Malware

Zbot.19 (B) (file analysis)

Malware Removal

The Zbot.19 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zbot.19 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Zbot.19 (B)?



File Info:

name: A13DC6777D6F9310B2BB.mlw
path: /opt/CAPEv2/storage/binaries/d044c6e886b3c62799c153dfc141311b2cf275af15a6360120488e80bf620ed1
crc32: 59B99B88
md5: a13dc6777d6f9310b2bbd3b8350d1029
sha1: dffab2b19917699b0166745b029fb6b7594dff64
sha256: d044c6e886b3c62799c153dfc141311b2cf275af15a6360120488e80bf620ed1
sha512: dec40e4d7e5d36df6d180a452458a6b93cbb1433dd970dc3f8810dde69b0ea2a85da8b9f9ac4b61b9afc58121d45b368c3c3697c93663e48571cad185af40f53
ssdeep: 3072:aS1cU4Aq9yWWCzmgYCquRErAeEIoqzmM/b2x4hOtjZH9f7swAtm:aMc7Aq9aCz43G2gqDI4g5R7gg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C2D3122AA77141CBD4B34B7A8C40D72207372CF2CD6BB61E41ECA6442967379FCA8567
sha3_384: 3b0d440b2a26a65003e7881e2330e7ce495cc9c6938f10db7b5898d76708a5ea788b71219b6c577da7f5ced253b0d0cf
ep_bytes: 60be154044008dbeebcffbff57eb0b90
timestamp: 2005-04-21 21:43:05


Version Info:

CompanyName: SOFTWIN S.R.L.
FileDescription: BitDefender Management Console
FileVersion: 10, 2, 0, 15
InternalName: Management Console
LegalCopyright: © 2006 SOFTWIN S.R.L.
OriginalFilename: bdmcon.exe
ProductName: BitDefender 10
ProductVersion: 10, 2, 0, 15
Translation: 0x0409 0x04b0

Zbot.19 (B) also known as:

BkavW32.FakeBitDefC.fam.Trojan
LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.369
MicroWorld-eScanGen:Variant.Zbot.19
FireEyeGeneric.mg.a13dc6777d6f9310
McAfeeArtemis!A13DC6777D6F
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.24955
SangforInfostealer.Win32.Zbot.gen!Y
K7AntiVirusTrojan ( 0019e6801 )
AlibabaTrojanSpy:Win32/Spyeye.2ef4cb08
K7GWTrojan ( 0019e6801 )
CrowdStrikewin/malicious_confidence_80% (D)
BitDefenderThetaGen:NN.ZexaF.34114.imLfaW7UFInc
VirITTrojan.Win32.Scar.LP
CyrenW32/Zbot.AU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spy.Zbot.ZR
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Generic-53
KasperskyTrojan-Spy.Win32.Zbot.yvyj
BitDefenderGen:Variant.Zbot.19
NANO-AntivirusTrojan.Win32.Zbot.dxpnxr
AvastFileRepMetagen [Malware]
TencentWin32.Trojan-spy.Zbot.Ljab
Ad-AwareGen:Variant.Zbot.19
SophosMal/Agent-IE
ComodoMalware@#3d4od1wujzb4v
VIPRETrojan.Win32.Generic!BT
TrendMicroTSPY_ZBOT.SMOF
McAfee-GW-EditionBehavesLike.Win32.Sytro.cc
EmsisoftGen:Variant.Zbot.19 (B)
IkarusTrojan-Spy.Win32.Zbot
GDataGen:Variant.Zbot.19
JiangminTrojanSpy.Zbot.amnu
WebrootW32.Malware.Gen
AviraTR/Crypt.ULPM.Gen
Antiy-AVLTrojan/Generic.ASMalwS.1086F97
ViRobotTrojan.Win32.A.Zbot.140856.B
MicrosoftPWS:Win32/Zbot.gen!Y
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Agent.141310
Acronissuspicious
VBA32BScope.Trojan.FakeAlert
ALYacGen:Variant.Zbot.19
MAXmalware (ai score=100)
TrendMicro-HouseCallTSPY_ZBOT.SMOF
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.GenAsa!7Wb7kdBtzb8
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.GM!tr
AVGFileRepMetagen [Malware]
Cybereasonmalicious.77d6f9
PandaTrj/Genetic.gen

How to remove Zbot.19 (B)?

Zbot.19 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment