Trojan

Trojan:Win32/Phonzy.B!ml removal tips

Malware Removal

The Trojan:Win32/Phonzy.B!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Phonzy.B!ml virus can do?

  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with Confuser
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Phonzy.B!ml?



File Info:

name: 73D56128152BF75B9FC5.mlw
path: /opt/CAPEv2/storage/binaries/fb908d52039d11e48282d9b3852424035911a88ce8eea05701b0eeee98711109
crc32: 4C5F00A0
md5: 73d56128152bf75b9fc57b3df76c9b29
sha1: 7b8e0b379d1d653293eaba6615c2eacbbc3c7fc6
sha256: fb908d52039d11e48282d9b3852424035911a88ce8eea05701b0eeee98711109
sha512: 0de3a76000414d753458a2263ba906ec082c79759c9c26970e297a0e040ea233426d1c7b3468c9e62c28568cf93f85ed014b43d9f1370e5814d13b2f08bdb33e
ssdeep: 196608:2So6Lx1plX9GVpfJeeQ4tA2+BXC//9v2bUVi6DFSv0YggAM71D4QTaowV:2So6hGprJOC//9PDFScYp71Z27V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B3C63316BB49A043EEC1FA7C35B4E5B15601FE49A131AF8E76E97D277A06B40C70D88C
sha3_384: d438f7eaefc96d25309be1c64ba30369ed66c5d6da326cfa8c31b559102f71ae7deba8426a21c5ecace0d9b402baaac2
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-11-23 09:30:26


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Steam
FileVersion: 1.0.0.0
InternalName: Steam.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: Steam.exe
ProductName: Steam
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:Win32/Phonzy.B!ml also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.MSILHeracles.125993
FireEyeGeneric.mg.73d56128152bf75b
ALYacGen:Variant.MSILHeracles.125993
CrowdStrikewin/malicious_confidence_60% (D)
ArcabitTrojan.MSILHeracles.D1EC29
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/DllInject.BHC potentially unsafe
APEXMalicious
BitDefenderGen:Variant.MSILHeracles.125993
VIPREGen:Variant.MSILHeracles.125993
EmsisoftGen:Variant.MSILHeracles.125993 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Gen
MAXmalware (ai score=80)
MicrosoftTrojan:Win32/Phonzy.B!ml
GDataGen:Variant.MSILHeracles.125993
AhnLab-V3Trojan/Win.Generic.C5480158
Cylanceunsafe
IkarusPUA.RiskWare.Hacktool
BitDefenderThetaGen:NN.ZemsilF.36792.@p0@aaEKTZ
Cybereasonmalicious.79d1d6
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Phonzy.B!ml?

Trojan:Win32/Phonzy.B!ml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment