Trojan

Trojan:Win32/Zbot.CA!MTB malicious file

Malware Removal

The Trojan:Win32/Zbot.CA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Zbot.CA!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic (Saudi Arabia)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine Trojan:Win32/Zbot.CA!MTB?



File Info:

name: 4F17F82BBFE89D85DE2E.mlw
path: /opt/CAPEv2/storage/binaries/53e9578f2315308d95ad7aa1a83bba56c81bdd95f0dc25c96b683f894e2a63f9
crc32: 8F2065A5
md5: 4f17f82bbfe89d85de2e0b1e24193cbe
sha1: 0b3b9b465bfa007075e6434c1503c2ab924e0b24
sha256: 53e9578f2315308d95ad7aa1a83bba56c81bdd95f0dc25c96b683f894e2a63f9
sha512: a19a672da637b4eec9eac796f0fc28dde3647d87af8c1d2e3038358802fcb4c2bd49644fa04455c98fde72a88c1fa571f43d24f855c610ebaf5d750d093d41dc
ssdeep: 3072:IVld5yeEFdwA1/Pvcgn0IlesjpRKtzxJTAZU:U5yeE8mvL0Mjb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T169C3CEC535527BA7EFA90C344AA1CD3041C96D32DF60AE9FA0D3728DC4770E299B5C6A
sha3_384: 0ec6ce04b866bb71add2065fecb151a767de87d7d6068f577e178094dbb1bf7d8bfe8f0c94a6026d47daef9845ab2fa4
ep_bytes: 558bece898fbffff5dc3cccccccccccc
timestamp: 2014-04-25 13:23:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Check Disk Utility
FileVersion: 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)
InternalName: chkdsk
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: CHKDSK.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.2.3790.3959
Translation: 0x0409 0x04b0

Trojan:Win32/Zbot.CA!MTB also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebBackDoor.Kuluoz.4
MicroWorld-eScanGen:Heur.Japik.6
FireEyeGeneric.mg.4f17f82bbfe89d85
CAT-QuickHealTrojanPWS.Zbot.Gen
McAfeePWS-Zbot.gen.aua
CylanceUnsafe
VIPREGen:Heur.Japik.6
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWBackdoor ( 0040f82e1 )
K7AntiVirusBackdoor ( 0040f82e1 )
ArcabitTrojan.Japik.6
BitDefenderThetaAI:Packer.0A9544F81F
VirITTrojan.Win32.Generic.ALDP
CyrenW32/Trojan.HUBN-3904
SymantecPacked.Generic.459
ESET-NOD32a variant of Win32/Kryptik.CAOO
APEXMalicious
ClamAVWin.Dropper.Kuluoz-9957638-0
KasperskyBackdoor.Win32.Androm.dstm
BitDefenderGen:Heur.Japik.6
NANO-AntivirusTrojan.Win32.Androm.cxphdg
SUPERAntiSpywareTrojan.Agent/Gen-ZBot
AvastWin32:FakeMail-G [Trj]
TencentMalware.Win32.Gencirc.10b8224e
Ad-AwareGen:Heur.Japik.6
EmsisoftGen:Heur.Japik.6 (B)
ComodoBackdoor.Win32.Androm.DSTM@59trqx
ZillyaBackdoor.Androm.Win32.8123
TrendMicroTROJ_KULUOZ.SM74
McAfee-GW-EditionBehavesLike.Win32.Trojan.ch
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Androm.azbb
GoogleDetected
AviraHEUR/AGEN.1227197
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.A9D
MicrosoftTrojan:Win32/Zbot.CA!MTB
GDataGen:Heur.Japik.6
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Androm.R106696
VBA32Backdoor.Androm
ALYacGen:Heur.Japik.6
TACHYONTrojan/W32.Agent.123904.WK
MalwarebytesTrojan.FakeMS.CHK
TrendMicro-HouseCallTROJ_KULUOZ.SM74
RisingMalware.FakeXLS/ICON!1.9C3D (CLASSIC)
IkarusTrojan-Spy.Zbot
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Androm.DLD!tr
AVGWin32:FakeMail-G [Trj]
Cybereasonmalicious.bbfe89
PandaTrj/Genetic.gen

How to remove Trojan:Win32/Zbot.CA!MTB?

Trojan:Win32/Zbot.CA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment