Malware

Win32/Packed.ZProtect.C suspicious information

Malware Removal

The Win32/Packed.ZProtect.C suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Packed.ZProtect.C suspicious virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Win32/Packed.ZProtect.C suspicious?


File Info:

crc32: D4CB5B65
md5: ec2d579f1e4bd778830ceb2723fd1647
name: EC2D579F1E4BD778830CEB2723FD1647.mlw
sha1: 43d5addaf5bffb03c788614319705d38665a0f7e
sha256: 847763764fb36cb6e6dfdd1985a9fbc1b2ad4756317196137b49e91b5f2e67ea
sha512: 4a1390bdb6d7a461f9876d9b6997f4dff98ee40ee878f901620c82db89b383e40e67e0adccd7edbc2ee4dc7a561abeb9a6932a1cf514cbb3b9e1b09bc24b8842
ssdeep: 24576:Yg5CNafUnzEEBzjP35jTl+npq9wqRxthN+m1zxsT8eaB:i4fIEMjR+npCim1zx8M
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0804 0x04b0
InternalName: x8c6ax8feax7f51x7edcx7fa4x53d1
FileVersion: 1.00
CompanyName: Microsoft
ProductName: x5de5x7a0b1
ProductVersion: 1.00
OriginalFilename: x8c6ax8feax7f51x7edcx7fa4x53d1.exe

Win32/Packed.ZProtect.C suspicious also known as:

K7AntiVirusTrojan ( 0052c8a31 )
LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
McAfeeArtemis!EC2D579F1E4B
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaPacked:Win32/ZProtect.90cbca50
K7GWTrojan ( 0052c8a31 )
CyrenW32/Rbot.J.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.ZProtect.C suspicious
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 99)
BitDefenderTrojan.GenericKD.47065664
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
MicroWorld-eScanTrojan.GenericKD.47065664
Ad-AwareTrojan.GenericKD.47065664
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZevbaF.34170.iv0@aiJkpmdb
VIPRETrojan-Dropper.Win32.Resdro.b (v) (not malicious)
McAfee-GW-EditionBehavesLike.Win32.Trojan.tc
FireEyeGeneric.mg.ec2d579f1e4bd778
EmsisoftTrojan.GenericKD.47065664 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Dropper.Gen
eGambitUnsafe.AI_Score_99%
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Wacatac.A!ml
ArcabitTrojan.Generic.D2CE2A40
GDataTrojan.GenericKD.47065664
VBA32BScope.Trojan.Obfuscated
MAXmalware (ai score=87)
MalwarebytesMalware.AI.3325218092
TrendMicro-HouseCallTROJ_GEN.R002H0CIS21
RisingTrojan.Generic@ML.98 (RDMK:KSREHSXmCj0rL63/dVSEWA)
YandexTrojan.GenAsa!go6seJW3rXs
FortinetW32/Filecoder.FV!tr.ransom
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Win32/Packed.ZProtect.C suspicious?

Win32/Packed.ZProtect.C suspicious removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment