What is “Trojan:Win32/Phoenix!pz”?

The Trojan:Win32/Phoenix!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Phoenix!pz virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan:Win32/Phoenix!pz?


File Info:
name: 062B4936FE13436933EB.mlw
path: /opt/CAPEv2/storage/binaries/652df68ddd16669970274981d1b356d23688e65a40f1caa26853447cf7dfff31
crc32: 1B540A93
md5: 062b4936fe13436933eb88cc57c50dda
sha1: d737e595fb96fb761e9ef95cbfca600ae7f3c9fb
sha256: 652df68ddd16669970274981d1b356d23688e65a40f1caa26853447cf7dfff31
sha512: 3227f1779a6f136bcc5d564565caed9eb85370e5d1deab694f871e736f182478ca440bc6c895c5a940d423e7bcc7dd0e7d10511acda780ec824e734bb56ae023
ssdeep: 24576:OKARp7EuYyYkaXIi6lMyPds8/fLmGCbW80wIuo3ybsLiiDNuGl3RuQ553139v:OKAp7FNDmGSN0wIuo3ybsmioGl3X
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1EEC51B139ACB0D75DDD23BB4A1CB633AA734ED30CA2A9B7FB608C53559532C46C1A742
sha3_384: 0af0a4d755e390d360417d7e2211fde5c6886b12902b981dd804c89b7f45425659a608ca4dcd9a6cd444d7a021228621
ep_bytes: 83ec0cc705b8c3510000000000e8eeb1
timestamp: 2022-07-18 13:23:43

Version Info:
0: [No Data]

Trojan:Win32/Phoenix!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealer.l!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Steam.31548
MicroWorld-eScan	Gen:Variant.Zusy.485758
ClamAV	Win.Packed.Generickdz-9956620-0
FireEye	Gen:Variant.Zusy.485758
CAT-QuickHeal	Trojan.Redstealer.S31746996
Skyhigh	GenericRXTS-CW!062B4936FE13
McAfee	GenericRXTS-CW!062B4936FE13
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Variant.Zusy.485758
K7AntiVirus	Trojan ( 0059579c1 )
Alibaba	Trojan:Win32/Redline.828465dc
K7GW	Trojan ( 0059579c1 )
Arcabit	Trojan.Zusy.D7697E
BitDefenderTheta	Gen:NN.ZexaF.36744.C!Z@aqjGquk
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HQDK
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Zusy.485758
NANO-Antivirus	Trojan.Win32.jqgref.jqpavm
Avast	Win32:Evo-gen [Trj]
Tencent	Trojan.Win32.Kryptik.zaa
Emsisoft	Gen:Variant.Zusy.485758 (B)
F-Secure	Trojan.TR/Crypt.Agent.migcp
Zillya	Trojan.Kryptik.Win32.3841809
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanSpy.Stealer.zem
Webroot	W32.Hack.Tool
Google	Detected
Avira	TR/Crypt.Agent.migcp
MAX	malware (ai score=85)
Antiy-AVL	Trojan[Spy]/Win32.Stealer
Microsoft	Trojan:Win32/Phoenix!pz
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Win32.Trojan.PSE.10W6PDD
Varist	W32/Trojan.HLPX-5019
AhnLab-V3	Trojan/Win.Generic.R505271
Acronis	suspicious
ALYac	Gen:Variant.Zusy.485758
VBA32	BScope.TrojanPSW.RedLine
Cylance	unsafe
Panda	Trj/CI.A
Rising	Trojan.Kryptik!8.8 (TFE:5:VW0IYWsR51R)
Yandex	Trojan.Kryptik!kU4LId0NUDQ
Ikarus	Trojan.Win32.RedlineStealer
MaxSecure	Spy.W32.Convagent.gen_232116
Fortinet	W32/RedLineStealer.D!tr
AVG	Win32:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Trojan:Win32/Phoenix!pz?

Trojan:Win32/Phoenix!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X