Trojan

About “Trojan:Win32/Phonzy.B!ml” infection

Malware Removal

The Trojan:Win32/Phonzy.B!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Phonzy.B!ml virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Phonzy.B!ml?



File Info:

name: DFCF999DB11E6B8FE92E.mlw
path: /opt/CAPEv2/storage/binaries/4b279184b2e87f3df8afd4f638d3e7523d75fab9ae5a22e1a5b89eda33489d1f
crc32: 17B9D5F8
md5: dfcf999db11e6b8fe92ea598d24546ec
sha1: 1d8881e8c654da13fdfd60376feb1f6dc532b758
sha256: 4b279184b2e87f3df8afd4f638d3e7523d75fab9ae5a22e1a5b89eda33489d1f
sha512: b9a240fa6c32780271df29ad6bffa3fbf853b528f6d9c3710a8710643974183909bb680ba8dc0d91f3454731648f3fe5de9813f6d1da698d9b12226bd7d3698c
ssdeep: 12288:SLAu0UYnU4/TbIP2v0Hw1eUrEh6bCzqTk6bW3CIiS7:SFho9/Iev0Q1eU4h6Ozh6W3CNS
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T11FB4BF223FF5D57AC61341339E2DAB94E4FE92654EA0058357C00E2CEA76D81DB3AF19
sha3_384: 05703a5b45abd62de746e50d5d1f764768ef7243f6112de316b80b303264923b555192d53fd123823fe29f236086a155
ep_bytes: 558bec6aff6840ce430068b03d430064
timestamp: 2018-12-30 02:52:10


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7-Zip Console
FileVersion: 18.06
InternalName: 7z
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename: 7z.exe
ProductName: 7-Zip
ProductVersion: 18.06
Translation: 0x0409 0x04b0

Trojan:Win32/Phonzy.B!ml also known as:

BkavW32.AIDetectMalware
AVGWin32:Patched-AWW [Trj]
MicroWorld-eScanGen:Variant.Mint.Zard.5
FireEyeGeneric.mg.dfcf999db11e6b8f
CAT-QuickHealTrojan.InjukePMF.S31351714
SkyhighBehavesLike.Win32.Generic.hc
ALYacGen:Variant.Mint.Zard.5
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.ins
AlibabaVirus:Win32/Senoval.98653f75
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Patched.NKP
CynetMalicious (score: 100)
APEXMalicious
KasperskyVirus.Win32.Senoval.a
BitDefenderGen:Variant.Mint.Zard.5
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Patched-AWW [Trj]
TencentTrojan.Win32.Pathced_ya.16001052
EmsisoftGen:Variant.Mint.Zard.5 (B)
F-SecureHeuristic.HEUR/AGEN.1369791
VIPREGen:Variant.Mint.Zard.5
Trapminesuspicious.low.ml.score
SophosML/PE-A
IkarusTrojan.Win32.Patched
GDataGen:Variant.Mint.Zard.5
VaristW32/Injuke.BI.gen!Eldorado
AviraHEUR/AGEN.1369791
Antiy-AVLGrayWare/Win32.Wacapew
ArcabitTrojan.Mint.Zard.5
ZoneAlarmVirus.Win32.Senoval.a
MicrosoftTrojan:Win32/Phonzy.B!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R606966
McAfeeArtemis!DFCF999DB11E
MAXmalware (ai score=89)
VBA32BScope.Backdoor.Sinowal
Cylanceunsafe
RisingTrojan.Generic@AI.100 (RDML:+3w3suBUurYU4cfvOdtosA)
MaxSecureTrojan.Malware.121218.susgen
FortinetAdware/Adware_AGen
BitDefenderThetaGen:NN.ZexaF.36744.Gy0@aqSS6Mji
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Trojan:Win32/Phonzy.B!ml?

Trojan:Win32/Phonzy.B!ml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment