Trojan:Win32/Phonzy.B!ml information

The Trojan:Win32/Phonzy.B!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Phonzy.B!ml virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan:Win32/Phonzy.B!ml?


File Info:
name: 595B2ADAD943168B5423.mlw
path: /opt/CAPEv2/storage/binaries/4bff108dacefc060cf34cbd6464d8612393ec4e544a9ab07a6e4ea96cca31f48
crc32: CF749E9D
md5: 595b2adad943168b542366e6f6ada093
sha1: 1b885fc03285b373db1d8b5774de6afa6fb8bb7c
sha256: 4bff108dacefc060cf34cbd6464d8612393ec4e544a9ab07a6e4ea96cca31f48
sha512: 9e7eea1bdcc44dd56ed0b1592f2cb65fa5a2d3787a46f0aab411dcd649a270c6c9c86651b034d9e820ccf0c4fe78ef1a64b6b32718a26502236a3b343e3f1d74
ssdeep: 3072:nIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz8FUDrn:nIyFESWu0SWuGSfZ+pLQnrSKF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1731409055CD37093E15607B92223B3492FF2FD64B7A8DDC5B182F9AA9C77878142938B
sha3_384: dbc61fa843585d4c4f1f60a9c79f9b7647878233319b96af966e6ff343e3fc9ca9557a93afa4795602cadeb8c0dce877
ep_bytes: 3248dffa31327fbef67bbefb66053248
timestamp: 2014-04-29 18:27:40

Version Info:
0: [No Data]

Trojan:Win32/Phonzy.B!ml also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (moderate confidence)
Skyhigh	BehavesLike.Win32.Generic.dh
McAfee	GenericRXTK-BY!595B2ADAD943
Cynet	Malicious (score: 100)
SUPERAntiSpyware	Trojan.Agent/Gen-Crypt
Sophos	Generic ML PUA (PUA)
FireEye	Generic.mg.595b2adad943168b
Ikarus	Trojan.Crypt
Google	Detected
Antiy-AVL	Virus/Win64.Shohdi.a
Microsoft	Trojan:Win32/Phonzy.B!ml
TrendMicro-HouseCall	TROJ_GEN.R03BH06C224
Rising	Trojan.Generic@AI.96 (RDML:LFyYUYgWaNjvt6qwQtBUhw)
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Shohdi.B!tr
CrowdStrike	win/malicious_confidence_60% (D)

How to remove Trojan:Win32/Phonzy.B!ml?

Trojan:Win32/Phonzy.B!ml removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X