamAVWin.Keylogger.Banbra-9867061-0
FireEyeGen:Variant.Banker.3
SkyhighBehavesLike.Win32.Generic.hc
McAfeeArtemis!E35B8BEDF401
MalwarebytesGeneric.Malware/Suspicious
VIPREGen:Variant.Banker.3
SangforSpyware.Win32.Bancos.ZN
K7AntiVirusTrojan ( 7000000f1 )
AlibabaTrojanSpy:Win32/Bancos.2d0b6218
K7GWTrojan ( 7000000f1 )
CrowdStrikewin/malicious_confidence_60% (W)
VirITTrojan.Win32.Banker5.BUIB
SymantecTrojan.Gen.MBT
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Spy.Banker.VCV
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Variant.Banker.3
NANO-AntivirusTrojan.Win32.Banbra.brvge
AvastWin32:BankerX-gen [Trj]
EmsisoftGen:Variant.Banker.3 (B)
F-SecureTrojan.TR/Banker.Itau.H.2
DrWebTrojan.PWS.Banker.53642
TrendMicroTROJ_CHIFRAX.BU
SophosMal/Banker-AD
IkarusTrojan.Crypt
GDataGen:Variant.Banker.3
JiangminTrojan/Banker.Banbra.hdy
WebrootW32.Orsam.Gen
GoogleDetected
AviraTR/Banker.Itau.H.2
MAXmalware (ai score=99)
Kingsoftmalware.kb.a.995
XcitiumTrojWare.Win32.Banbra.sj@4kvwm4
ArcabitTrojan.Banker.3
ZoneAlarmUDS:Trojan.Win32.Generic
MicrosoftTrojanSpy:Win32/Bancos.ZN
VaristW32/Risk.XJUJ-7468
BitDefenderThetaGen:NN.ZelphiF.36744.0GW@aukU5fjG
ALYacGen:Variant.Banker.3
TACHYONTrojan-Spy/W32.Banker.519835
VBA32TrojanBanker.Banbra
Cylanceunsafe
PandaTrj/Banbra.GXC
TrendMicro-HouseCallTROJ_CHIFRAX.BU
TencentWin32.Trojan.Generic.Timw
SentinelOneStatic AI – Suspicious SFX
FortinetW32/CHIFRAX.BU!tr
AVGWin32:BankerX-gen [Trj]
Cybereasonmalicious.c63dff
DeepInstinctMALICIOUS

How to remove TrojanSpy:Win32/Bancos.ZN?

TrojanSpy:Win32/Bancos.ZN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment