About “Trojan:Win32/Phonzy.B!ml” infection

The Trojan:Win32/Phonzy.B!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Phonzy.B!ml virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan:Win32/Phonzy.B!ml?


File Info:
name: 2E5175967407D952A4E0.mlw
path: /opt/CAPEv2/storage/binaries/9e0f7db09612c929a217907b0f2736650425c46df18304d770ab22021456206c
crc32: 74102A14
md5: 2e5175967407d952a4e0da7c7fda9417
sha1: 67a06c95d16f394360f4c5f5d6c3f32b8840bd55
sha256: 9e0f7db09612c929a217907b0f2736650425c46df18304d770ab22021456206c
sha512: 931b6f3e64169239ea21e45ff4a2f1d9ded9e2f629bd6c8e885e42a787840b0485e18d5e667352f580f4e3d346c7f5d0014362844e9d669a2ddb0304aaae4b89
ssdeep: 3072:nIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz8FUDr2:nIyFESWu0SWuGSfZ+pLQnrSK+Es
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124241A045DD37093E15607BA2223B29D2FF2FC64B7A8DDC5B182F9A69C77478142938B
sha3_384: bf2f139b52aceee0742469804d5298de5befc9f7a46e73fa8bd4dc3555dee27d7c11499435650eaaa99b68e6d1996665
ep_bytes: 3248dffa31327fbef67bbefb66053248
timestamp: 2014-04-29 18:27:40

Version Info:
0: [No Data]

Trojan:Win32/Phonzy.B!ml also known as:

Bkav	W32.AIDetectMalware
FireEye	Generic.mg.2e5175967407d952
Skyhigh	BehavesLike.Win32.Generic.dh
McAfee	GenericRXTK-BY!2E5175967407
CrowdStrike	win/malicious_confidence_70% (D)
Elastic	malicious (moderate confidence)
SUPERAntiSpyware	Trojan.Agent/Gen-Crypt
Rising	Trojan.Generic@AI.99 (RDML:vzzwCNSMBgyIrY/QIBC2tg)
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Suspicious PE
Google	Detected
Antiy-AVL	Virus/Win64.Shohdi.a
Microsoft	Trojan:Win32/Phonzy.B!ml
Cynet	Malicious (score: 100)
TrendMicro-HouseCall	TROJ_GEN.R03BH06C224
Ikarus	Trojan.Crypt
Fortinet	W32/Shohdi.B!tr

How to remove Trojan:Win32/Phonzy.B!ml?

Trojan:Win32/Phonzy.B!ml removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X