About “Trojan:Win32/Phonzy.A!ml” infection

The Trojan:Win32/Phonzy.A!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Phonzy.A!ml virus can do?

Sample contains Overlay data
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan:Win32/Phonzy.A!ml?


File Info:
name: 63A6BC4A10B6271C53B9.mlw
path: /opt/CAPEv2/storage/binaries/c14c455228c97ef8edccba82fc8050bfb2e16a3da545487776437841e43d8595
crc32: BFDAA77A
md5: 63a6bc4a10b6271c53b9653c52da16fb
sha1: 71a40035535c7db1ff82c315482223c1c966e1ce
sha256: c14c455228c97ef8edccba82fc8050bfb2e16a3da545487776437841e43d8595
sha512: 6bd6621b3d5d3ad7a862566c13bbc7f41fe7f843b369acd13d57b1d10f58898279292c5fe1e5924f3cdabe98ddf9be05cc1c3a56f0fff5c3d2793c5a59a07f44
ssdeep: 12288:+YWIGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPh:+Y6t/sBlDqgZQd6XKtiMJYiPU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CFD41207F6C2D039F8B319B21F795415A42AFE74A74AA0DBA2C6694E1DB80D26D34337
sha3_384: 433a3368b43cdaf9c78081df392e556314a2db08d978bfd193c5f6a9e9ddd19e263c197d830fd240a52c22fda0f6ea28
ep_bytes: e8d3030000e937fdffffcccc68d57b40
timestamp: 2014-11-20 18:03:43

Version Info:
CompanyName: Adobe Systems Incorporated
FileDescription: Adobe Acrobat Update Service
FileVersion: 1.801.10.4720
InternalName: armsvc.exe
LegalCopyright: Copyright © 2013 Adobe Systems Incorporated.  All rights reserved.
OriginalFilename: armsvc.exe
ProductName: Adobe Acrobat Update Service
ProductVersion: 1.801.10.4720
Translation: 0x0409 0x04b0

Trojan:Win32/Phonzy.A!ml also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Expiro.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.101723
Skyhigh	BehavesLike.Win32.Expiro.jc
McAfee	Artemis!63A6BC4A10B6
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Arcabit	Trojan.Generic.D18D5B
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Malware.Expiro-9941636-0
BitDefender	Trojan.GenericKDZ.101723
Emsisoft	Trojan.GenericKDZ.101723 (B)
VIPRE	Trojan.GenericKDZ.101723
Sophos	Mal/Generic-S
Ikarus	Virus.Win32.Expiro
Varist	W32/Floxif.H.gen!Eldorado
Microsoft	Trojan:Win32/Phonzy.A!ml
GData	Trojan.GenericKDZ.101723
Google	Detected
ALYac	Trojan.GenericKDZ.101723
TrendMicro-HouseCall	TROJ_GEN.R002H09LB23
MaxSecure	Trojan.Malware.215575181.susgen
Fortinet	W32/PossibleThreat
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Phonzy.A!ml?

Trojan:Win32/Phonzy.A!ml removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X