Spy

Spyware.PredatorTheThief.Generic removal instruction

Malware Removal

The Spyware.PredatorTheThief.Generic is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Spyware.PredatorTheThief.Generic virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Looks up the external IP address
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Detects Sandboxie through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: 7.exe
  • A script process initiated network activity
  • Attempts to identify installed AV products by installation directory
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Attempts to modify proxy settings

Related domains:

iplogger.org

How to determine Spyware.PredatorTheThief.Generic?


File Info:

name: A82EE1F47C3685D1EF1C.mlw
path: /opt/CAPEv2/storage/binaries/6ff970b3a360dd3a0958a1f7395cb4c90f0ad09a5d95b7a270c81a40f3b65d4c
crc32: 4DDDBC88
md5: a82ee1f47c3685d1ef1c51fc7f984e37
sha1: ed37c65a87a87c04da92455c6226eb35fcbb7cdb
sha256: 6ff970b3a360dd3a0958a1f7395cb4c90f0ad09a5d95b7a270c81a40f3b65d4c
sha512: 078e58335bda4e361e9540cc85f4dce7b161f62f5aea1b3d1ec7eb65209503f536c7a61920d3e554ef05fdab62e56e3d8b94d897fa74a8b7b4a6d29b85b4d271
ssdeep: 98304:4KKFvk/hBdXl2zsoFpSTydEXS41nAfDsHyFy/aCe176rnpEdNJVazC:tMvkJBl50S+EXJAfAH2vv6rpEdNSu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17C2633DD15B58AF0DF72553866716441DDABE5701BB8AF0A234A8FBD3006810C866EFF
sha3_384: 6cbfca6d6a1bf679faa1ec498c6ff13445292585f09566aac11db47f569bb3d5104406223b8efdd7456a2b4b44e3234a
ep_bytes: 81ecd4020000535556576a2033ed5e89
timestamp: 2012-02-24 19:20:04

Version Info:

FileDescription:
FileVersion: 7.3.0.0
LegalCopyright: Logerston
ProductVersion: 7.3.0.0
Translation: 0x0000 0x04b0

Spyware.PredatorTheThief.Generic also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Mikey.114456
FireEyeGeneric.mg.a82ee1f47c3685d1
CAT-QuickHealTrojan.Phpw
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:Win32/Coins.1e8d7864
K7GWTrojan ( 0056aa8d1 )
K7AntiVirusTrojan ( 0056aa8d1 )
CyrenW32/CoinMiner.BU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Razy-9370780-0
KasperskyHEUR:Trojan-PSW.Win32.Coins.vho
BitDefenderGen:Variant.Mikey.114456
NANO-AntivirusTrojan.Win64.Coins.hpippy
AvastWin64:TrojanX-gen [Trj]
RisingTrojan.Generic@ML.99 (RDML:I3GtXIDqh++mxXln/3dVzg)
SophosMal/Generic-S
ComodoMalware@#f1vabxyyh4rv
DrWebTrojan.Siggen9.61848
ZillyaTrojan.GenericKD.Win32.30057
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
EmsisoftGen:Variant.Mikey.114456 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.BSE.HLJWVB
WebrootW32.Trojan.Gen
AviraTR/PSW.Coins.royjd
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.30C6CC0
MicrosoftTrojan:Win32/Ymacco.AA6F
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.CoinStealer.R346102
McAfeeArtemis!A82EE1F47C36
VBA32TrojanPSW.Coins
MalwarebytesSpyware.PredatorTheThief.Generic
TencentWin32.Trojan.Multiple.Llhe
YandexRiskware.Unwanted!8s8TPt+ipXw
FortinetW32/CoinMiner.CNV!tr.pws
BitDefenderThetaGen:NN.ZexaF.34294.6zWaaGbfk8ei
AVGWin64:TrojanX-gen [Trj]
Cybereasonmalicious.47c368
PandaTrj/CI.A

How to remove Spyware.PredatorTheThief.Generic?

Spyware.PredatorTheThief.Generic removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment