Malware

Pykspa.1 (B) information

Malware Removal

The Pykspa.1 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Pykspa.1 (B) virus can do?

  • Starts servers listening on 0.0.0.0:30148
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Sniffs keystrokes
  • Attempts to stop active services
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Creates a copy of itself
  • Attempts to disable UAC
  • Attempts to modify UAC prompt behavior

How to determine Pykspa.1 (B)?



File Info:

crc32: 0BC7F2A8
md5: dd4d5714259a7f8b98bf3a9254b4487d
name: DD4D5714259A7F8B98BF3A9254B4487D.mlw
sha1: aa3109243d8d2509f2d8bc9277c00457dfc2eed6
sha256: 5e9de12c28a596f77cb3a0b8dd6f841193595b584b981c5a6973bb145626a479
sha512: d651c90fd787fda79bc2294954dd610e2e6ac4e4a1d1cedf4511a869595d11be0c4f60607fb030a74ae010e2565aa318046b4dd1394874297e6243ee05c6b4da
ssdeep: 6144:93Be8ySm8hQAAIfFrRXuEE+0l97mKwKRwHV1F586JQPDHDdx/Qtqa:q/zkFF+EExZmKbRQVH5PJQPDHvd
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Pykspa.1 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Siggen.36621
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacGen:Variant.Pykspa.1
CylanceUnsafe
ZillyaTrojan.Vilsel.Win32.3418
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Blocker.8088d93f
K7GWTrojan ( 003da8d71 )
K7AntiVirusTrojan ( 003da8d71 )
BaiduWin32.Worm.Autorun.o
CyrenW32/Pykspa.A.gen!Eldorado
SymantecW32.Pykspa.D
ESET-NOD32Win32/AutoRun.Agent.TG
ZonerTrojan.Win32.24407
APEXMalicious
TotalDefenseWin32/Vilsel.CE
AvastWin32:Renos-KY [Trj]
ClamAVWin.Worm.Pykspa-1
KasperskyTrojan-Ransom.Win32.Blocker.jcen
BitDefenderGen:Variant.Pykspa.1
NANO-AntivirusTrojan.Win32.Agent.ctkmgw
ViRobotTrojan.Win32.Blocker.Gen.B
SUPERAntiSpywareWorm.SkypeBot
MicroWorld-eScanGen:Variant.Pykspa.1
TencentWorm.Win32.Pykspa.a
Ad-AwareGen:Variant.Pykspa.1
SophosML/PE-A + W32/Pykse-F
ComodoWorm.Win32.Autorun.Agent_TG0@1isiwy
F-SecureTrojan-Downloader:W32/Renos.gen!T
BitDefenderThetaGen:NN.ZexaF.34608.snW@aebaJ5l
VIPREWorm.Win32.Skyper.b (v)
TrendMicroWORM_VILSEL.SMC
McAfee-GW-EditionBehavesLike.Win32.Pykse.tz
FireEyeGeneric.mg.dd4d5714259a7f8b
EmsisoftGen:Variant.Pykspa.1 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Blocker.lhz
WebrootW32.Trojan.Vilsel.Gen
AviraTR/Agent.327680.A
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Win32.AntiAV
KingsoftHeur.SSC.2452.1216.(kcloud)
MicrosoftWorm:Win32/Pykspa.C
ArcabitTrojan.Pykspa.1
AegisLabTrojan.Win32.Blocker.todt
ZoneAlarmTrojan-Ransom.Win32.Blocker.jcen
GDataWin32.Trojan.PSE.KF4I2L
AhnLab-V3Trojan/Win32.Zepfod.R4378
Acronissuspicious
McAfeeW32/Pykse.worm.gen.a
MAXmalware (ai score=82)
VBA32Trojan.ChidikSun.28205
MalwarebytesGeneric.Worm.Agent.DDS
PandaTrj/Vilsel.B
TrendMicro-HouseCallWORM_VILSEL.SMC
RisingWorm.Autorun!1.BC87 (CLOUD)
YandexTrojan.GenAsa!R41E4MI3PTc
IkarusTrojan.Win32.AntiAV
MaxSecureTrojan.Ransom.Blocker.iprw
FortinetW32/Agent.XEK!tr
AVGWin32:Renos-KY [Trj]
Paloaltogeneric.ml
Qihoo-360Worm.Win32.Pykse.A

How to remove Pykspa.1 (B)?

Pykspa.1 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment