Trojan

Trojan:Win32/ZgRat malicious file

Malware Removal

The Trojan:Win32/ZgRat is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/ZgRat virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the zgRAT malware family
  • Binary file triggered YARA rule

How to determine Trojan:Win32/ZgRat?



File Info:

name: 84313806D697A587345E.mlw
path: /opt/CAPEv2/storage/binaries/c5e9ee4bead071b8c70188c2b4e27b3d3b0208be6949d4e69fd665ee140628d3
crc32: 10CFCBDA
md5: 84313806d697a587345ee6878f9c3216
sha1: a08806c8357a3bdeb572ac6c2d126ec115aba783
sha256: c5e9ee4bead071b8c70188c2b4e27b3d3b0208be6949d4e69fd665ee140628d3
sha512: af4895c481776266ff68f0c5f0cbadccc61d04ac2b035221fb85bca0328e6d8eecf74119a1bd1ef8c316bceddfeaa47c28050c7893e9b540fb7b4e0492bbd022
ssdeep: 12288:loQcTc25GsXT2qx65yfaEQ4C6sfLB+KFLCfq:loQR49mNEQ4wfLE0LCfq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19225172037539B26C09F0734A1654F0C9BF5D246F38AE78BEAF37DA50DA73994E2114A
sha3_384: 703ddacff027ee12b5b824b04de00c4060e50932dd7b327c5b7f9837426ec6737b4777161bc5e29ec45481e232d7a282
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-02-27 05:42:55


Version Info:

Translation: 0x0000 0x04b0
FileDescription: Dtf Printer Software Installer
FileVersion: 1.0.0.0
InternalName: Dtf Printer Software Installer.exe
LegalCopyright: Copyright ©  2022
OriginalFilename: Dtf Printer Software Installer.exe
ProductName: Dtf Printer Software Installer
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:Win32/ZgRat also known as:

BkavW32.Common.6B14A9DF
LionicTrojan.Win32.Generic.4!c
SkyhighArtemis
McAfeeArtemis!84313806D697
MalwarebytesGeneric.Malware/Suspicious
SangforTrojan.Win32.Agent.V9kq
SymantecML.Attribute.HighConfidence
SentinelOneStatic AI – Suspicious PE
WebrootW32.Trojan.GenKD
VaristW32/ABRisk.QIXM-3757
Antiy-AVLTrojan/Win32.SGeneric
MicrosoftTrojan:Win32/ZgRat
GoogleDetected
VBA32Trojan.MSIL.zgRAT.Heur
Cylanceunsafe
PandaTrj/Chgt.AD
IkarusTrojan.MSIL.Crypt
MaxSecureTrojan.Malware.208508910.susgen
FortinetMalicious_Behavior.SB
DeepInstinctMALICIOUS
alibabacloudTrojan:MSIL/Injector.SCB

How to remove Trojan:Win32/ZgRat?

Trojan:Win32/ZgRat removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment