Spy

Generic.PySpy.A.1D199DF2 (file analysis)

Malware Removal

The Generic.PySpy.A.1D199DF2 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.PySpy.A.1D199DF2 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the PyInstaller malware family

How to determine Generic.PySpy.A.1D199DF2?



File Info:

name: 27222FBC03E848AB1FD0.mlw
path: /opt/CAPEv2/storage/binaries/0fa53825ec524bf4404033f065b4dd9f8da7ea51fc39d9d702a39b8b66dedca5
crc32: D7DA64BB
md5: 27222fbc03e848ab1fd0f0e957e5aed6
sha1: c4a37a8ae142976c9959b61e997c41848a1cf1b2
sha256: 0fa53825ec524bf4404033f065b4dd9f8da7ea51fc39d9d702a39b8b66dedca5
sha512: 4f55c9b14e32f4029f0c92755ef323ab16db555102503895e2c92fba8b6d6be7e4d8e6cb1523547630efdac1859b33107480583ee9c4b969701b11362ddb57fb
ssdeep: 49152:XolZTOcd0J9uLtbIYLHPvX8IEvJnQ+yqG1DOHOr8wjefRB:O0m0KbIY70IEvJnQ3q05rjm
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1BC952359ABA509F8F4FA11358C42411AE672B43B1770C65F0B6499379F23AA03C7BFB1
sha3_384: 0c4d86a05987399dd0fe0b22d256283eb4427bc83f14c1a0b6fba818485535195aaaa5865e3f417e6bd6baa2b5ac716e
ep_bytes: 4883ec28e8f70400004883c428e972fe
timestamp: 2021-08-01 04:39:37


Version Info:

0: [No Data]

Generic.PySpy.A.1D199DF2 also known as:

LionicTrojan.Win64.Disco.i!c
DrWebPython.Stealer.194
MicroWorld-eScanGeneric.PySpy.A.1D199DF2
FireEyeGeneric.PySpy.A.1D199DF2
McAfeeArtemis!27222FBC03E8
K7AntiVirusTrojan ( 0057b50b1 )
AlibabaTrojanPSW:Win32/Almi_Disco.e
K7GWTrojan ( 0057b50b1 )
SymantecTrojan.Gen.MBT
ESET-NOD32Python/PSW.Agent.JC
TrendMicro-HouseCallTROJ_GEN.R011C0WKS21
KasperskyUDS:Trojan-PSW.Win64.Disco.gen
BitDefenderGeneric.PySpy.A.1D199DF2
AvastFileRepMalware
TencentWin64.Trojan-qqpass.Qqrob.Hphy
Ad-AwareGeneric.PySpy.A.1D199DF2
SophosMal/Generic-S
TrendMicroTROJ_GEN.R011C0WKS21
McAfee-GW-EditionBehavesLike.Win64.Ransom.tc
EmsisoftGeneric.PySpy.A.1D199DF2 (B)
GDataGeneric.PySpy.A.1D199DF2
AviraTR/PSW.Agent.vggao
MAXmalware (ai score=82)
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
VBA32TrojanPSW.Win64.Disco
ALYacGeneric.PySpy.A.1D199DF2
FortinetPython/Agent.JC!tr.pws
AVGFileRepMalware
PandaTrj/CI.A

How to remove Generic.PySpy.A.1D199DF2?

Generic.PySpy.A.1D199DF2 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment