About “Trojan:Win32/Phonzy.B!ml” infection

The Trojan:Win32/Phonzy.B!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Phonzy.B!ml virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan:Win32/Phonzy.B!ml?


File Info:
name: 947B339B8FAFFB7EA85B.mlw
path: /opt/CAPEv2/storage/binaries/d520200440fa23a2a693f2eb61687649b806b46cbbd347c1291a341e99be2938
crc32: 29FB76E5
md5: 947b339b8faffb7ea85bf63dd6251208
sha1: d315886af8be92a27490ced97ccb0e110ac99481
sha256: d520200440fa23a2a693f2eb61687649b806b46cbbd347c1291a341e99be2938
sha512: ca9533fc017e72a9727d389b25498644a8a3607bd468d8e137614a349d9e2494026ff35f170f79286bb51b9dec5c6a7ba137fdc9eea721ca9905d40b8122092c
ssdeep: 1536:6OEIoc18gVfIwOkXHk3txIIxPxUUc3mvQDBwy4n6I5DzC9Du/GUDQ+RT1v1/WvQ4:6OEIocOgVfIwOkXE3txhxPfc3mvQDBwe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14793197A9A5217B4D2C70078892B5ABA692B83E73761BFCB23141C33D4156C8BB7534E
sha3_384: c198e6cee340cc0cc374c64ad28cdd7343d15349637ba4dc09e5e911c61b9556d2b92baeca59eb3f1fbeaba20e35fa50
ep_bytes: 
timestamp: 2010-08-27 10:10:43

Version Info:
0: [No Data]

Trojan:Win32/Phonzy.B!ml also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
DrWeb	Trojan.DownLoad2.38828
MicroWorld-eScan	Gen:Variant.Graftor.36
Skyhigh	Artemis
Sangfor	Trojan.Win32.Agent.Vmig
Arcabit	Trojan.Graftor.36
Symantec	Trojan.Gen.MBT
Cynet	Malicious (score: 99)
APEX	Malicious
ClamAV	Win.Malware.Generic-10017923-0
BitDefender	Gen:Variant.Graftor.36
Emsisoft	Gen:Variant.Graftor.36 (B)
F-Secure	Trojan.TR/Spy.Agent.1001
VIPRE	Gen:Variant.Graftor.36
Trapmine	malicious.moderate.ml.score
FireEye	Gen:Variant.Graftor.36
Sophos	Mal/Generic-S
Avira	TR/Spy.Agent.1001
MAX	malware (ai score=84)
Xcitium	Heur.Corrupt.PE@1z141z3
Microsoft	Trojan:Win32/Phonzy.B!ml
GData	Win32.Trojan.PSE.1ICICGF
Google	Detected
ALYac	Gen:Variant.Graftor.36
Malwarebytes	Malware.AI.2066606985
Rising	Trojan.Generic@AI.99 (RDML:Nn/ukLSIBkeM3nKFIKmePA)
Ikarus	Trojan.Spy.Agent
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Phonzy.B!ml?

Trojan:Win32/Phonzy.B!ml removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X