Spy

AutoRun.Spyware.Stealer.DDS information

Malware Removal

The AutoRun.Spyware.Stealer.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What AutoRun.Spyware.Stealer.DDS virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • CAPE detected the Njrat malware family
  • Creates a copy of itself

How to determine AutoRun.Spyware.Stealer.DDS?


File Info:

name: 446AE530F7B6ED602846.mlw
path: /opt/CAPEv2/storage/binaries/605fc0abba577946fe3258e91caded645a3d8df8b3882d0a1bd33cf68362f355
crc32: 0017F3DC
md5: 446ae530f7b6ed602846702dc85d2b7c
sha1: 53a9e5e9563feab8f3e52023d77a1a4332f52fd1
sha256: 605fc0abba577946fe3258e91caded645a3d8df8b3882d0a1bd33cf68362f355
sha512: 5f24a523b74498108e057cee10c0f6ce6c80621824299494ad170bc79c069181076e734550ab5a0045e655f19b8bb800345adb3989026ba59c0d8ee339dbae6b
ssdeep: 768:8Y37WzPqQVfwMjsJIf92ZX1oyIOD2ad1P1qxOtboJHLbKMGdRXWbkFQlhQ2XxrjU:XWuQ9IP+J7GHWlpjEwzGi1dDpDUgS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18C93E74977E57524E4BF56F79571F2004F34B4871602E39E88F218AA1A33AC48F85FEA
sha3_384: f940fb43feb09dc20fc66d0eee0d22d2a2a17d5ee4dc5739f7e0ccb2930e646c3f23db2b7135dc40f8646a6b8b1d4216
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-11-18 21:15:16

Version Info:

0: [No Data]

AutoRun.Spyware.Stealer.DDS also known as:

BkavW32.PrimeaClefAF.Trojan
CynetMalicious (score: 100)
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacGeneric.MSIL.Bladabindi.E62C317D
CylanceUnsafe
VIPREGeneric.MSIL.Bladabindi.E62C317D
SangforSuspicious.Win32.Save.a
K7AntiVirusEmailWorm ( 00555f371 )
K7GWEmailWorm ( 00555f371 )
Cybereasonmalicious.0f7b6e
VirITTrojan.Win32.MulDrop7.DOQR
CyrenW32/Trojan.BVX.gen!Eldorado
SymantecML.Attribute.HighConfidence
ElasticWindows.Trojan.Njrat
ESET-NOD32a variant of MSIL/Autorun.Spy.Agent.R
APEXMalicious
ClamAVWin.Packed.Generic-9795615-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGeneric.MSIL.Bladabindi.E62C317D
NANO-AntivirusTrojan.Win32.TrjGen.dkmeat
MicroWorld-eScanGeneric.MSIL.Bladabindi.E62C317D
AvastWin32:KeyloggerX-gen [Trj]
TencentWorm.Msil.Agent.zo
Ad-AwareGeneric.MSIL.Bladabindi.E62C317D
EmsisoftGeneric.MSIL.Bladabindi.E62C317D (B)
DrWebTrojan.MulDrop7.62625
TrendMicroBackdoor.MSIL.BLADABINDI.SMJJ
McAfee-GW-EditionTrojan-FIDH!446AE530F7B6
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.446ae530f7b6ed60
SophosML/PE-A + Mal/MsilPKill-C
SentinelOneStatic AI – Malicious PE
AviraTR/Dropper.Gen
MicrosoftBackdoor:MSIL/Bladabindi!rfn
ArcabitGeneric.MSIL.Bladabindi.E62C317D
ZoneAlarmHEUR:Trojan.Win32.Agent.gen
GDataMSIL.Backdoor.Agent.AXJ
GoogleDetected
AhnLab-V3Trojan/Win32.Bladabindi.R295982
Acronissuspicious
McAfeeTrojan-FIDH!446AE530F7B6
MAXmalware (ai score=81)
VBA32Trojan.MSIL.Bladabindi.Heur
MalwarebytesAutoRun.Spyware.Stealer.DDS
ZonerTrojan.Win32.87452
TrendMicro-HouseCallBackdoor.MSIL.BLADABINDI.SMJJ
RisingBackdoor.njRAT!1.A096 (CLASSIC)
IkarusTrojan.MSIL.Bladabindi
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Bladabindi.LX!tr
BitDefenderThetaGen:NN.ZemsilF.34796.fiW@a8MdIHl
AVGWin32:KeyloggerX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove AutoRun.Spyware.Stealer.DDS?

AutoRun.Spyware.Stealer.DDS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment