Trojan

About “Trojan:Win32/Phonzy.C!ml” infection

Malware Removal

The Trojan:Win32/Phonzy.C!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Phonzy.C!ml virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering

How to determine Trojan:Win32/Phonzy.C!ml?



File Info:

name: 516BC25F6CBEC958ADA9.mlw
path: /opt/CAPEv2/storage/binaries/768a701f28d764369da2cc5210d9846dfb307c3259ead1a798478090eed15f0d
crc32: F0C06ABA
md5: 516bc25f6cbec958ada94b488bc3e493
sha1: d42b79a772780c0edc3b8553fbfbe3123df4630c
sha256: 768a701f28d764369da2cc5210d9846dfb307c3259ead1a798478090eed15f0d
sha512: 8607a7c6fa4cf41280a8fa39abdcbfd21c6f7f5213a68748796c8f91a3a897aec16e32085d84d32050a92121d062371744bc410b4f69a9c7fc2dc6b105178b84
ssdeep: 98304:ykLJpls+yc8Gr0ZjL7uWOm6qCNqjdySicpxXHR1fSd2xft29s4C1eH9K:dJPs+ycFI5LasRCIDDHRdlt5o9K
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E036123FF268A13EC56E1B324573826099777A61B80A8C1E07FC394DCF765601E3B65A
sha3_384: 53124b3cbfe81b7f6a5180e4f5db31758afaa60e0ebb8618e32ec195b4be24beea17ebd2010437fd4e7d46cb70f39727
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2023-02-15 14:54:16


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: rusifikator-dlya-monstrum.exe Setup                         
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: rusifikator-dlya-monstrum.exe                               
ProductVersion: 4.0                                               
Translation: 0x0000 0x04b0

Trojan:Win32/Phonzy.C!ml also known as:

BkavW32.AIDetectMalware
SkyhighBehavesLike.Win32.Dropper.rc
MalwarebytesAdware.Bundler
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.HIO
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Downloader.Win32.OffLoader.gen
RisingDownloader.Agent/IFPS!1.EB30 (CLASSIC)
DrWebTrojan.DownLoad4.15891
WebrootW32.Malware.Gen
GoogleDetected
MicrosoftTrojan:Win32/Phonzy.C!ml
ZoneAlarmHEUR:Trojan-Downloader.Win32.OffLoader.gen
VaristW32/Agent.HAY.gen!Eldorado
TencentTrojan-Downloader.Win32.Oader.ha
IkarusPUA.INNO.Offer
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.GVR!tr

How to remove Trojan:Win32/Phonzy.C!ml?

Trojan:Win32/Phonzy.C!ml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment