Trojan

About “UDS:Trojan.Win32.Zenpak.cflf” infection

Malware Removal

The UDS:Trojan.Win32.Zenpak.cflf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What UDS:Trojan.Win32.Zenpak.cflf virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes executed files from disk

How to determine UDS:Trojan.Win32.Zenpak.cflf?



File Info:

name: CEE91F58D5D93BA4F89B.mlw
path: /opt/CAPEv2/storage/binaries/5bd2a05f15992288d1ec4e1ed547657c932a0918c351da40bffed704be159822
crc32: 67EAC8E4
md5: cee91f58d5d93ba4f89bbf82109734fb
sha1: 03e08437d314a26fabef2a918c1a740cf9f7d567
sha256: 5bd2a05f15992288d1ec4e1ed547657c932a0918c351da40bffed704be159822
sha512: fb30ea918b7dcdb2d0cf1a1a86b3abc23b5f13c6baf9c5feae96702119de0bfc44800c6c1dec5caf85088690171976de69b6b5060ddc0686b0080669bc0636ae
ssdeep: 393216:gjGuWqqi5FMG4XAod+NMarIqGRb9ukjuc/:kRWq1Hw2TIhRb9jN/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B7D62313F11144A9D0A59ABD51752A7930F84F262EB4C8FF6FD8BD93BC31862DB23A05
sha3_384: f093e67e9abab86dbc273598633b4c47691e3755037526836225b084e4fcd7e4fb494492591082c341d690aecf187a2e
ep_bytes: 60be00a042008dbe0070fdff5789e58d
timestamp: 2022-06-25 09:25:40


Version Info:

0: [No Data]

UDS:Trojan.Win32.Zenpak.cflf also known as:

LionicHeuristic.File.Generic.00×1!p
ClamAVWin.Dropper.Tiggre-9845940-0
FireEyeGeneric.mg.cee91f58d5d93ba4
McAfeeArtemis!CEE91F58D5D9
SangforTrojan.Win32.Save.BlackMoon
CrowdStrikewin/malicious_confidence_70% (W)
Elasticmalicious (moderate confidence)
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyUDS:Trojan.Win32.Zenpak.cflf
AvastWin32:TrojanX-gen [Trj]
McAfee-GW-EditionBehavesLike.Win32.Trojan.rc
Trapminemalicious.moderate.ml.score
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1243808
Antiy-AVLTrojan/Generic.ASCommon.218
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
BitDefenderThetaGen:NN.ZexaF.34646.@pJfamL4Avfb
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.Heuristic.1003
YandexTrojan.GenAsa!76JnOyIxZ1E
FortinetW32/PossibleThreat
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.7d314a

How to remove UDS:Trojan.Win32.Zenpak.cflf?

UDS:Trojan.Win32.Zenpak.cflf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment