Categories: Backdoor

What is “UDS:Backdoor.Win32.Zegost”?

The UDS:Backdoor.Win32.Zegost is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What UDS:Backdoor.Win32.Zegost virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Creates RWX memory
Dynamic (imported) function loading detected
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial language used in binary resources: Russian
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
A scripting utility was executed
Uses Windows utilities for basic functionality
Created a process from a suspicious location
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine UDS:Backdoor.Win32.Zegost?


File Info:
name: C04A7238058FE9336246.mlwpath: /opt/CAPEv2/storage/binaries/881bfc8e700195909300d8650be6dca5fdb8712befbb73a0b034b849cc0469becrc32: 8908B5A0md5: c04a7238058fe9336246fef9954dce9dsha1: 96e822f67b4d55b7f52e7a3d24af73366e91e411sha256: 881bfc8e700195909300d8650be6dca5fdb8712befbb73a0b034b849cc0469besha512: ba8a2610d45bd8bb23bd981adc4ce344a7ff13c6d2821441c02de22c4880615fa65d53c3c1e42620113d2df21cee80fe44b6285fd095459531895a070a4b7d00ssdeep: 98304:bFF7EcR6g9HFP4HsbGu6vBK3QaI08GT5VndeU4a7oJHR4g3rPuredIZCfEKYwOEb:zEWBH+MKu6pKbDdDSig3rPurxC8KYw5Ttype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1BF56334330D4B075DA62A335416687B710CEF67967694DCFBFC26E68B9724FAE210382sha3_384: 2073e328e68afb9ae81c6d3328081b81d5bc16342471b7c9476afecfabe6215fae804131e1e70f212e5680d129a27969ep_bytes: e885630000e978feffff8bff558bec56timestamp: 2015-02-15 08:00:31
Version Info:
0: [No Data]

UDS:Backdoor.Win32.Zegost also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Miner.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.37962372
FireEye	Generic.mg.c04a7238058fe933
McAfee	Artemis!C04A7238058F
Malwarebytes	Malware.AI.4287853101
CrowdStrike	win/malicious_confidence_60% (W)
Alibaba	Backdoor:Win32/Miner.6a09ac07
Cyren	W32/Trojan.CMNS-4791
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Delf.BBD
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
ClamAV	Win.Malware.Zusy-9856689-0
Kaspersky	UDS:Backdoor.Win32.Zegost.gen
BitDefender	Trojan.GenericKD.37962372
Tencent	Win32.Trojan.Delf.Suxe
Emsisoft	Trojan.GenericKD.37962372 (B)
DrWeb	Trojan.Siggen12.62161
TrendMicro	TROJ_GEN.R002C0WJQ21
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Sophos	Mal/Generic-S
Paloalto	generic.ml
GData	Trojan.GenericKD.37962372
Avira	HEUR/AGEN.1108506
Antiy-AVL	Trojan/Win32.Delf
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Ransom.Win32.Wacatac.sa
Arcabit	Trojan.Generic.D2434284
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4795054
BitDefenderTheta	Gen:NN.ZelphiF.34062.@V0@aqpMf8mi
ALYac	Trojan.GenericKD.37962372
MAX	malware (ai score=82)
VBA32	TScope.Trojan.Delf
Yandex	Trojan.Delf!RV89oFOzprw
Fortinet	W32/Delf.BBD!tr
AVG	Win32:MalwareX-gen [Trj]
Cybereason	malicious.8058fe
Panda	Trj/Genetic.gen