Trojan

About “Trojan:Win32/Phonzy.B!ml” infection

Malware Removal

The Trojan:Win32/Phonzy.B!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Phonzy.B!ml virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the shellcode get eip malware family
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Touches a file containing cookies, possibly for information gathering
  • Collects information to fingerprint the system
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Phonzy.B!ml?



File Info:

name: 8E5E286303A3B8311151.mlw
path: /opt/CAPEv2/storage/binaries/0cf254a51cf8d31cec23d8dc4237ff3027f92f8e6b55aef7b22f264c71511b1e
crc32: BB7D8BBA
md5: 8e5e286303a3b831115108cb812451f3
sha1: 90f73d84031afaa32aa30134a0bfc4130d5e0634
sha256: 0cf254a51cf8d31cec23d8dc4237ff3027f92f8e6b55aef7b22f264c71511b1e
sha512: 1ff149484f3c482599f87e486750b70de8e399514f6ccf2bbeea527285a1a501c3060c1694045735da3434012bee5e4d4e64fad7a94e3e620d9bc6108d73aae1
ssdeep: 12288:vqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgatTz:vqDEvCTbMWu7rQYlBQcBiT6rprG8apz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T194159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
sha3_384: 18d57c6a65da9bfb9af3619a430a1e5163d6f0c275cdd93b0619eaa88aba554344bd75567e091911a86d7ec182a47ba7
ep_bytes: e86e050000e97afeffff558bec56ff75
timestamp: 2024-01-25 17:40:07


Version Info:

Translation: 0x0809 0x04b0

Trojan:Win32/Phonzy.B!ml also known as:

LionicTrojan.Win64.Injects.ts93
Elasticmalicious (moderate confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.8e5e286303a3b831
SkyhighBehavesLike.Win32.RealProtect.ch
McAfeeArtemis!8E5E286303A3
MalwarebytesGeneric.Malware/Suspicious
SangforVirus.Win32.Save.a
ESET-NOD32a variant of Win32/Autoit.OPU
APEXMalicious
JiangminTrojan.Script.awbz
GoogleDetected
MicrosoftTrojan:Win32/Phonzy.B!ml
VaristW32/AutoIt.XQ.gen!Eldorado
Cylanceunsafe
RisingTrojan.Agent/Autoit!1.F437 (CLASSIC)
SentinelOneStatic AI – Suspicious PE
Cybereasonmalicious.4031af
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Phonzy.B!ml?

Trojan:Win32/Phonzy.B!ml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment