Spectating the Trojan:Win32/Phonzy.B!ml detection means that your PC is in big danger. This virus can correctly be identified as ransomware – virus which ciphers your files and forces you to pay for their decryption. Stopping it requires some peculiar steps that must be done as soon as possible.
Trojan:Win32/Phonzy.B!ml detection is a virus detection you can spectate in your system. It usually shows up after the preliminary activities on your PC – opening the suspicious e-mail messages, clicking the advertisement in the Web or mounting the program from dubious resources. From the moment it appears, you have a short time to act before it starts its destructive activity. And be sure – it is far better not to wait for these harmful things.
What is Trojan:Win32/Phonzy.B!ml virus?
Trojan:Win32/Phonzy.B!ml Summary
Summarizingly, Trojan:Win32/Phonzy.B!ml ransomware actions in the infected system are next:
- Behavioural detection: Executable code extraction – unpacking;
- A file was accessed within the Public folder.;
- Sample contains Overlay data;
- Uses Windows utilities for basic functionality;
- Reads data out of its own binary image;
- CAPE extracted potentially suspicious content;
- Drops a binary and executes it;
- Unconventionial language used in binary resources: Korean;
- The binary contains an unknown PE section name indicative of packing;
- The binary likely contains encrypted or compressed data.;
- Authenticode signature is invalid;
- Uses Windows utilities to create a scheduled task;
- CAPE detected the embedded pe malware family;
- Deletes executed files from disk;
- Touches a file containing cookies, possibly for information gathering;
- Anomalous binary characteristics;
- Yara detections observed in process dumps, payloads or dropped files;
- Encrypting the documents located on the target’s disks — so the victim cannot check these files;
- Blocking the launching of .exe files of anti-virus programs
- Blocking the launching of installation files of anti-malware programs
Ransomware has actually been a headache for the last 4 years. It is challenging to imagine a more damaging malware for both individuals and organizations. The algorithms used in Trojan:Win32/Phonzy.B!ml (typically, RHA-1028 or AES-256) are not hackable – with minor exclusions. To hack it with a brute force, you need more time than our galaxy currently exists, and possibly will exist. However, that virus does not do all these bad things immediately – it can require up to a few hours to cipher all of your documents. Therefore, seeing the Trojan:Win32/Phonzy.B!ml detection is a clear signal that you should begin the elimination procedure.
Where did I get the Trojan:Win32/Phonzy.B!ml?
Typical tactics of Trojan:Win32/Phonzy.B!ml spreading are common for all other ransomware variants. Those are one-day landing sites where victims are offered to download and install the free program, so-called bait emails and hacktools. Bait emails are a quite new tactic in malware distribution – you receive the email that imitates some standard notifications about shippings or bank service conditions shifts. Within the email, there is a malicious MS Office file, or a link which opens the exploit landing site.
Malicious email message. This one tricks you to open the phishing website.
Avoiding it looks fairly easy, however, still needs a lot of awareness. Malware can hide in various spots, and it is far better to stop it even before it invades your PC than to rely upon an anti-malware program. Simple cybersecurity awareness is just an essential item in the modern world, even if your relationship with a PC remains on YouTube videos. That may keep you a great deal of money and time which you would certainly spend while looking for a solution.
