Malware

What is “Generic.MSIL.PasswordStealerA.00FA2159”?

Malware Removal

The Generic.MSIL.PasswordStealerA.00FA2159 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.MSIL.PasswordStealerA.00FA2159 virus can do?

  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid
  • CAPE detected the MALWARE Win XFiles malware family
  • Binary compilation timestomping detected

How to determine Generic.MSIL.PasswordStealerA.00FA2159?



File Info:

name: E9D8DDAAEA19FFE94E5D.mlw
path: /opt/CAPEv2/storage/binaries/8811bf90d4bd3bbd696615f0b0842369c344e1569abc3fe557b83584aba6b6cd
crc32: EB40C54F
md5: e9d8ddaaea19ffe94e5d66d49c8b4086
sha1: 35da23a0e34f303cb89e53e80e32d7253fedce7d
sha256: 8811bf90d4bd3bbd696615f0b0842369c344e1569abc3fe557b83584aba6b6cd
sha512: 6470a927f61562f11e305ab6e82f5213ef80f33a76d01ac7dcd38f9ed409a88ddae50a7406c03b53e03a708ffc981eafa819e58f309687a3ccee2c51d83bcf3e
ssdeep: 49152:DKEMPSVeAnRkrUpkfA/erSv0yuQPgjR8/34b5HIkvfq2:yPSVvkrUpkfA/eGvoQc5
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1E7E54B187BF42E22E46E97BE80B1411567F0F926B353B39F12D163792D33B208D466A7
sha3_384: a1ad76d88a4bec3374bcaea16a93218f27a583118d01bc22d831d35f7c758a9fc795eaebdec7c7107506acb545839c58
ep_bytes: ff250020400000000000b71dc1046e3b
timestamp: 2074-03-12 01:01:16


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: gosgo
FileVersion: 1.0.0.0
InternalName: NeREDLINE.exe
LegalCopyright: Copyright ©  2020
LegalTrademarks: 
OriginalFilename: NeREDLINE.exe
ProductName: sgsf
ProductVersion: 1.0.0.0
Assembly Version: 1.1.1.0

Generic.MSIL.PasswordStealerA.00FA2159 also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 99)
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacDeepScan:Generic.MSIL.PasswordStealerA.00FA2159
CyrenW32/MSIL_Agent.COB.gen!Eldorado
ESET-NOD32a variant of MSIL/Spy.Agent.AES
APEXMalicious
ClamAVWin.Packed.Passwordstealera-6872839-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderDeepScan:Generic.MSIL.PasswordStealerA.00FA2159
MicroWorld-eScanDeepScan:Generic.MSIL.PasswordStealerA.00FA2159
DrWebTrojan.PWS.StealerNET.74
TrendMicroTrojan.MSIL.REDLINESTEALER.SMTH
McAfee-GW-EditionGenericRXRN-YQ!E9D8DDAAEA19
FireEyeGeneric.mg.e9d8ddaaea19ffe9
EmsisoftDeepScan:Generic.MSIL.PasswordStealerA.00FA2159 (B)
JiangminTrojan.MSIL.unas
AviraHEUR/AGEN.1208320
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataDeepScan:Generic.MSIL.PasswordStealerA.00FA2159
AhnLab-V3Trojan/Win.Generic.R457426
McAfeeGenericRXRN-YQ!E9D8DDAAEA19
MAXmalware (ai score=89)
VBA32Malware-Cryptor.MSIL.AgentTesla.Heur
MalwarebytesMalware.AI.460009094
RisingStealer.Agent!1.D483 (CLASSIC)
SentinelOneStatic AI – Malicious PE
Cybereasonmalicious.aea19f

How to remove Generic.MSIL.PasswordStealerA.00FA2159?

Generic.MSIL.PasswordStealerA.00FA2159 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment