Malware

Generic.MSIL.PasswordStealerA.5FE248F3 (file analysis)

Malware Removal

The Generic.MSIL.PasswordStealerA.5FE248F3 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.MSIL.PasswordStealerA.5FE248F3 virus can do?

  • Authenticode signature is invalid
  • CAPE detected the OrcusRAT malware family

How to determine Generic.MSIL.PasswordStealerA.5FE248F3?



File Info:

name: 706AD0A69626A1280210.mlw
path: /opt/CAPEv2/storage/binaries/da9c67ca2bbfd1c512669d3685a76ad56919330ea1a156508bd1c6e6781f4d98
crc32: CDEFEB38
md5: 706ad0a69626a12802102f8303e98bc8
sha1: b89682638915ce517832f0b5d757473f4eb52e6f
sha256: da9c67ca2bbfd1c512669d3685a76ad56919330ea1a156508bd1c6e6781f4d98
sha512: b29d0e598b8e605371c6704e31649a288906f95dee76451bbad087301851651ce69c28cd43e702e2d88275e783882f6a1b7604dd3643577f026dc703e35111fe
ssdeep: 12288:t+EAtKKtuKA1v6nJgurMUuIwe3eQBQnaFf7IEux8P2y2GYt1:t+LKOOFbIwe3knaFf7IEe8PvYD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T155C46A057BBCFE06C0BF2379A2732FC50375EA069482E70E149491AD0D9B751BD693AB
sha3_384: 2dcc1d4501a169c5131d68314f691d4bd0b6c0bacc07228b77d0d46a214e8e0e8b5038ae97b989feb6ba85f078b0c8a2
ep_bytes: ff25002040007456eee694bbc7468bbc
timestamp: 2023-05-26 07:29:01


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: Orcus.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: Orcus.exe
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Generic.MSIL.PasswordStealerA.5FE248F3 also known as:

LionicTrojan.Win32.Orcus.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGeneric.MSIL.PasswordStealerA.5FE248F3
ClamAVWin.Packed.Generic-9805849-0
FireEyeGeneric.mg.706ad0a69626a128
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacGeneric.MSIL.PasswordStealerA.5FE248F3
Cylanceunsafe
ZillyaTrojan.Orcusrat.Win32.1405
SangforVirus.Win32.Save.a
AlibabaBackdoor:MSIL/Orcus.48c1df06
Cybereasonmalicious.69626a
CyrenW32/ABRisk.QAIV-4034
SymantecTrojan.Sorcurat
ESET-NOD32a variant of MSIL/Orcusrat.D
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.MSIL.Orcus.gen
BitDefenderGeneric.MSIL.PasswordStealerA.5FE248F3
AvastWin32:CrypterX-gen [Trj]
TencentMsil.Backdoor.Orcus.Fmnw
EmsisoftBackdoor.Orcus (A)
F-SecureHeuristic.HEUR/AGEN.1352044
VIPREGeneric.MSIL.PasswordStealerA.5FE248F3
TrendMicroBKDR_ORCUSRAT.SM
McAfee-GW-EditionGenericRXOS-XN!706AD0A69626
SophosMal/OrcusRAT-A
IkarusBackdoor.OrcusRat
GDataGeneric.MSIL.PasswordStealerA.5FE248F3
AviraHEUR/AGEN.1352044
MAXmalware (ai score=86)
Antiy-AVLTrojan[Backdoor]/MSIL.Orcus
ArcabitGeneric.MSIL.PasswordStealerA.5FE248F3
ViRobotTrojan.Win.Z.Orcusrat.562176
ZoneAlarmHEUR:Backdoor.MSIL.Orcus.gen
MicrosoftBackdoor:MSIL/Orcus.A!bit
GoogleDetected
AhnLab-V3Win-Trojan/OrcusRAT.Exp
Acronissuspicious
McAfeeGenericRXOS-XN!706AD0A69626
VBA32TScope.Trojan.MSIL
MalwarebytesOrcus.Backdoor.RAT.DDS
PandaTrj/GdSda.A
TrendMicro-HouseCallBKDR_ORCUSRAT.SM
RisingBackdoor.Orcus!1.BABC (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/SpyPSW.AVQ!tr
BitDefenderThetaGen:NN.ZemsilF.36250.Im0@ayv1hIk
AVGWin32:CrypterX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Generic.MSIL.PasswordStealerA.5FE248F3?

Generic.MSIL.PasswordStealerA.5FE248F3 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment