Malware

About “Generic.MSIL.PasswordStealerA.1C9EDE8C” infection

Malware Removal

The Generic.MSIL.PasswordStealerA.1C9EDE8C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.MSIL.PasswordStealerA.1C9EDE8C virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself

How to determine Generic.MSIL.PasswordStealerA.1C9EDE8C?



File Info:

crc32: 1D350A4A
md5: 577f4065b6663546c9212099af81f51f
name: 577F4065B6663546C9212099AF81F51F.mlw
sha1: 1e7c99d4973830218bfdb7ea10994e7ca71db436
sha256: f7e7dfe0a2e59a746679694100b4549408a7e5513d3b1cf4bee0ba981f5e1703
sha512: 080441aa33bc5c3fe07a60d616f3a9b97b25a0dbd705a99b8b32803f1e06840a04417474529223d08b26cc82417fc0152e79e7edd6afcbebdc4e1b2fb3f70972
ssdeep: 24576:D6w4MROxnFzay6rZlI0AilFEvxHiVwJ/:D6TMiX6rZlI0AilFEvxHii
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: 
Assembly Version: 1.0.0.0
InternalName: Orcus.exe
FileVersion: 1.0.0.0
CompanyName: 
LegalTrademarks: 
Comments: 
ProductName: 
ProductVersion: 1.0.0.0
FileDescription: 
OriginalFilename: Orcus.exe

Generic.MSIL.PasswordStealerA.1C9EDE8C also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoader24.65022
MicroWorld-eScanGeneric.MSIL.PasswordStealerA.1C9EDE8C
FireEyeGeneric.mg.577f4065b6663546
CAT-QuickHealTrojan.MsilFC.S17035747
McAfeeBackDoor-FDJE!577F4065B666
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 005011a81 )
BitDefenderGeneric.MSIL.PasswordStealerA.1C9EDE8C
K7GWTrojan ( 005011a81 )
Cybereasonmalicious.5b6663
BitDefenderThetaGen:NN.ZemsilF.34700.5m0@aae@e0
CyrenW32/MSIL_Injector.KK.gen!Eldorado
SymantecTrojan.Gen.MBT
APEXMalicious
AvastWin32:CrypterX-gen [Trj]
CynetMalicious (score: 90)
KasperskyHEUR:Trojan-Spy.MSIL.Generic
AlibabaWorm:Win32/Ainslot.90da2af9
ViRobotTrojan.Win32.Z.Orcusrat.948224
AegisLabTrojan.MSIL.Generic.l!c
TencentMsil.Trojan-spy.Generic.Swbn
Ad-AwareGeneric.MSIL.PasswordStealerA.1C9EDE8C
SophosMal/Generic-R + Troj/Orcusrot-A
ComodoMalware@#sid5g13mpqng
F-SecureHeuristic.HEUR/AGEN.1128549
TrendMicroBKDR_ORCUSRAT.SM
McAfee-GW-EditionBackDoor-FDJE!577F4065B666
EmsisoftBackdoor.Orcus (A)
IkarusTrojan.MSIL.Agent
JiangminTrojan.Generic.awmpo
AviraHEUR/AGEN.1128549
Antiy-AVLTrojan[Backdoor]/MSIL.Orcus
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftWorm:Win32/Ainslot
GridinsoftTrojan.Win32.RemoteAccess.ka!ni
ArcabitGeneric.MSIL.PasswordStealerA.1C9EDE8C
SUPERAntiSpywareTrojan.Agent/Gen-Injector
ZoneAlarmHEUR:Trojan-Spy.MSIL.Generic
GDataMSIL.Backdoor.Orcus.A
AhnLab-V3Win-Trojan/OrcusRAT.Exp
VBA32Trojan.Downloader
ALYacBackdoor.RAT.MSIL.Orcus
MAXmalware (ai score=85)
MalwarebytesBackdoor.Orcus
PandaTrj/CI.A
ZonerTrojan.Win32.75536
ESET-NOD32a variant of MSIL/Orcusrat.D
TrendMicro-HouseCallBKDR_ORCUSRAT.SM
RisingBackdoor.Orcus!1.B603 (CLASSIC)
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_98%
FortinetMSIL/Generic.AP.F529E!tr
AVGWin32:CrypterX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Generic/Trojan.Spy.c29

How to remove Generic.MSIL.PasswordStealerA.1C9EDE8C?

Generic.MSIL.PasswordStealerA.1C9EDE8C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment