Spy

Spyware.PasswordStealer.SIM malicious file

Malware Removal

The Spyware.PasswordStealer.SIM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Spyware.PasswordStealer.SIM virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (11 unique times)
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • A named pipe was used for inter-process communication
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • Uses Windows utilities for basic functionality
  • Forces a created process to be the child of an unrelated process
  • Executed a process and injected code into it, probably while unpacking
  • Queries information on disks, possibly for anti-virtualization
  • Checks for the presence of known windows from debuggers and forensic tools
  • A process attempted to delay the analysis task by a long amount of time.
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Attempts to create or modify system certificates
  • The sample wrote data to the system hosts file.
  • Generates some ICMP traffic
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

ip-api.com
cor-tips.com
www.facebook.com
bandakere.tumblr.com
email.yg9.me
connectini.net
iw.gamegame.info
ol.gamegame.info
ocsp.comodoca.com
uyg5wye.2ihsfa.com
ocsp.usertrust.com
reportyuwt4sbackv97qarke3.com
crl.usertrust.com
iplogger.org
ocsp.sectigo.com
www.profitabletrustednetwork.com
vexacion.com
www.directdexchange.com
www.cloud-security.xyz

How to determine Spyware.PasswordStealer.SIM?


File Info:

crc32: 61727B00
md5: 7164c297181394bbccb68090346d1742
name: 7164C297181394BBCCB68090346D1742.mlw
sha1: 9910dbddb71ce11fec02953ebd29b2ba3b1a6247
sha256: 531511e95f85e5fd8614c28ddfd4fd487086ebd3f656b6214419876ff1ad3be4
sha512: 68296603ec5d649c8a03ca7fbebbcfbfacfa3e5a4f416414a7a6bf9efc27648de41d1e8b5be4850c3cba736e6460433f45f97aa3d1924ab690923fa06600541c
ssdeep: 98304:pAI+fK9oO80oajzM5cGJbTIiDOPNUB+BZcSj9PdkQmW5sMxIRgbe9aVsSnX:ityocoSzMfJbTIiDOVcYtdklWPeIeQVN
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Data Finder
FileDescription: Versium Research 10 Installation
FileVersion: 10
Comments:
CompanyName: Data Finder
Translation: 0x0409 0x04e4

Spyware.PasswordStealer.SIM also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 005723511 )
DrWebTrojan.Inject4.11771
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Fabookie
ALYacGen:Variant.Midie.88588
MalwarebytesSpyware.PasswordStealer.SIM
SangforTrojan.Win32.Injector.gen
CrowdStrikewin/malicious_confidence_80% (W)
AlibabaTrojanDownloader:Win32/Fabookie.10df77e5
K7GWTrojan ( 005723511 )
Cybereasonmalicious.db71ce
CyrenW32/Kryptik.EGL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Malware.Fabookie-9797757-0
KasperskyTrojan.Win32.Fabookie.ug
BitDefenderGen:Variant.Midie.88588
NANO-AntivirusTrojan.Win32.Fabookie.ivkpkm
MicroWorld-eScanGen:Variant.Midie.88588
Ad-AwareGen:Variant.Midie.88588
SophosTroj/Kryptik-TR
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0DFB21
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
FireEyeGen:Variant.Midie.88588
EmsisoftGen:Variant.Midie.88588 (B)
AviraHEUR/AGEN.1139112
Antiy-AVLTrojan/Generic.ASMalwS.3308937
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftTrojan:Win32/Azorult.RF!MTB
ArcabitTrojan.Midie.D15A0C
AegisLabTrojan.Win32.Fabookie.4!c
GDataGen:Variant.Midie.88588
AhnLab-V3Trojan/Win.Generic.C4477121
McAfeeArtemis!7164C2971813
MAXmalware (ai score=87)
VBA32Trojan.Fabookie
TrendMicro-HouseCallTROJ_GEN.R002C0DFB21
IkarusTrojan-Downloader.Win32.Adload
MaxSecureTrojan-Ransom.Win32.Crypmod.zfq
FortinetW32/Midie.8858!tr
AVGWin32:Trojan-gen
Paloaltogeneric.ml

How to remove Spyware.PasswordStealer.SIM?

Spyware.PasswordStealer.SIM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment