Trojan:Win32/Tibs.FZ (file analysis)

The Trojan:Win32/Tibs.FZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Tibs.FZ virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan:Win32/Tibs.FZ?


File Info:
name: E7BE3AE8B6DBB8DB5B52.mlw
path: /opt/CAPEv2/storage/binaries/115b34bc8b7998225b491908bb3e23e0750548d09cf9e6e097cd78cd95ac8035
crc32: 489D91DC
md5: e7be3ae8b6dbb8db5b5274a2d44be245
sha1: 7dffe6e99c7044740e937fc9155585eea3f09355
sha256: 115b34bc8b7998225b491908bb3e23e0750548d09cf9e6e097cd78cd95ac8035
sha512: 8ebc1dfea2e2be27bdacead36aeb5f2d2004000f42271f07b6404ed9e058ae4effa902373cb9778453313901b0cd36ba1b3e951c54b16378fce02990d28e4c6a
ssdeep: 384:Jg4A7R1f+uX96bqh2sOLgOAxNODpvrxcYD5Uq7tnamfXqaICc4sJt:6j7KutTpZOSKNp5F7tnaFaIN4K
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15ED2E1D535AA7D47F62E3277108E5A0146421868EF7B1171F64306FDB898BD8A67CC38
sha3_384: 925fa394ec48484b47fab93cb6929cdf90ffac49f3513290faad09393050cfcf03b1f27a37862232dfccb0d72434a8ba
ep_bytes: e84800000051b95802000089d781c1b8
timestamp: 2008-06-18 09:14:54

Version Info:
0: [No Data]

Trojan:Win32/Tibs.FZ also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Tibs.kYZA
Elastic	malicious (high confidence)
DrWeb	Trojan.Packed.512
MicroWorld-eScan	Trojan.Packed.Gen.1
FireEye	Generic.mg.e7be3ae8b6dbb8db
Skyhigh	BehavesLike.Win32.VirRansom.mc
ALYac	Trojan.Packed.Gen.1
Cylance	unsafe
Zillya	Downloader.Tibs.Win32.10340
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( f10005021 )
Alibaba	TrojanDownloader:Win32/Nuwar.bff546fb
K7GW	Trojan ( f10005021 )
Cybereason	malicious.8b6dbb
BitDefenderTheta	AI:Packer.D940BA411E
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Nuwar.Gen
APEX	Malicious
TrendMicro-HouseCall	Mal_Nucrp11
ClamAV	Win.Trojan.Peed-307
Kaspersky	Trojan-Downloader.Win32.Tibs.aeb
BitDefender	Trojan.Packed.Gen.1
NANO-Antivirus	Trojan.Win32.Tibs.bgzxav
Avast	Win32:Tibs-EEH [Trj]
Tencent	Win32.Trojan-Downloader.Tibs.Hjgl
Sophos	Mal/TibsPk-A
F-Secure	Worm.WORM/Zhelatin.Gen
VIPRE	Trojan.Packed.Gen.1
TrendMicro	Mal_Nucrp11
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.Packed.Gen.1 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDownloader.Tibs.rjc
Webroot	W32.Tibs.Gen
Google	Detected
Avira	WORM/Zhelatin.Gen
Varist	W32/Zhelatin.N.gen!Eldorado
Antiy-AVL	Trojan[Downloader]/Win32.Tibs
Kingsoft	Win32.Troj.Tibs.g.14848
Microsoft	Trojan:Win32/Tibs.FZ
Xcitium	Worm.Win32.Nuwar.gen45@1ilx4e
Arcabit	Trojan.Packed.Gen.1
ZoneAlarm	Trojan-Downloader.Win32.Tibs.aeb
GData	Trojan.Packed.Gen.1
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/PEPatched.Gen
McAfee	Downloader-ASH.gen.j
VBA32	Win32.Nuwar
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/Genetic.gen
Rising	Downloader.Tibs!1.67C9 (CLASSIC)
Yandex	Trojan.Tibs.Gen!Pac.148
Ikarus	Trojan-Downloader.Win32.Tibs
MaxSecure	Trojan.Malware.1319854.susgen
Fortinet	W32/Tibs.JB!tr
AVG	Win32:Tibs-EEH [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan[downloader]:Win/Nuwar.Gen

How to remove Trojan:Win32/Tibs.FZ?

Trojan:Win32/Tibs.FZ removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X