Trojan

Should I remove “Trojan:Win32/Phonzy.B!ml”?

Malware Removal

The Trojan:Win32/Phonzy.B!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Phonzy.B!ml virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Trojan:Win32/Phonzy.B!ml?



File Info:

name: F2C021C4CF509E2CC8A5.mlw
path: /opt/CAPEv2/storage/binaries/55b4f9ba053a1c315d7833c8a773a045e0bd0b4de2f1bc575f5da1e68da29248
crc32: 398AD771
md5: f2c021c4cf509e2cc8a5c6628eb5ff3b
sha1: ace5c89e3f1c634de802b2090c4e5bfb665afa2b
sha256: 55b4f9ba053a1c315d7833c8a773a045e0bd0b4de2f1bc575f5da1e68da29248
sha512: 02b418059bfd45919a5ca5f63e1843b45754b80e19379319989f1f79ea207517d8eb3e2c866079024b308a9b85cfe57c2fc03869ec0ed5068aa523bf0c6fafd6
ssdeep: 24576:s7FUDowAyrTVE3U5F/p5Kic6QL3E2vVsjECUAQT45deRV9RB:sBuZrEUrKIy029s4C1eH9/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13275BF3FF268A13EC56A1B3245B38320997BBA51B81A8C1E47FC344DCF765601E3B656
sha3_384: e22aa2c2b52ffcb2a9759f9fc80497373127112d6c7cd8b05b1d2253d0b67a18a0a4dd4d0a727c29ea3bcc3af0ccc118
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2023-02-15 14:54:16


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: MethodA                                                     
FileDescription: SWAM Solo Woodwinds Bundle V3 WiN Setup                     
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: SWAM Solo Woodwinds Bundle V3 WiN                           
ProductVersion: 12.05                                             
Translation: 0x0000 0x04b0

Trojan:Win32/Phonzy.B!ml also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.OffLoader.a!c
SkyhighBehavesLike.Win32.Trojan.tc
McAfeeArtemis!F2C021C4CF50
Cylanceunsafe
SangforDownloader.Win32.Agent.Vdjm
K7AntiVirusTrojan-Downloader ( 005ae1811 )
K7GWTrojan-Downloader ( 005ae1811 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.HIV
CynetMalicious (score: 100)
APEXMalicious
KasperskyTrojan-Downloader.Win32.OffLoader.aoxi
AvastWin32:Malware-gen
TencentWin32.Trojan-Downloader.Oader.Vwhl
SophosMal/Generic-S
F-SecureTrojan.TR/Downloader.Gen
IkarusTrojan-Downloader.Win32.Agent
VaristW32/Agent.HTI.gen!Eldorado
AviraTR/Downloader.Gen
MicrosoftTrojan:Win32/Phonzy.B!ml
ZoneAlarmTrojan-Downloader.Win32.OffLoader.aoxi
GoogleDetected
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R002H0DLO23
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.HIV!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Phonzy.B!ml?

Trojan:Win32/Phonzy.B!ml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment