Malware

Python/PSW.Stealer.BP malicious file

Malware Removal

The Python/PSW.Stealer.BP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Python/PSW.Stealer.BP virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Writes a potential ransom message to disk
  • CAPE detected the PyInstaller malware family

How to determine Python/PSW.Stealer.BP?



File Info:

name: 84D98387D6B13F950BA8.mlw
path: /opt/CAPEv2/storage/binaries/14ac85f63a1eb83275184028aeefddf91fd93c8358366cedd4ccb78a99c013e1
crc32: E6F8A25B
md5: 84d98387d6b13f950ba8297e41763158
sha1: e4a3439637f0fc443c322eeaee87f3eae3fb07d1
sha256: 14ac85f63a1eb83275184028aeefddf91fd93c8358366cedd4ccb78a99c013e1
sha512: 57a723f2bdcca0102acaf903b0af8ec6770194738a3f0f56c1be5ffb7ab5c27b3b0a9697967c425ddb0fa3c177376cc359cc97270aa7801057231ab5e8863dd4
ssdeep: 393216:8DQfFsHxWlv8InEroXlsKkXgbW+TA39eVx6Hj3Na:dfaHx8ErUloRQA3MCT
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T116D633406AA1049FFAAA8934C4B6851090B1BDBB5752D1DF037D93A60FB75D32E3BF48
sha3_384: 363494e197ba91aea3dd2a1a0d7b8bbcdd6e9ec9c77982dc66cfbae5d4c70dd2a03ef58dbb67e00bc6b07a3aa6b180cf
ep_bytes: 4883ec28e8f70400004883c428e97afe
timestamp: 2021-11-09 18:04:01


Version Info:

0: [No Data]

Python/PSW.Stealer.BP also known as:

MicroWorld-eScanGen:Variant.Tedy.26120
FireEyeGen:Variant.Tedy.26120
ZillyaTrojan.Agent.Script.1642387
ESET-NOD32Python/PSW.Stealer.BP
APEXMalicious
KasperskyHEUR:Trojan-PSW.Python.Agent.gen
BitDefenderGen:Variant.Tedy.26120
AvastWin64:Trojan-gen
Ad-AwareGen:Variant.Tedy.26120
EmsisoftGen:Variant.Tedy.26120 (B)
McAfee-GW-EditionBehavesLike.Win64.Generic.rc
GDataGen:Variant.Tedy.26120
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.34CE23D
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ALYacGen:Variant.Tedy.26120
FortinetPython/Stealer.BP!tr
AVGWin64:Trojan-gen

How to remove Python/PSW.Stealer.BP?

Python/PSW.Stealer.BP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment