What is “PUA:Win32/Passware”?

The PUA:Win32/Passware is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What PUA:Win32/Passware virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
Reads data out of its own binary image
Authenticode signature is invalid
Anomalous binary characteristics

How to determine PUA:Win32/Passware?


File Info:
name: 784EBC0901F12C54C5E7.mlw
path: /opt/CAPEv2/storage/binaries/8ba8ccbd9e06cee12f3847e712782b82de6de1f70276f0f06243a0235f5e1679
crc32: 037A82E5
md5: 784ebc0901f12c54c5e7a8ad172b166e
sha1: e57e70816fac8b8a0f1970555a6ea0c0761b364c
sha256: 8ba8ccbd9e06cee12f3847e712782b82de6de1f70276f0f06243a0235f5e1679
sha512: 6cb3e393209cb3d0c22688281512be22941a06645ff6dcf654844da63d08805dfe02dc16a149eb7c6886e078a44c611fa473e8676c40ab6037c5c95ef4515241
ssdeep: 98304:n8c2ykYUYh1SPMFDRUxcGZ0MVKKhlvwrXjAhq5rJAk04RJJN+LYi:nrjk5YhU0PkcC1LEXj9JAk0kN+V
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC063317716FF2EDD7C1D2B152FAB30EAA310F3910E5146B8E5EC243EEA01A705D585A
sha3_384: 633bb3ada9de52dacc254df9cf67bf9c2426b41b326ed36c222d26bd37a0dd7990db5935a6cf130ba82a8fab4edc1d1e
ep_bytes: 558bec81ec2c0500005356576a015e6a
timestamp: 2001-10-25 19:47:11

Version Info:
CompanyName: Passware - www.lostpassword.com
FileDescription: Passware Kit 7.1 Enterprise Edition Setup
FileVersion: 7.1 build 1411
LegalCopyright: Copyright (c) 1998, 2005 Passware

PUA:Win32/Passware also known as:

Bkav	W32.AIDetectMalware
Skyhigh	BehavesLike.Win32.Virus.wc
McAfee	Artemis!784EBC0901F1
Elastic	malicious (moderate confidence)
NANO-Antivirus	Riskware.Win32.LostPassword.bthca
Rising	Trojan.Generic@AI.92 (RDML:I+MgegE3yBCF/Rfmy3sHzg)
Sophos	Passware Password Recovery (PUA)
Jiangmin	Worm/Viking.Tail
Google	Detected
Varist	W32/Fujack.A!Generic
Antiy-AVL	GrayWare/Win32.Wacapew
Microsoft	PUA:Win32/Passware
Cylance	unsafe
MaxSecure	Trojan.Malware.216104594.susgen
DeepInstinct	MALICIOUS

How to remove PUA:Win32/Passware?

PUA:Win32/Passware removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X