Malware

About “PWS:Win32/Kegotip” infection

Malware Removal

The PWS:Win32/Kegotip is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PWS:Win32/Kegotip virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Manipulates data from or to the Recycle Bin
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Operates on local firewall’s policies and settings
  • Harvests information related to installed mail clients

How to determine PWS:Win32/Kegotip?



File Info:

name: 3E2B75AC98284145DD5F.mlw
path: /opt/CAPEv2/storage/binaries/fda58bf8b39e3db435e0f55ce6c445b9eb0090ae58fd6cdf3fa48db8c616b595
crc32: 8DF8B97B
md5: 3e2b75ac98284145dd5f265de60f233f
sha1: ac6af47e16e474b3d6b0a37c5dad965e5798b990
sha256: fda58bf8b39e3db435e0f55ce6c445b9eb0090ae58fd6cdf3fa48db8c616b595
sha512: 2f62e3c682675a62f683a49d3d9f2ba0b727bb58200a06a9e771d20093a353d84beb5365a2784bc96c45a8c5213292b3dadcf3965273597b151b603f2e758370
ssdeep: 3072:y94J3wbLTIgPjpeeqGOY0/BvDF5ysx2rkRviokeR:NSPTI+9+Y0Jbmjr8Se
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11FF34C03FBBC1CE5E3E6263D19FE4299E417993B6206C1C32C8D5359E18D3724EA9A5C
sha3_384: e60e5cc6dd69967d7fd373569a3ea8ecd38bada3ddc6a57386d7a796b143a6fbde3bd495a949f89d88077118ec04a21b
ep_bytes: e822500100e9f73a0100cccccccccccc
timestamp: 2012-05-31 18:20:03


Version Info:

0: [No Data]

PWS:Win32/Kegotip also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.3e2b75ac98284145
CAT-QuickHealTrojanPWS.Kegotip.WR4
McAfeePWSZbot-FOK!3E2B75AC9828
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1847279
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
AlibabaTrojanPSW:Win32/Kryptik.8bc56454
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.c98284
VirITTrojan.Win32.Crypt3.RDZ
SymantecDownloader.Upatre!gen5
ESET-NOD32a variant of Win32/Kryptik.CCHF
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Mikey.81222
NANO-AntivirusTrojan.Win32.Stealer.czcuwb
MicroWorld-eScanGen:Variant.Mikey.81222
AvastWin32:Agent-AUID [Trj]
TencentWin32.Trojan.Jaike.Lkxv
Ad-AwareGen:Variant.Mikey.81222
EmsisoftGen:Variant.Mikey.81222 (B)
ComodoMalware@#1gn527frhan5d
DrWebTrojan.PWS.Stealer.3277
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_SPNR.0BIQ14
McAfee-GW-EditionPWSZbot-FOK!3E2B75AC9828
SophosMal/Generic-R + Mal/Zbot-QL
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Mikey.81222
JiangminTrojan.Generic.kydv
eGambitGeneric.Malware
AviraHEUR/AGEN.1213603
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.A083C1
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Mikey.D13D46
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Kegotip
BitDefenderThetaGen:NN.ZexaF.34212.kqW@aq3R97li
ALYacGen:Variant.Mikey.81222
VBA32BScope.TrojanPSW.Stealer
MalwarebytesGeneric.Malware/Suspicious
TrendMicro-HouseCallTROJ_SPNR.0BIQ14
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.Kryptik!93A/F6FCGcE
IkarusBackdoor.Win32.Androm
FortinetW32/Kryptik.CCEY!tr
WebrootW32.Infostealer.Zeus
AVGWin32:Agent-AUID [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove PWS:Win32/Kegotip?

PWS:Win32/Kegotip removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment