Spy

Generic.PySpy.A.E15BA1C9 (file analysis)

Malware Removal

The Generic.PySpy.A.E15BA1C9 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Generic.PySpy.A.E15BA1C9 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • CAPE detected the PyInstaller malware family

How to determine Generic.PySpy.A.E15BA1C9?


File Info:

name: 64ADA46645C68D4A4C55.mlw
path: /opt/CAPEv2/storage/binaries/5168fcfea7f2dc3c1d9339bcc99417dc93f9af1b9bf6987191d84f7724dec184
crc32: 66265243
md5: 64ada46645c68d4a4c55cd853a302f6b
sha1: cda55f023162f9ac9aaa71779bb4d0396bf918b6
sha256: 5168fcfea7f2dc3c1d9339bcc99417dc93f9af1b9bf6987191d84f7724dec184
sha512: 5a8953656e116aac66f55caa7ccfcacbdd94ca7761747bd5cceca34f1f036b46ed4107a1feeca5006e98158752e068ca024f73d5190192dd532f9e080370bada
ssdeep: 196608:Vmx7QICteEroXxWVfEqlbkkwR7VTEJZFZS727FKC:6QInEroXgfEqirRRoJZfS7cFp
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T18066330867901DECF1B30031E6904921D17A78724754D98B6A3CA23B9FE7EE56EB7F84
sha3_384: 68d3ea83f9cdb09ae69a91d2031e421beef818ce6231ce88763f0a0a520a1f10d2875c712a8aff1277ed46847ddc586b
ep_bytes: 4883ec28e8f70400004883c428e97afe
timestamp: 2021-08-01 04:39:46

Version Info:

0: [No Data]

Generic.PySpy.A.E15BA1C9 also known as:

LionicTrojan.Win64.Disco.i!c
Elasticmalicious (high confidence)
MicroWorld-eScanGeneric.PySpy.A.E15BA1C9
FireEyeGeneric.PySpy.A.E15BA1C9
ALYacGeneric.PySpy.A.E15BA1C9
CylanceUnsafe
ZillyaTrojan.Disco.Win32.1337
K7AntiVirusTrojan ( 00568ccf1 )
AlibabaTrojanPSW:Win32/Almi_Disco.e
K7GWTrojan ( 00568ccf1 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW64/Bulz.BI.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32Python/PSW.Agent.BP
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:Trojan-PSW.Win64.Disco.gen
BitDefenderGeneric.PySpy.A.E15BA1C9
AvastPython:PWStealer-A [Spy]
TencentWin32.Trojan-psw.Agent.Wpab
Ad-AwareGeneric.PySpy.A.E15BA1C9
EmsisoftGeneric.PySpy.A.E15BA1C9 (B)
DrWebPython.Stealer.194
TrendMicroTROJ_GEN.R002C0PL521
McAfee-GW-EditionBehavesLike.Win64.Generic.vc
SophosMal/Generic-S
GDataGeneric.PySpy.A.E15BA1C9
AviraTR/PSW.Agent.pqffy
Antiy-AVLTrojan/Generic.ASMalwS.34493BB
GridinsoftRansom.Win64.Sabsik.sa
ArcabitGeneric.PySpy.A.E15BA1C9
MicrosoftTrojan:Win32/Tiggre!rfn
CynetMalicious (score: 100)
McAfeeArtemis!64ADA46645C6
MAXmalware (ai score=82)
VBA32TrojanPSW.Win64.Disco
TrendMicro-HouseCallTROJ_GEN.R002C0PL521
FortinetPython/Agent.BP!tr
AVGPython:PWStealer-A [Spy]
PandaTrj/CI.A

How to remove Generic.PySpy.A.E15BA1C9?

Generic.PySpy.A.E15BA1C9 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment