Trojan

What is “Trojan:Win32/Zbot.BJ!MTB”?

Malware Removal

The Trojan:Win32/Zbot.BJ!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Zbot.BJ!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan:Win32/Zbot.BJ!MTB?



File Info:

name: E346576F396F10E74CC9.mlw
path: /opt/CAPEv2/storage/binaries/f94602ed291d8637c4df40739f5179496e9f89b63e856420d23c1fdef3ae8603
crc32: ED0FBBEF
md5: e346576f396f10e74cc9d01442904e23
sha1: 0b5496eb89046f5f71d2d4e6ab3f9fc56ad48c64
sha256: f94602ed291d8637c4df40739f5179496e9f89b63e856420d23c1fdef3ae8603
sha512: e666928aab1831eea67ba7dc9a4e684eaa9c1af0bfb0eb7fed607c829a2717e395231a40b06a48ece9e7c07e371ba5a607faffa51d15bcb9569c0506d4dfca35
ssdeep: 3072:6c9Tp1o4V4YejH1c4y6Rq8qlAKGeX+sCcTAMe7NvnFB+Ced6E4:jTo+4YejVcnSq8oLEhRS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1660412BBD413120AF52A93F944B9368F2F777B665A0CC40C50AC676DAF6038175E851F
sha3_384: 2b6d7d6c7a996b21d0d3adb7211ce7869cfd899684b5b32d30bf1b0a32c3728e392c6a6c26192b6cd2b9ebc79605209c
ep_bytes: 15fb7b0000558bec83ec10c745f435e4
timestamp: 2011-03-25 05:01:22


Version Info:

0: [No Data]

Trojan:Win32/Zbot.BJ!MTB also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
DrWebTrojan.PWS.Panda.2005
MicroWorld-eScanGen:Variant.Sirefef.6788
FireEyeGeneric.mg.e346576f396f10e7
CAT-QuickHealTrojanPWS.Zbot.Gen
ALYacGen:Variant.Sirefef.6788
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusPassword-Stealer ( 003f06421 )
K7GWPassword-Stealer ( 003f06421 )
Cybereasonmalicious.f396f1
BitDefenderThetaAI:Packer.F4A4729C21
CyrenW32/Falab.F.gen!Eldorado
SymantecTrojan.Zbot!gen35
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.AJOQ
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Sirefef.6788
NANO-AntivirusTrojan.Win32.Yakes.whpbi
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
AvastWin32:Agent-APFK [Trj]
TencentWin32.Trojan.Generic.Rcnw
Ad-AwareGen:Variant.Sirefef.6788
EmsisoftGen:Variant.Sirefef.6788 (B)
ComodoTrojWare.Win32.Kryptik.NEGB@4ri728
BaiduWin32.Trojan.Kryptik.vx
VIPREGen:Variant.Sirefef.6788
TrendMicroTSPY_ZBOT.SM3T
McAfee-GW-EditionBehavesLike.Win32.Ridnu.cc
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/Katusha-J
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Sirefef.6788
JiangminTrojan/Yakes.fcw
GoogleDetected
AviraTR/Kazy.J.848
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.24F
KingsoftWin32.Troj.Yakes.al.(kcloud)
ArcabitTrojan.Sirefef.D1A84
ViRobotTrojan.Win32.A.Yakes.184832.H
MicrosoftTrojan:Win32/Zbot.BJ!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.ADH.R34003
McAfeePWS-Zbot.gen.yl
TACHYONTrojan/W32.Yakes.184832
VBA32Trojan.Yakes
MalwarebytesMalware.AI.3061090659
TrendMicro-HouseCallTSPY_ZBOT.SM3T
RisingTrojan.Zbot!8.1C74 (TFE:1:q1Ikx3Xq4mC)
YandexTrojan.Agent!fsIWLCk49Is
IkarusTrojan-Spy.Win32.Zbot
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Poxter.A!tr
AVGWin32:Agent-APFK [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Zbot.BJ!MTB?

Trojan:Win32/Zbot.BJ!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment