Worm:Win32/Sfone!pz (file analysis)

The Worm:Win32/Sfone!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Worm:Win32/Sfone!pz virus can do?

Sample contains Overlay data
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary file triggered YARA rule
Yara detections observed in process dumps, payloads or dropped files

How to determine Worm:Win32/Sfone!pz?


File Info:
name: 7DB3F87A8D8560854BDB.mlw
path: /opt/CAPEv2/storage/binaries/1e9df922d7910e43948e1897da2a79d842d65aa999c89116de08e8d9c19ecfea
crc32: E1705179
md5: 7db3f87a8d8560854bdb28753b00374e
sha1: 80889ebb44ea6a8cf7c3e6e68cacb9765cebd568
sha256: 1e9df922d7910e43948e1897da2a79d842d65aa999c89116de08e8d9c19ecfea
sha512: 51de4b9bc94b667e790c00e3dad4e130374a7e460877492148cfc6ae908608fe51455bf92f9938c452b5e0db6e6354a8e87c79a76e08441092dbe6f52f8d1315
ssdeep: 24576:1plWqUCCBAhlGkOBxGywb8BfDTs06+JYqwlDzuw+RwvwoLPPVQvfrPmTY8U:1p+yhSxG5befDTs/+Tw8MwoLPPVAqTYD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1776533953884C27AD968A1BB2501F4762836E35021B185C7FFC2F71CBB9F661BA085F7
sha3_384: 7c19a4b77f670b7d93622a75e8ffdf1293989d52fe9717dcdbea21c5b6984a8087d8d7d2075a553bcbdff1c22a03aac8
ep_bytes: 5589e56aff68dc18410068d85d400064
timestamp: 2006-03-02 17:50:37

Version Info:
0: [No Data]

Worm:Win32/Sfone!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
tehtris	Generic.Malware
DrWeb	Win32.HLLW.Siggen.1607
MicroWorld-eScan	Gen:Heur.Mint.Murphy.3
FireEye	Generic.mg.7db3f87a8d856085
CAT-QuickHeal	Worm.Sfone.A3
Skyhigh	BehavesLike.Win32.Generic.tc
McAfee	W32/Generic.worm.f
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Worm.Agent.Win32.9
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	EmailWorm ( 005a858a1 )
Alibaba	Trojan:Win32/Starter.ali1001008
K7GW	EmailWorm ( 005a858a1 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	AI:Packer.F8C91E621E
VirIT	Worm.Win32.Agent.CP
Symantec	W32.SillyWNSE
Elastic	Windows.Generic.Threat
ESET-NOD32	a variant of Win32/Agent.CP
APEX	Malicious
Avast	Win32:Sality [Inf]
ClamAV	Win.Malware.Eclz-9953021-0
Kaspersky	HEUR:Worm.Win32.Movie666.gen
BitDefender	Gen:Heur.Mint.Murphy.3
NANO-Antivirus	Trojan.Win32.Mlw.iazlyu
Tencent	Worm.Win32.Agent.d
Emsisoft	Gen:Heur.Mint.Murphy.3 (B)
F-Secure	Trojan.TR/Patched.Ren.Gen
Baidu	Win32.Worm.Agent.ae
VIPRE	Gen:Heur.Mint.Murphy.3
Trapmine	malicious.high.ml.score
Sophos	W32/Sfone-A
Ikarus	SuspectFile
Jiangmin	Worm.Agent.aq
Google	Detected
Avira	TR/Patched.Ren.Gen
Varist	W32/Worm.KOKR-0749
Antiy-AVL	Worm/Win32.Sfone
Kingsoft	malware.kb.a.1000
Microsoft	Worm:Win32/Sfone!pz
Xcitium	Malware@#2rpqx5jk96z4i
Arcabit	Trojan.Mint.Murphy.3
ZoneAlarm	HEUR:Worm.Win32.Movie666.gen
GData	Win32.Worm.Sfone.B
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.R67941
Acronis	suspicious
VBA32	BScope.Worm.Agent
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Worm.Agent!1.CEBD (CLASSIC)
Yandex	Trojan.GenAsa!2oUtO9JdH+o
SentinelOne	Static AI – Malicious PE
MaxSecure	Poly.Worm.Agent.CP
Fortinet	W32/Agent.CP!worm
AVG	Win32:Sality [Inf]
DeepInstinct	MALICIOUS
alibabacloud	Worm:Win/Agent.c2389327

How to remove Worm:Win32/Sfone!pz?

Worm:Win32/Sfone!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X