Malware

Should I remove “PSWTool.Python.BroPass”?

Malware Removal

The PSWTool.Python.BroPass is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PSWTool.Python.BroPass virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the PyInstaller malware family
  • Creates a copy of itself

How to determine PSWTool.Python.BroPass?



File Info:

name: 833E3EBBE2F2A8EA4AAC.mlw
path: /opt/CAPEv2/storage/binaries/f62e9c77f97b5de737ecd05fe2a704945cebfe1405ef3c7a0b266287e0090352
crc32: FBBAD48E
md5: 833e3ebbe2f2a8ea4aac7b927f040787
sha1: a35bb45fd852d14fc334d4fbb9bcf28a217dbf74
sha256: f62e9c77f97b5de737ecd05fe2a704945cebfe1405ef3c7a0b266287e0090352
sha512: 00ea41b58a452bede1b85f64615b3de6667fd6a594a8ec38ec68b387f91070408abeb93f1268218a593121d89aeff4dcb954977f0ea908b221b38c006d2f730a
ssdeep: 196608:VWmITDp4QeUpg1768qMDw1p/k/z7wtPU0+KBo:jI6VMg1O8qMDw1VQzyP0K
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CB663369C8290AB0F6528871C723FF566A0EBD568F22583BC3503727647398D1AD7C2F
sha3_384: c3939b3ef3111792d5d53d4de6b991568f0d8d9e829df01de26760f26234631b3011f15e5f08c1ccc32366133caa89f7
ep_bytes: 60be002043008dbe00f0fcff57eb0b90
timestamp: 2021-08-01 04:40:34


Version Info:

0: [No Data]

PSWTool.Python.BroPass also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.593226
ALYacGen:Variant.Bulz.593226
CylanceUnsafe
BitDefenderGen:Variant.Bulz.593226
SymantecML.Attribute.HighConfidence
APEXMalicious
Kasperskynot-a-virus:HEUR:PSWTool.Python.BroPass.gen
AvastWin32:Evo-gen [Susp]
Ad-AwareGen:Variant.Bulz.593226
FireEyeGeneric.mg.833e3ebbe2f2a8ea
EmsisoftGen:Variant.Bulz.593226 (B)
SentinelOneStatic AI – Suspicious PE
GDataWin64.Trojan-Stealer.Credentials.C
Antiy-AVLTrojan/Generic.ASMalwS.34559CE
ArcabitTrojan.Bulz.D90D4A
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
MAXmalware (ai score=82)
BitDefenderThetaGen:NN.ZexaF.34294.@pJfaGrQ8di
AVGWin32:Evo-gen [Susp]
Cybereasonmalicious.fd852d
PandaTrj/Genetic.gen

How to remove PSWTool.Python.BroPass?

PSWTool.Python.BroPass removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment