Spy

Dropped:Generic.PySpy.B.2FB7E65F removal tips

Malware Removal

The Dropped:Generic.PySpy.B.2FB7E65F is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropped:Generic.PySpy.B.2FB7E65F virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Uses Windows utilities for basic functionality
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities to create a scheduled task
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Deletes executed files from disk
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Suspicious wmic.exe use was detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Dropped:Generic.PySpy.B.2FB7E65F?



File Info:

name: F0D6EA4F486CA6BAFC7C.mlw
path: /opt/CAPEv2/storage/binaries/b28938b06b3d37c5f272d1b4ce443b2834148b2567ba50b62f167916c77f3883
crc32: F1F16587
md5: f0d6ea4f486ca6bafc7c82631b214fea
sha1: dc19c8438c89805e1ec4ce42407e951410b97be7
sha256: b28938b06b3d37c5f272d1b4ce443b2834148b2567ba50b62f167916c77f3883
sha512: bca5b5be7da217c54d91b1d280bf813920c71eb9a1b2edf6ac8060b5c1fefd1e64a4c9c019588c2e0f6eea66fbc30d5156b854f8d41a87cae50ab2bd52ea6b64
ssdeep: 3072:W8Swq3FOVt1DCDMxQYUfF7GusKr5HoXMpv:W8Z31uT
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1B1D3C55B96838131C44A12FC0A765D097E300E1763CDDB5AD7E97CAC2BB32C6B26963D
sha3_384: 0e7928109092b12a58932daf14ead4df9e86204e89e205297f43f3b3a3d95a5260c503066ca805150de98b01256d4746
ep_bytes: 68d0000000680000000068c8b14000e8
timestamp: 2010-11-08 13:12:00


Version Info:

0: [No Data]

Dropped:Generic.PySpy.B.2FB7E65F also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Agent.treW
MicroWorld-eScanDropped:Generic.PySpy.B.2FB7E65F
FireEyeGeneric.mg.f0d6ea4f486ca6ba
ALYacDropped:Generic.PySpy.B.2FB7E65F
MalwarebytesTrojan.Downloader.Discord
VIPREDropped:Generic.PySpy.B.2FB7E65F
SangforSpyware.Win32.Agent.Vbm8
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:BAT/Obfuscated.01546253
K7GWTrojan ( 004e1c291 )
K7AntiVirusTrojan ( 004e1c291 )
VirITTrojan.Win32.Generic.AZNY
CyrenW32/ABRisk.OPDD-5576
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32BAT/Spy.Agent.CB
ZonerTrojan.Win32.138355
CynetMalicious (score: 100)
KasperskyUDS:Trojan-PSW.Win32.Disco
BitDefenderDropped:Generic.PySpy.B.2FB7E65F
AvastVBS:Obfuscated-AS [Cryp]
TencentWin32.Trojan-Spy.Agent.Aplw
SophosMal/Generic-S
F-SecureMalware.BAT/Spy.Agent.AR
DrWebTrojan.PWS.Stealer.32338
TrendMicroTROJ_GEN.R002C0XER23
McAfee-GW-EditionBehavesLike.Win32.RealProtect.ct
Trapminesuspicious.low.ml.score
EmsisoftDropped:Generic.PySpy.B.2FB7E65F (B)
IkarusTrojan.Bat.Spy
GDataDropped:Generic.PySpy.B.2FB7E65F
JiangminHackTool.KMSAuto.en
AviraBAT/Spy.Agent.AR
ArcabitGeneric.PySpy.B.2FB7E65F
ZoneAlarmUDS:Trojan-PSW.Win32.Disco
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
McAfeeArtemis!F0D6EA4F486C
MAXmalware (ai score=89)
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002C0XER23
RisingTrojan.Generic@AI.100 (RDML:ild0i7eemkIOu6rf+4ENEw)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
AVGVBS:Obfuscated-AS [Cryp]
Cybereasonmalicious.38c898
DeepInstinctMALICIOUS

How to remove Dropped:Generic.PySpy.B.2FB7E65F?

Dropped:Generic.PySpy.B.2FB7E65F removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment