Spy

MSIL/Spy.RapidStealer.E (file analysis)

Malware Removal

The MSIL/Spy.RapidStealer.E is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Spy.RapidStealer.E virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Creates a copy of itself

How to determine MSIL/Spy.RapidStealer.E?



File Info:

name: 94D5FC60E273F68583F2.mlw
path: /opt/CAPEv2/storage/binaries/477a323b5d4ec20a12914bedb7e7495915e9a04095892c2a51087036d34a53ef
crc32: 13C2E9DF
md5: 94d5fc60e273f68583f2e32ce1fb161f
sha1: c3b053d7a881ac83515918f5452e1acafae16542
sha256: 477a323b5d4ec20a12914bedb7e7495915e9a04095892c2a51087036d34a53ef
sha512: 2531e8cc53e5dd43b1ea0023d0c488b03b41cfa7e6652e0aa849f64714dd6ea92f2fbd82fa50fda08d2757955da9d91aa6993ab57aefce2cfdc0d935c0999801
ssdeep: 24576:tzsLjfJgkEvmFyjyJHiUe8OOpDs3Ooc8DHkC2eelZ1OMopuuynC4z72un:tzs5gzV0dPoenC4z7Nn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A345E1227B5B0AF2D1D653B5B1C243124BF1AC4A4261F38352DFE5942F567C4A3E3BA2
sha3_384: 77146cac490fe7d18aa1c607b5c55054355de8a63ea30a5086d28f3312fefa44bde2f8c4ddfddaf665a5389ab4f25403
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-08-26 10:24:56


Version Info:

Translation: 0x0000 0x04b0
Comments: Explorer
CompanyName: Explorer
FileDescription: Explorer
FileVersion: 1.0.0.0
InternalName: Dostealer.exe
LegalCopyright: Explorer
OriginalFilename: Dostealer.exe
ProductName: Explorer
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Spy.RapidStealer.E also known as:

Elasticmalicious (high confidence)
FireEyeGeneric.mg.94d5fc60e273f685
CrowdStrikewin/malicious_confidence_60% (D)
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
VirITTrojan.Win32.MSIL.AET
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Spy.RapidStealer.E
APEXMalicious
KasperskyHEUR:Backdoor.MSIL.Generic
DrWebTrojan.Siggen7.34086
Trapminemalicious.high.ml.score
JiangminBackdoor.MSIL.yoq
WebrootW32.Trojan.Gen
AviraTR/Dropper.MSIL.wsdo
Antiy-AVLTrojan/Generic.ASCommon.250
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmHEUR:Backdoor.MSIL.Generic
CynetMalicious (score: 100)
RisingMalware.Undefined!8.C (TFE:dGZlOg2d5mwYX9ksBw)
YandexBackdoor.Pavilion!sTqEz3SFa/E
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZemsilF.34646.hn2@aGO3mrg
Cybereasonmalicious.7a881a
PandaTrj/Genetic.gen

How to remove MSIL/Spy.RapidStealer.E?

MSIL/Spy.RapidStealer.E removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment