RiskWare.PasswordStealer.Discord malicious file

The RiskWare.PasswordStealer.Discord is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What RiskWare.PasswordStealer.Discord virus can do?

Yara rule detections observed from a process memory dump/dropped files/CAPE
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine RiskWare.PasswordStealer.Discord?


File Info:
name: B16C720B52AD85CF1906.mlw
path: /opt/CAPEv2/storage/binaries/c2d986774a3802a87c987914bf0284a88f209a4cd093834b531b148560705227
crc32: 4AB0B883
md5: b16c720b52ad85cf1906c03616f5ae85
sha1: 4a77151a5e48e49f8916ac5bccb841fe1d811364
sha256: c2d986774a3802a87c987914bf0284a88f209a4cd093834b531b148560705227
sha512: ab87aaae7be88f1e78f6be471b0985ef0a9012fcc0c50ecd5b0c55effcdf86b6b98a14c4d9edf0d20055f10060d4cb4b90d819653b3acc1146884c9307e7ef9e
ssdeep: 12288:7DbZ8lYMomK36i3Ufjd3YIAX6ZQs2XiOu3U3Qn0BrAYMthRiCQLrYlAB2:IomKqE9X6ZQ3XXQ0BrADl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B2351752B7B9CA53E29E1733D4E4D93887A0EC51D6A6E70F21D52EAB3C033A78D04356
sha3_384: 91fff2c20e3affe47b8155f8be8af3cad6628bc9dd3e7e2e80937b7b65b78d6915a94c1e69754dc24c527610ee005eda
ep_bytes: ff250020400000000000000000000000
timestamp: 2062-05-19 21:15:31

Version Info:
Translation: 0x0000 0x04b0
Comments: The beta version of the injector
CompanyName: TRXSH
FileDescription: TRXSHWare Injector
FileVersion: 1.0.0
InternalName: TrxshWareInjector.exe
LegalCopyright: 2022
LegalTrademarks: 
OriginalFilename: TrxshWareInjector.exe
ProductName: TRXSHWare
ProductVersion: 1.0.0
Assembly Version: 1.0.0.0

RiskWare.PasswordStealer.Discord also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Disco.i!c
Elastic	malicious (moderate confidence)
DrWeb	Trojan.PWS.DiscordNET.48
MicroWorld-eScan	Trojan.GenericKD.61272706
FireEye	Trojan.GenericKD.61272706
McAfee	GenericRXUA-LF!B16C720B52AD
Cylance	Unsafe
Zillya	Trojan.Stealer.Win32.27189
Sangfor	Infostealer.Win32.Agent.V3oq
Alibaba	TrojanPSW:MSIL/Stealer.0c45bbd6
Cyren	W32/ABRisk.BWVF-4824
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TROJ_GEN.R002C0WHF22
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-PSW.MSIL.Stealer.gen
BitDefender	Trojan.GenericKD.61272706
Avast	Win32:PWSX-gen [Trj]
Tencent	Msil.Trojan-QQPass.QQRob.Wylw
Ad-Aware	Trojan.GenericKD.61272706
Emsisoft	Trojan.GenericKD.61272706 (B)
VIPRE	Trojan.GenericKD.61272706
TrendMicro	TROJ_GEN.R002C0WHF22
McAfee-GW-Edition	GenericRXUA-LF!B16C720B52AD
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
Google	Detected
Avira	TR/Redcap.ywuyn
Antiy-AVL	Trojan/Generic.ASMalwS.6EF0
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	MSIL.Trojan-Stealer.DiscordStealer.D
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R512052
VBA32	Downloader.MSIL.gen.rexp
MAX	malware (ai score=86)
Malwarebytes	RiskWare.PasswordStealer.Discord
APEX	Malicious
Rising	Stealer.Discord!8.10A86 (CLOUD)
MaxSecure	Trojan.Malware.74396735.susgen
Fortinet	PossibleThreat
AVG	Win32:PWSX-gen [Trj]
Panda	Trj/Chgt.AD

How to remove RiskWare.PasswordStealer.Discord?

RiskWare.PasswordStealer.Discord removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X