Trojan:Win32/Zenpak.SM!MSR (file analysis)

The Trojan:Win32/Zenpak.SM!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Zenpak.SM!MSR virus can do?

Executable code extraction
Creates RWX memory
Attempts to connect to a dead IP:Port (5 unique times)
Performs some HTTP requests
Unconventionial language used in binary resources: Vietnamese
The binary likely contains encrypted or compressed data.
Attempts to create or modify system certificates
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

tttttt.me

apps.identrust.com

yearofthepig.top

How to determine Trojan:Win32/Zenpak.SM!MSR?


File Info:
crc32: 1530894E
md5: b8d5cdc69c2c1e3a9e3b3c4199afa00f
name: B8D5CDC69C2C1E3A9E3B3C4199AFA00F.mlw
sha1: 92de0169e0cb430203fe326c3f17f8690090588c
sha256: 373ad25892f903a5c92e8f726ebe9a51327421835e2312ebb2d9a705e37c5f10
sha512: 7d9213b51888b2224be9b796ae3bed50d34172dd50a58449f24370e9c75a2ddaac7cd2b14158f2b6a3508cef5c1faa48cafa6b8faf8686bd97a23f092669119d
ssdeep: 12288:IhfCl8VWIdYknFxiTtlKaTkeZ9wHtGVZQrWNV8jP2:gvVWu1inK0fEAC8WP
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
FileVersions: 7.0.0.15
LegalCopyrights: Wsegda
ProductVersions: 67.0.20.5
Translation: 0x0409 0x08d3

Trojan:Win32/Zenpak.SM!MSR also known as:

Bkav	W32.AIDetectGBM.malware.01
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.72905
FireEye	Generic.mg.b8d5cdc69c2c1e3a
CAT-QuickHeal	Trojanpws.Racealer
Qihoo-360	Win32/TrojanSpy.Generic.HgIASOsA
ALYac	Trojan.GenericKDZ.72905
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Racealer.i!c
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKDZ.72905
K7GW	Trojan ( 005778471 )
K7AntiVirus	Trojan ( 005778471 )
Cyren	W32/Kryptik.DGL.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
ClamAV	Win.Dropper.Glupteba-9831991-0
Kaspersky	Trojan-PSW.Win32.Racealer.kps
Alibaba	TrojanPSW:Win32/Racealer.fe1d3e17
NANO-Antivirus	Trojan.Win32.Racealer.ilntjo
Rising	Trojan.Kryptik!1.D251 (CLASSIC)
Ad-Aware	Trojan.GenericKDZ.72905
Emsisoft	Trojan.GenericKDZ.72905 (B)
Comodo	Malware@#ugwhm1tk8j01
F-Secure	Trojan.TR/AD.StellarStealer.amqej
TrendMicro	TrojanSpy.Win32.GLUPTEBA.USMANB921
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Ranumbot
Webroot	W32.Trojan.TR.AD.StellarStealer
Avira	TR/AD.StellarStealer.amqej
Antiy-AVL	Trojan[PSW]/Win32.Racealer
Microsoft	Trojan:Win32/Zenpak.SM!MSR
Gridinsoft	Trojan.Win32.Kryptik.ns
Arcabit	Trojan.Generic.D11CC9
ZoneAlarm	Trojan-PSW.Win32.Racealer.kps
GData	Trojan.GenericKDZ.72905
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.R365862
Acronis	suspicious
McAfee	RDN/Generic PWS.y
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Azorult
Malwarebytes	Trojan.MalPack
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.HJIO
TrendMicro-HouseCall	TrojanSpy.Win32.GLUPTEBA.USMANB921
Yandex	Trojan.PWS.Racealer!/UxvD4Hqxhw
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_77%
Fortinet	W32/Kryptik.HJJH!tr
BitDefenderTheta	Gen:NN.ZexaF.34574.FqW@amadlWlG
AVG	Win32:PWSX-gen [Trj]
Paloalto	generic.ml
MaxSecure	Trojan.Malware.114274561.susgen

How to remove Trojan:Win32/Zenpak.SM!MSR?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan:Win32/Zenpak.SM!MSR (file analysis)