Trojan:Win32/Phonzy.B!ml malware technical details
File Info:
name: 4132584DF9CA00449CF7.mlwpath: /opt/CAPEv2/storage/binaries/483a56824520bbba67b7122c06a80695b2ca1a35e706c9d4e39ad124ef54f534crc32: C8D1FF25md5: 4132584df9ca00449cf775e86d623550sha1: 68636202b4122169f412674d2567a7fbab847d96sha256: 483a56824520bbba67b7122c06a80695b2ca1a35e706c9d4e39ad124ef54f534sha512: 10c42c0a9110879459218afed2cb3562bb968e8cd2cd6be58b783d36657fd90d74b7b7eceb1aa3a65d22e36d8725f7de0d8cf058beedf66232521f5333046e65ssdeep: 49152:nNNPESehOSlTHUjHOD79343Bt/oJRs9OA1q5UI1XgxcwrQXi:nNNJe0+YjLt/oL2MgGwrQStype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1E5D533B35604495EF3880BB57AA5F4A098F85E3990C0E58EE4B8BC7A6C710A72D7354Fsha3_384: 99880e0a43eb08ea0d3b7c9dd8a7ab2edcb6c514f5feeb44abd9554a0d3e5236d0a15168c3f5afdfc708157c0194da25ep_bytes: eb08001808000000000060e800000000timestamp: 2013-10-26 06:32:50Version Info:
0: [No Data]
Trojan:Win32/Phonzy.B!ml also known as:
| Bkav | W32.AIDetectMalware |
| Lionic | Trojan.Win32.Generic.my1v |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Trojan.GenericKD.71938417 |
| FireEye | Generic.mg.4132584df9ca0044 |
| Skyhigh | BehavesLike.Win32.Msposer.vc |
| McAfee | Artemis!4132584DF9CA |
| Malwarebytes | Malware.AI.4273195963 |
| Zillya | Backdoor.Plite.Win32.114280 |
| Sangfor | Suspicious.Win32.Save.ins |
| K7AntiVirus | Trojan ( 0058c50b1 ) |
| K7GW | Trojan ( 0058c50b1 ) |
| BitDefenderTheta | Gen:NN.ZexaF.36802.OMX@a4g1VSaO |
| Symantec | ML.Attribute.HighConfidence |
| tehtris | Generic.Malware |
| ESET-NOD32 | a variant of Win64/Packed.Enigma.CE |
| APEX | Malicious |
| ClamAV | Win.Ransomware.Gandcrypt-10026142-0 |
| Kaspersky | HEUR:Trojan-Ransom.Win32.GandCrypt.pef |
| BitDefender | Trojan.GenericKD.71938417 |
| NANO-Antivirus | Trojan.Win32.AVI.klaisq |
| Avast | Win32:BackdoorX-gen [Trj] |
| Rising | Ransom.GandCrypt!8.F33E (TFE:5:xDKsCdNefIO) |
| Emsisoft | Trojan.GenericKD.71938417 (B) |
| F-Secure | Backdoor.BDS/AVI.Urelas.pzirj |
| VIPRE | Trojan.GenericKD.71938417 |
| Trapmine | malicious.high.ml.score |
| Sophos | Mal/Generic-S |
| Ikarus | Trojan.Win64.Enigma |
| Jiangmin | Trojan.GandCrypt.aoz |
| Detected | |
| Avira | BDS/AVI.Urelas.pzirj |
| Varist | W32/Enigma.YTRB-5845 |
| Antiy-AVL | Trojan[Packed]/Win64.Enigma |
| Kingsoft | malware.kb.a.999 |
| Microsoft | Trojan:Win32/Phonzy.B!ml |
| Arcabit | Trojan.Generic.D449B171 |
| ZoneAlarm | HEUR:Trojan-Ransom.Win32.GandCrypt.pef |
| GData | Trojan.GenericKD.71938417 |
| Cynet | Malicious (score: 100) |
| AhnLab-V3 | Trojan/Win.Generic.C5600455 |
| VBA32 | BScope.Backdoor.Gulf |
| ALYac | Trojan.GenericKD.71938417 |
| MAX | malware (ai score=86) |
| Cylance | unsafe |
| Panda | Trj/Genetic.gen |
| Zoner | Probably Heur.ExeHeaderL |
| Tencent | Malware.Win32.Gencirc.10bfbcee |
| Yandex | Trojan.Enigma!9xZW8v2kdCk |
| SentinelOne | Static AI – Suspicious PE |
| MaxSecure | Trojan.Malware.300983.susgen |
| Fortinet | W32/Enigma.CE!tr |
| AVG | Win32:BackdoorX-gen [Trj] |
| DeepInstinct | MALICIOUS |
| CrowdStrike | win/malicious_confidence_100% (D) |
| alibabacloud | VirTool:Win/Packed.EnigmaProtector.Z(dyn) |
Leave a Comment