Malware

About “Win32:Zbot-URY [Trj]” infection

Malware Removal

The Win32:Zbot-URY [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Zbot-URY [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32:Zbot-URY [Trj]?



File Info:

name: 27B831485F087C5A2E03.mlw
path: /opt/CAPEv2/storage/binaries/4fbe654fc943b2812368ef8026f888b509c4412d0a9453d676c3b6105c65f472
crc32: CB70D6DE
md5: 27b831485f087c5a2e032d151a0c69d0
sha1: 402edc95ba9379d3914f28903a4136a847696a12
sha256: 4fbe654fc943b2812368ef8026f888b509c4412d0a9453d676c3b6105c65f472
sha512: ceb31443933a33821cd3a7a84bb86cba66c15138358c5bbfe822eed1ba2326386cc8a7dfb30b96ef37d78744642e662d6f216724c8e83277e4c65804a0fe6e2b
ssdeep: 6144:tDLg6gLl7v4qYRiGIUy4lJzqM3lTakmoVnCRJBu5OVljLb:tLgLp1YRXF5FaUEljLb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B0648C126D5C99B7E6121DF68C1D81F62A8B3C345469A90F64AB321F08F239163DFB1F
sha3_384: 27116ba3be1b4eeba1a4e1cdb1f4db9b2c876181c68243b0160a647f582d9ab4e582341ab48962b59001a3f117f5c567
ep_bytes: 686c174000e8eeffffff000000000000
timestamp: 2014-10-16 19:57:40


Version Info:

Translation: 0x0409 0x04b0
Comments: kLite Powt
CompanyName: kLite Powt
FileDescription: Superres specu
ProductName: Apii
FileVersion: 1.03.0006
ProductVersion: 1.03.0006
InternalName: Asok
OriginalFilename: Asok.exe

Win32:Zbot-URY [Trj] also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Buzus.4!c
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.68799223
CAT-QuickHealVirTool.VBInject.LE3
McAfeeGeneric-FAUW!27B831485F08
MalwarebytesGeneric.Malware/Suspicious
VIPRETrojan.GenericKD.68799223
SangforSuspicious.Win32.Save.vb
K7AntiVirusSpyware ( 0055e3db1 )
AlibabaTrojanSpy:Win32/VBInj.95f551ad
K7GWSpyware ( 0055e3db1 )
Cybereasonmalicious.85f087
VirITTrojan.Win32.Panda.VB
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Spy.Zbot.YW
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKD.68799223
NANO-AntivirusTrojan.Win32.Buzus.dgwkms
AvastWin32:Zbot-URY [Trj]
TencentWin32.Trojan.Generic.Oqil
EmsisoftTrojan.GenericKD.68799223 (B)
F-SecureHeuristic.HEUR/AGEN.1333897
DrWebTrojan.PWS.Panda.547
ZillyaTrojan.Buzus.Win32.122723
TrendMicroTROJ_GEN.R002C0DHO23
McAfee-GW-EditionGeneric-FAUW!27B831485F08
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.27b831485f087c5a
SophosTroj/VBInj-MJ
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.68799223
JiangminTrojan/Buzus.borv
WebrootW32.Nyu.A
AviraHEUR/AGEN.1333897
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Buzus
XcitiumMalware@#2uyz0gpys9drp
ArcabitTrojan.Generic.D419CAF7
ViRobotTrojan.Win32.Z.Zbot.328192.AR
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot
GoogleDetected
AhnLab-V3Trojan/Win32.MDA.C604428
VBA32Trojan.Buzus
ALYacTrojan.GenericKD.68799223
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0DHO23
RisingStealer.Zbot!8.109D7 (TFE:5:JDnCMQKiNPT)
YandexTrojanSpy.Zbot!CzNxE3f5iQo
IkarusTrojan.Win32.Buzus
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.BJGR!tr
BitDefenderThetaGen:NN.ZevbaF.36662.um1@aKL4yMfi
AVGWin32:Zbot-URY [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32:Zbot-URY [Trj]?

Win32:Zbot-URY [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment