Categories: Spy

Generic.PySpy.A.E15BA1C9 (file analysis)

The Generic.PySpy.A.E15BA1C9 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.PySpy.A.E15BA1C9 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Anomalous file deletion behavior detected (10+)
Dynamic (imported) function loading detected
Reads data out of its own binary image
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Created a process from a suspicious location
CAPE detected the PyInstaller malware family

How to determine Generic.PySpy.A.E15BA1C9?


File Info:
name: 64ADA46645C68D4A4C55.mlwpath: /opt/CAPEv2/storage/binaries/5168fcfea7f2dc3c1d9339bcc99417dc93f9af1b9bf6987191d84f7724dec184crc32: 66265243md5: 64ada46645c68d4a4c55cd853a302f6bsha1: cda55f023162f9ac9aaa71779bb4d0396bf918b6sha256: 5168fcfea7f2dc3c1d9339bcc99417dc93f9af1b9bf6987191d84f7724dec184sha512: 5a8953656e116aac66f55caa7ccfcacbdd94ca7761747bd5cceca34f1f036b46ed4107a1feeca5006e98158752e068ca024f73d5190192dd532f9e080370badassdeep: 196608:Vmx7QICteEroXxWVfEqlbkkwR7VTEJZFZS727FKC:6QInEroXgfEqirRRoJZfS7cFptype: PE32+ executable (GUI) x86-64, for MS Windowstlsh: T18066330867901DECF1B30031E6904921D17A78724754D98B6A3CA23B9FE7EE56EB7F84sha3_384: 68d3ea83f9cdb09ae69a91d2031e421beef818ce6231ce88763f0a0a520a1f10d2875c712a8aff1277ed46847ddc586bep_bytes: 4883ec28e8f70400004883c428e97afetimestamp: 2021-08-01 04:39:46
Version Info:
0: [No Data]

Generic.PySpy.A.E15BA1C9 also known as:

Lionic	Trojan.Win64.Disco.i!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.PySpy.A.E15BA1C9
FireEye	Generic.PySpy.A.E15BA1C9
ALYac	Generic.PySpy.A.E15BA1C9
Cylance	Unsafe
Zillya	Trojan.Disco.Win32.1337
K7AntiVirus	Trojan ( 00568ccf1 )
Alibaba	TrojanPSW:Win32/Almi_Disco.e
K7GW	Trojan ( 00568ccf1 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W64/Bulz.BI.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	Python/PSW.Agent.BP
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:Trojan-PSW.Win64.Disco.gen
BitDefender	Generic.PySpy.A.E15BA1C9
Avast	Python:PWStealer-A [Spy]
Tencent	Win32.Trojan-psw.Agent.Wpab
Ad-Aware	Generic.PySpy.A.E15BA1C9
Emsisoft	Generic.PySpy.A.E15BA1C9 (B)
DrWeb	Python.Stealer.194
TrendMicro	TROJ_GEN.R002C0PL521
McAfee-GW-Edition	BehavesLike.Win64.Generic.vc
Sophos	Mal/Generic-S
GData	Generic.PySpy.A.E15BA1C9
Avira	TR/PSW.Agent.pqffy
Antiy-AVL	Trojan/Generic.ASMalwS.34493BB
Gridinsoft	Ransom.Win64.Sabsik.sa
Arcabit	Generic.PySpy.A.E15BA1C9
Microsoft	Trojan:Win32/Tiggre!rfn
Cynet	Malicious (score: 100)
McAfee	Artemis!64ADA46645C6
MAX	malware (ai score=82)
VBA32	TrojanPSW.Win64.Disco
TrendMicro-HouseCall	TROJ_GEN.R002C0PL521
Fortinet	Python/Agent.BP!tr
AVG	Python:PWStealer-A [Spy]
Panda	Trj/CI.A