What is “WinGo/Rozena.BZ”?

The WinGo/Rozena.BZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What WinGo/Rozena.BZ virus can do?

Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine WinGo/Rozena.BZ?


File Info:
name: 4DDCB458A859E5EB2E62.mlw
path: /opt/CAPEv2/storage/binaries/42325cd373ee6c7ca02d8c57f01e4e27c49eac3752adae776db78ab8514abb36
crc32: 9B49D7CC
md5: 4ddcb458a859e5eb2e62a81711bbd6f7
sha1: 6cbd5b4840b2e740bdc8d372faa2f6467bbff6df
sha256: 42325cd373ee6c7ca02d8c57f01e4e27c49eac3752adae776db78ab8514abb36
sha512: a48806141964658ded28495f94b16ae48160e6bdb39246a60da8fe272c2defc01ef5f25c3fd1e05103b844c2b63169ed42bfc167793bfe07038aee39b2008094
ssdeep: 24576:T/Bp5V0UN04BcHCXCwgEh6RvUrD19PtBMfahTZyCcYEwXWKJWldx0RS8KG:Fp5+U9cHCHgU6JUrD15VZyCWZ9eQG
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T138B58D03BC9170B9D9E5D2328EB5A2A13731B459173127CF2F5196BA2FB27D41E343A8
sha3_384: 939365d7337b2533cf507e959380fd4ac669fa342b6a0a2480220069718eed0c581489d454746447f68b91e83c3b2709
ep_bytes: e97bc3ffffcccccccccccccccccccccc
timestamp: 1970-01-01 00:00:00

Version Info:
0: [No Data]

WinGo/Rozena.BZ also known as:

McAfee	Artemis!4DDCB458A859
Cylance	Unsafe
Alibaba	Trojan:Win64/Rozena.4999b2fe
CrowdStrike	win/malicious_confidence_60% (W)
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of WinGo/Rozena.BZ
ClamAV	Win.Malware.Wingo-9886525-0
McAfee-GW-Edition	BehavesLike.Win64.Generic.vh
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.WinGo.Rozena
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
Cynet	Malicious (score: 100)
Malwarebytes	Trojan.Meterpreter
APEX	Malicious
Fortinet	Malicious_Behavior.SB

How to remove WinGo/Rozena.BZ?

WinGo/Rozena.BZ removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X