Worm:Win32/Eggnog!pz malicious file

The Worm:Win32/Eggnog!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Worm:Win32/Eggnog!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Worm:Win32/Eggnog!pz?


File Info:
name: 51DF4BFC7AD189FCA6CB.mlw
path: /opt/CAPEv2/storage/binaries/a08b090b7b3c95dd457a9a1c856266f66e5093bf428720f99ceb0a5c95911d78
crc32: 1606DDF1
md5: 51df4bfc7ad189fca6cbd39911342cb3
sha1: 44bb57fe4fdceacb11c042a2aed46e95c13767fb
sha256: a08b090b7b3c95dd457a9a1c856266f66e5093bf428720f99ceb0a5c95911d78
sha512: 6910cc72b2eacfa3ddb26e4327a6de76c27d7481db7e11fbb148c48a278419afa60c4b3f87f5f4059c2695c61b3424a5fe996f298dc959afca1ebc7201d3382a
ssdeep: 3072:V6J1ZZDJiWVO9JQXHAWIiwjqU969YJRWvL:wJHniWVO9KQHXN969YoL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T137A3F153F692D9F2D1A094FEAE07B819DB7A3A302E0450C2FEFC1F9E6D1E150592C15A
sha3_384: 6c8a198a8ab4accb6f8b400ac6d09ddd8c8fd1de9ab44be2c86cc38c14ff537cb71898a91b89f07a5db283b956ee533b
ep_bytes: 558bec83c4f053b8346f4000e85fd4ff
timestamp: 1992-06-19 22:22:17

Version Info:
0: [No Data]

Worm:Win32/Eggnog!pz also known as:

Bkav	W32.FamVT.EggogK.Worm
Lionic	Worm.Win32.Eggnog.tr6O
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.P2P-Worm.gGZ@aCrxLBb
ClamAV	Win.Worm.Fearso-7358009-0
FireEye	Generic.mg.51df4bfc7ad189fc
CAT-QuickHeal	Worm.Eggnog.S28830318
Skyhigh	BehavesLike.Win32.Eggnog.cc
ALYac	Gen:Trojan.P2P-Worm.gGZ@aCrxLBb
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	EmailWorm ( 005a7b871 )
Alibaba	Worm:Win32/Eggnog.f2b7
K7GW	EmailWorm ( 005a7b871 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	AI:Packer.7AD7063921
VirIT	Trojan.Win32.Generic.BBBU
Symantec	W32.Nofer.A@mm!g1
ESET-NOD32	a variant of Win32/Eggnog.E
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:Trojan.Win32.Generic
BitDefender	Gen:Trojan.P2P-Worm.gGZ@aCrxLBb
NANO-Antivirus	Trojan.Win32.Kazaa.iaroor
Avast	Win32:WormX-gen [Wrm]
Tencent	Worm.Win32.Eggnog.a
Sophos	W32/Eggnog-Fam
Baidu	Win32.Worm.Eggnog.a
F-Secure	Dropper.DR/Delphi.Gen
DrWeb	Win32.HLLW.Google.24577
VIPRE	Gen:Trojan.P2P-Worm.gGZ@aCrxLBb
TrendMicro	WORM_EGGNOG.SMI
Emsisoft	Gen:Trojan.P2P-Worm.gGZ@aCrxLBb (B)
Ikarus	Trojan-Dropper.Delf
GData	Win32.Worm.Fearso.A
Jiangmin	Trojan/Cospet.gv
Webroot	W32.Worm.Eggnog.Gen
Google	Detected
Avira	DR/Delphi.Gen
Antiy-AVL	Trojan/Win32.Dorv
Kingsoft	malware.kb.a.1000
Arcabit	Trojan.P2P-Worm.E01429
ZoneAlarm	UDS:Trojan.Win32.Generic
Microsoft	Worm:Win32/Eggnog!pz
Varist	W32/Eggnog.A.gen!Eldorado
AhnLab-V3	Worm/Win32.Eggnog.R66977
Acronis	suspicious
McAfee	W32/Eggnog.worm.gen
MAX	malware (ai score=89)
VBA32	BScope.Worm.Pluto
Cylance	unsafe
Panda	Trj/CI.A
TrendMicro-HouseCall	WORM_EGGNOG.SMI
Rising	Worm.Eggnog!1.E840 (CLASSIC)
Yandex	Worm.Eggnog!gbIvyzPXjQg
SentinelOne	Static AI – Malicious PE
MaxSecure	Worm.W32.Eggnog.F
Fortinet	W32/Eggnog.E!worm
AVG	Win32:WormX-gen [Wrm]
Cybereason	malicious.e4fdce
DeepInstinct	MALICIOUS

How to remove Worm:Win32/Eggnog!pz?

Worm:Win32/Eggnog!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X