Spy

Generic.PySpy.A.EB70DA30 malicious file

Malware Removal

The Generic.PySpy.A.EB70DA30 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generic.PySpy.A.EB70DA30 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the PyInstaller malware family
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Generic.PySpy.A.EB70DA30?


File Info:

name: 2D663D6DAE669BA53E65.mlw
path: /opt/CAPEv2/storage/binaries/24400e7b83df5cec4f51db5b939c75146e0418e6a68927fe15360a83a605f640
crc32: 3C0DFD37
md5: 2d663d6dae669ba53e65ba4c850e98da
sha1: 2fb5b1a2b08d3d00ae60a0281e0da7ecdbf5f6fd
sha256: 24400e7b83df5cec4f51db5b939c75146e0418e6a68927fe15360a83a605f640
sha512: 633503e14efc18f580bda36909c9facbc44a8584e57787f57b7fbcac3fa02b3272e60666e8e687ab2750063d05109bf219b2e7655c4e90da68ad629c2be60afe
ssdeep: 196608:PK3d1iRmAUKdIOtzgXt9wIqol+FMJNaSbm:PUDiRkqcbZqol+4nbm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1586633E3AD838164CB892B765272C872E777AC9B13D39007A9D47D237A76D03493B943
sha3_384: cad41152d088c3425ee86a11909a7a29367fc03d3e9859ba1ac8eae045d217647d0b402bc6c75ba21fb48b5b5fdde2da
ep_bytes: 81ec800100005355565733db68018000
timestamp: 2015-12-27 05:38:55

Version Info:

0: [No Data]

Generic.PySpy.A.EB70DA30 also known as:

LionicTrojan.Multi.Disco.i!c
FireEyeGeneric.mg.2d663d6dae669ba5
CAT-QuickHealTrojanpws.Multi
McAfeePython/PWS.v
CylanceUnsafe
SangforInfostealer.Python.Agent.Volf
K7AntiVirusTrojan ( 00568ccf1 )
BitDefenderGeneric.PySpy.A.EB70DA30
K7GWTrojan ( 00568ccf1 )
Cybereasonmalicious.2b08d3
BitDefenderThetaGen:NN.ZemsilF.34726.Vn0@ammrPIk
CyrenPYC/Disgrab.B.gen!Camelot
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32Python/PSW.Agent.BP
APEXMalicious
CynetMalicious (score: 99)
KasperskyHEUR:Trojan-PSW.Multi.Disco.gen
AlibabaTrojanPSW:Win32/Almi_Disco.e
NANO-AntivirusTrojan.Win32.Amonetize.jsjwlq
SophosMal/Generic-S
DrWebPython.Stealer.194
VIPREGeneric.PySpy.A.EB70DA30
TrendMicroTROJ_GEN.R002C0PJD22
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftGeneric.PySpy.A.EB70DA30 (B)
IkarusTrojan-Spy.Python.Disgrab
JiangminTrojan.PSW.Stelega.lc
AviraHEUR/AGEN.1233705
MAXmalware (ai score=86)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGeneric.PySpy.A.EB70DA30
GoogleDetected
ALYacGeneric.PySpy.A.EB70DA30
MalwarebytesMalware.AI.1558424849
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0PJD22
TencentWin32.Trojan-QQPass.QQRob.Gtgl
FortinetPython/Agent.BP!tr
AVGMulti:Agent-CL [Trj]
AvastMulti:Agent-CL [Trj]
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Generic.PySpy.A.EB70DA30?

Generic.PySpy.A.EB70DA30 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment