Seeing the Trojan:Win32/Phonzy.A!ml detection usually means that your PC is in big danger. This malware can correctly be named as ransomware – virus which encrypts your files and forces you to pay for their decryption. Removing it requires some specific steps that must be taken as soon as possible.
Trojan:Win32/Phonzy.A!ml detection is a virus detection you can spectate in your system. It generally appears after the provoking procedures on your computer – opening the untrustworthy email, clicking the banner in the Web or installing the program from untrustworthy sources. From the second it shows up, you have a short time to take action until it begins its harmful action. And be sure – it is better not to wait for these harmful effects.
What is Trojan:Win32/Phonzy.A!ml virus?
Trojan:Win32/Phonzy.A!ml Summary
In summary, Trojan:Win32/Phonzy.A!ml virus activities in the infected PC are next:
- A file was accessed within the Public folder.;
- Reads data out of its own binary image;
- CAPE extracted potentially suspicious content;
- Unconventionial binary language: Chinese (Simplified);
- Unconventionial language used in binary resources: Chinese (Simplified);
- The binary likely contains encrypted or compressed data.;
- Authenticode signature is invalid;
- Behavioural detection: Injection (inter-process);
- Attempts to modify proxy settings;
- Touches a file containing cookies, possibly for information gathering;
- Yara rule detections observed from a process memory dump/dropped files/CAPE;
- Encrypting the documents located on the target’s disk drive — so the victim cannot use these documents;
- Blocking the launching of .exe files of anti-virus apps
- Blocking the launching of installation files of anti-malware programs
Ransomware has actually been a horror story for the last 4 years. It is difficult to picture a more harmful malware for both individuals and businesses. The algorithms used in Trojan:Win32/Phonzy.A!ml (typically, RHA-1028 or AES-256) are not hackable – with minor exclusions. To hack it with a brute force, you need to have a lot more time than our galaxy currently exists, and possibly will exist. However, that malware does not do all these unpleasant things immediately – it can require up to several hours to cipher all of your documents. Thus, seeing the Trojan:Win32/Phonzy.A!ml detection is a clear signal that you should begin the removal procedure.
Where did I get the Trojan:Win32/Phonzy.A!ml?
Common ways of Trojan:Win32/Phonzy.A!ml injection are usual for all other ransomware examples. Those are one-day landing websites where users are offered to download and install the free app, so-called bait e-mails and hacktools. Bait emails are a pretty new strategy in malware distribution – you get the e-mail that imitates some normal notifications about shipments or bank service conditions shifts. Within the email, there is an infected MS Office file, or a link which leads to the exploit landing site.
Malicious email message. This one tricks you to open the phishing website.
Preventing it looks fairly simple, but still needs a lot of focus. Malware can hide in different spots, and it is far better to stop it even before it invades your PC than to depend on an anti-malware program. Standard cybersecurity knowledge is just an essential thing in the modern world, even if your interaction with a PC stays on YouTube videos. That can save you a lot of money and time which you would certainly spend while searching for a solution.
Trojan:Win32/Phonzy.A!ml malware technical details
File Info:
name: 9AE400EC5210B47A2A5E.mlwpath: /opt/CAPEv2/storage/binaries/40e95ca8776e90a1d7ff63538550da77c002699ffae86ba76e4f0db714235032crc32: CDC19437md5: 9ae400ec5210b47a2a5ea6e50bd98203sha1: 6cd5a7bdf9b12de931e7ef4b56282a6a62f8b78fsha256: 40e95ca8776e90a1d7ff63538550da77c002699ffae86ba76e4f0db714235032sha512: 90ae64aa48921f9883602f95a3d50c44d73b01641d0c1961d5961272d8fe8e48f10edcc9610405c43a725085e0b00c76b3d1505482c9b38780623e60211b548dssdeep: 24576:ox97pL+M/gNpbgW0TZaqdiXSp0c02uFG6dAk3CMc:oH7pLEuXTZaqdwk0c05HGictype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1CB75DF31B781A8BAC20605F709FAF7769574AE031B618AA783DEDE1F7D325409736039sha3_384: ea9b75851d1a0ab690f5aedba1624b917235898dde326aec16504952787bc09c496a8834d00a4cce2295a2640b7a98a1ep_bytes: 558bec6aff68587d550068e421460064timestamp: 2011-06-30 09:50:46Version Info:
FileVersion: 1.0.0.0FileDescription: 这玩意很一般!ProductName: 易语言程序ProductVersion: 1.0.0.0LegalCopyright: 作者版权所有 请尊重并使用正版Comments: 本程序使用易语言编写(http://www.eyuyan.com)Translation: 0x0804 0x04b0
Trojan:Win32/Phonzy.A!ml also known as:
| Bkav | W32.AIDetectMalware |
| Lionic | Trojan.Win32.Generic.mBRn |
| tehtris | Generic.Malware |
| MicroWorld-eScan | Trojan.GenericKD.69823879 |
| FireEye | Generic.mg.9ae400ec5210b47a |
| CAT-QuickHeal | Ransom.Genasom.16527 |
| Skyhigh | BehavesLike.Win32.Generic.tc |
| ALYac | Trojan.GenericKD.69823879 |
| Malwarebytes | Generic.Malware.AI.DDS |
| Sangfor | Trojan.Win32.FlyStudio.V5vi |
| K7AntiVirus | Trojan ( 005246d51 ) |
| K7GW | Trojan ( 005246d51 ) |
| Cybereason | malicious.df9b12 |
| Arcabit | Trojan.Generic.D4296D87 |
| Symantec | ML.Attribute.HighConfidence |
| Elastic | malicious (high confidence) |
| ESET-NOD32 | a variant of Win32/Packed.FlyStudio.AA potentially unwanted |
| Cynet | Malicious (score: 100) |
| APEX | Malicious |
| ClamAV | Win.Trojan.Flystudio-9943951-0 |
| BitDefender | Trojan.GenericKD.69823879 |
| Avast | Win32:Evo-gen [Trj] |
| Sophos | Mal/Generic-S |
| F-Secure | Trojan:W32/DelfInject.R |
| VIPRE | Trojan.GenericKD.69823879 |
| Trapmine | suspicious.low.ml.score |
| Emsisoft | Application.Generic (A) |
| SentinelOne | Static AI – Malicious PE |
| Varist | W32/Trojan.ISO.gen!Eldorado |
| MAX | malware (ai score=89) |
| Antiy-AVL | Trojan/Win32.FlyStudio.a |
| Kingsoft | malware.kb.a.1000 |
| Xcitium | Worm.Win32.Dropper.RA@1qraug |
| Microsoft | Trojan:Win32/Phonzy.A!ml |
| GData | Win32.Trojan.FlyStudio.S |
| Detected | |
| AhnLab-V3 | Trojan/Win.Generic.C5514288 |
| McAfee | Artemis!9AE400EC5210 |
| Cylance | unsafe |
| TrendMicro-HouseCall | TROJ_GEN.R002H0CJG23 |
| Yandex | Trojan.GenAsa!ZNaFXnCq+JQ |
| Ikarus | Trojan.Win32.Agent |
| MaxSecure | Dropper.Dinwod.frindll |
| Fortinet | W32/CoinMiner.PHP!tr |
| BitDefenderTheta | Gen:NN.ZexaF.36792.Kr0@aau@Kmjb |
| AVG | Win32:Evo-gen [Trj] |
| DeepInstinct | MALICIOUS |
| CrowdStrike | win/malicious_confidence_70% (D) |
Leave a Comment