Categories: Malware

Win32:DeadZero [Inf] malicious file

The Win32:DeadZero [Inf] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32:DeadZero [Inf] virus can do?

Unconventionial language used in binary resources: Japanese
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Attempts to modify proxy settings
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32:DeadZero [Inf]?


File Info:
name: 16915650380E0D0888E7.mlwpath: /opt/CAPEv2/storage/binaries/48021a68e7c6a0fc31bb79b8b97edfaa266c9326a70742a53207d9f2e142c323crc32: 053EA181md5: 16915650380e0d0888e755125646972fsha1: 837f1c33abc4999152cfdcd997e7788966decd88sha256: 48021a68e7c6a0fc31bb79b8b97edfaa266c9326a70742a53207d9f2e142c323sha512: 15e12ed44b81ba2f4b876be61f90590a3fe448cb03dfc9bbca858550591146cae8b5e8c2432f496dbc4ae0d0b4ecb6283686575a2cea0d343712b5654ab28c38ssdeep: 6144:D43qglP6Nknk2Z50vAWf0a6ENdQzli3+NdmLTy49zhU:03qgSkAKJENdQzli3+NQPtype: PE32 executable (console) Intel 80386, for MS Windowstlsh: T10F64E60137E89120F1F63A767DB692744E3A7C61AE35D68F9340AD1D2E72AC1C934B27sha3_384: 06ef7f0567f1bf9f47f8bcc05df1a7fc52ba9efcff4eb205a4846455347dc7363959b85b2812f1381651eecff90aa9deep_bytes: 558bec81ec78090000e8b20c00008985timestamp: 1970-01-01 15:50:05
Version Info:
CompanyName: Tanuki Software, Ltd.FileDescription: Java Service Wrapper Community Edition 3.5.6FileVersion: 3, 5, 6, 0LegalCopyright: Copyright (C) 1999, 2010 Tanuki Software, Ltd.  All rights reserved.InternalName: wrapperOriginalFilename: wrapper.exeProductName: Java Service Wrapper CommunityProductVersion: 3, 5, 6, 0Translation: 0x0009 0x04b0

Win32:DeadZero [Inf] also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Mint.Zard.39
VIPRE	Gen:Heur.Mint.Zard.39
K7AntiVirus	Trojan-Downloader ( 00573e531 )
K7GW	Trojan-Downloader ( 00573e531 )
Cybereason	malicious.0380e0
Cyren	W32/ZeroDloader.A.gen!Eldorado
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.EQH
APEX	Malicious
Kaspersky	Trojan.Win32.Patched.rw
BitDefender	Gen:Heur.Mint.Zard.39
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:DeadZero [Inf]
Tencent	Virus.Win32.Patched.kh
TACHYON	Worm/W32.ZeroDownloader
Emsisoft	Gen:Heur.Mint.Zard.39 (B)
F-Secure	Malware.W32/Infector.Gen
DrWeb	Win32.HLLW.Phorpiex.1416
McAfee-GW-Edition	BehavesLike.Win32.Kudj.fh
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.16915650380e0d08
Sophos	ML/PE-A
Ikarus	Trojan-Downloader.Win32.Agent
GData	Win32.Trojan.PSE.12MBZPD
Jiangmin	TrojanDownloader.Generic.beop
Google	Detected
Avira	W32/Infector.Gen
Arcabit	Trojan.Mint.Zard.39
ZoneAlarm	Trojan.Win32.Patched.rw
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.R282625
Acronis	suspicious
VBA32	BScope.TrojanBanker.CliptoShuffler
ALYac	Gen:Heur.Mint.Zard.39
MAX	malware (ai score=86)
Cylance	unsafe
Zoner	Probably Heur.ExeHeaderL
Rising	Downloader.Generic!8.141 (TFE:2:JupEv6mQ0JI)
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Agent.EQH!tr
BitDefenderTheta	Gen:NN.ZexaF.36164.uu0@aO@d!aoO
AVG	Win32:DeadZero [Inf]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (D)