Trojan

Trojan:Win32/Phonzy.B!ml information

Malware Removal

The Trojan:Win32/Phonzy.B!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Phonzy.B!ml virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Phonzy.B!ml?



File Info:

name: C7686501F8DC627EA50D.mlw
path: /opt/CAPEv2/storage/binaries/ce3e3e425d5eed57ea8b87b26e54210194e7803685baf9522ad26207acacfa01
crc32: DB857861
md5: c7686501f8dc627ea50d6f15af72de21
sha1: a878358a5257c1bedb93d1c4f80145ba5a7f3acc
sha256: ce3e3e425d5eed57ea8b87b26e54210194e7803685baf9522ad26207acacfa01
sha512: 541f1cb4c996a8eb8b6a6b9683909b100c874ea0451c3ddcc4ba84ec675c6a36b3ebb85f9ab86284687cf2526dfa1fb40e6ec8a3a27f582e467651e4c830cfe7
ssdeep: 24576:S4q+UH6qC1F/H//ZDu8T4BaGlNHwQZRaRFivsKQhkPW0:S56qCZJTQa2HXZwRFfvhke0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FE15BF3364A14022EBF102B3BE24D5707E6CAE385750CD6EE2D0BD1D39794A267FB256
sha3_384: bd50a13e0dfc0045bbdca282be7e44745ff6a2efb9f631c4cffcc5fac45a94714b11398b529166b3e360aef091ed80a7
ep_bytes: e839050000e97afeffffcccccccc8b44
timestamp: 2021-09-23 02:33:29


Version Info:

CompanyName: Python Software Foundation
FileDescription: Python 3.11.0 (64-bit)
FileVersion: 3.11.150.0
InternalName: setup
LegalCopyright: Copyright (c) Python Software Foundation. All rights reserved.
OriginalFilename: python-3.11.0-amd64.exe
ProductName: Python 3.11.0 (64-bit)
ProductVersion: 3.11.150.0
Translation: 0x0409 0x04e4

Trojan:Win32/Phonzy.B!ml also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Mint.Zard.5
FireEyeGeneric.mg.c7686501f8dc627e
SkyhighBehavesLike.Win32.Backdoor.cc
ALYacGen:Variant.Mint.Zard.5
MalwarebytesGeneric.Malware/Suspicious
ZillyaTrojan.Patched.Win32.184373
SangforTrojan.Win32.Patched.Vm3r
K7AntiVirusTrojan ( 005ad28b1 )
AlibabaVirus:Win32/Senoval.40497fdc
K7GWTrojan ( 005ad28b1 )
BitDefenderThetaGen:NN.ZexaF.36744.3y0@aKSbCuii
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Patched.NKM
CynetMalicious (score: 100)
KasperskyVirus.Win32.Senoval.a
BitDefenderGen:Variant.Mint.Zard.5
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Patched-AWX [Trj]
TencentTrojan.Win32.Pathced_ya.16001052
EmsisoftGen:Variant.Mint.Zard.5 (B)
F-SecureTrojan.TR/Patched.Gen
VIPREGen:Variant.Mint.Zard.5
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Mint.Zard.5
GoogleDetected
AviraTR/Patched.Gen
Antiy-AVLTrojan/Win32.Patched
ArcabitTrojan.Mint.Zard.5
ZoneAlarmVirus.Win32.Senoval.a
MicrosoftTrojan:Win32/Phonzy.B!ml
VaristW32/Patched.GQ1.gen!Eldorado
AhnLab-V3Trojan/Win.Generic.C5487854
MAXmalware (ai score=86)
VBA32BScope.TrojanDownloader.Emotet
Cylanceunsafe
PandaTrj/Genetic.gen
RisingTrojan.Generic@AI.94 (RDML:KyCREO3y1RI1/nL2xw6JPg)
IkarusTrojan.Win32.Patched
FortinetW32/Patched.IP!tr
AVGWin32:Patched-AWX [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Trojan:Win32/Phonzy.B!ml?

Trojan:Win32/Phonzy.B!ml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment