SecurityHome.eu PWS:Win32/Zbot.AHL

Home / malware PDF

PWS:Win32/Zbot.AHL

First posted on 29 March 2013.
Source: Microsoft
Aliases :
PWS:Win32/Zbot.AHL is also known as Trojan/Win32.Zbot (AhnLab), Trojan-Spy.Win32.Zbot.jlqp (Kaspersky), Trojan-Spy.Win32.Zbot (Ikarus), Win32.Asim.a (Rising AV), Trojan.Zbot (Symantec).
Explanation :

PWS:Win32/Zbot.AHL is an obfuscated malware that belongs to the Win32/Zbot family. It uses protection techniques such as encryption, anti-debugging, anti-emulation, and compression to prevent itself from being detected by antivirus software.

Payload

Steals sensitive information

When decrypted, it might be detected as:

PWS:Win32/Zbot.gen!AL

PWS:Win32/Zbot.gen!AJ

PWS:Win32/Zbot.gen!Y

These malware are known to steal information such as online banking passwords and email credentials.

Analysis by Daniel Chipiristeanu

Last update 29 March 2013

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

PWS:Win32/Zbot.gen!AK
PWS:Win32/Zbot.J
PWS:Win32/Zbot.AHD
PWS:Win32/Zbot.SI
PWS:Win32/Zbot.AEV
PWS:Win32/Zbot.gen!AD
PWS:Win32/Zbot.M
PWS:Win32/Zbot.SQ
PWS:Win32/Zbot.gen!Z
PWS:Win32/Zbot.gen!AM