Spy

Spyware.PWS.Tepfer.ftp malicious file

Malware Removal

The Spyware.PWS.Tepfer.ftp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Spyware.PWS.Tepfer.ftp virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Terminates another process
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • CAPE detected the Fareit malware family
  • Deletes executed files from disk
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients

How to determine Spyware.PWS.Tepfer.ftp?



File Info:

name: 8CE22C734BBBD5AE07C4.mlw
path: /opt/CAPEv2/storage/binaries/b3062e772925653a6a1c52b7690854f8f26216e78ee836db295aa4c007144bea
crc32: B269A75C
md5: 8ce22c734bbbd5ae07c4826fb41853b1
sha1: b8be94d7fcf699a7d5b6825487adbe43bee84847
sha256: b3062e772925653a6a1c52b7690854f8f26216e78ee836db295aa4c007144bea
sha512: 19d4a010a251ebc09f866683a49748a228972979c6f6ce22d9a91663f6a3689136ae3df5a3bba1632837d8d53f759a02d0cd41cd9da5f90ced2f69b21e7c16d3
ssdeep: 6144:le33jwAGJBmYpNho/MqePBHED76STqMHiWlNvlhIvZz/LJ6:U3wJ5pNh8MFB86ALnIRJ6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11D9426C9FFE35F0DC82D0EB10AB4C79A91E38CA4673146FF9255FE1A56B60BA4685C40
sha3_384: b3dfde64ea7997d7bf993113b0957ff97bf9f5ad1dcf8a9475e0b4fd07a03c0250c24aa0b82b725f0725e2dac6ef2933
ep_bytes: ff250020400000000000000000000000
timestamp: 2016-05-18 07:23:15


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: aroooooooooooba.exe
LegalCopyright:  
OriginalFilename: aroooooooooooba.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Spyware.PWS.Tepfer.ftp also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.MSIL.Bladabindi.1
FireEyeGeneric.mg.8ce22c734bbbd5ae
ALYacSpyware.PWS.Tepfer.ftp
CylanceUnsafe
VIPREGen:Heur.MSIL.Bladabindi.1
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWPassword-Stealer ( 0055e3dc1 )
K7AntiVirusPassword-Stealer ( 0055e3dc1 )
ArcabitTrojan.MSIL.Bladabindi.1
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/PSW.Fareit.A
APEXMalicious
KasperskyHEUR:Backdoor.Win32.Generic
BitDefenderGen:Heur.MSIL.Bladabindi.1
NANO-AntivirusTrojan.Win32.Stealer.eebvot
AvastWin32:TrojanX-gen [Trj]
TencentWin32.Trojan.Inject.Auto
Ad-AwareGen:Heur.MSIL.Bladabindi.1
TACHYONTrojan-PWS/W32.DN-Fareit.422912
EmsisoftGen:Heur.MSIL.Bladabindi.1 (B)
ComodoMalware@#13ji2edd34lor
F-SecureTrojan.TR/Dropper.MSIL.Gen4
DrWebTrojan.PWS.Stealer.13052
TrendMicroTROJ_FRS.0NA003EK16
McAfee-GW-EditionBehavesLike.Win32.Generic.gh
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusWorm.Win32.Phorpiex
WebrootW32.Trojan.GenKD
AviraTR/Dropper.MSIL.Gen4
Antiy-AVLTrojan[PSW]/Win32.Fareit
KingsoftWin32.PSWTroj.Fareit.bv.(kcloud)
MicrosoftPWS:Win32/Fareit
ViRobotTrojan.Win32.Z.Fareit.422912
ZoneAlarmHEUR:Backdoor.Win32.Generic
GDataGen:Heur.MSIL.Bladabindi.1
CynetMalicious (score: 99)
Acronissuspicious
McAfeeFareit-FES!8CE22C734BBB
MAXmalware (ai score=100)
VBA32CIL.HeapOverride.Heur
TrendMicro-HouseCallTROJ_FRS.0NA003EK16
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL:LWwtcrkRG9R2vqz1iyqzBg)
YandexTrojan.PWS.Fareit!W5iZO1H0DCg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.GBQ!tr
BitDefenderThetaGen:NN.ZemsilF.34806.zm0@a8J6Tcl
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.34bbbd
PandaTrj/CI.A

How to remove Spyware.PWS.Tepfer.ftp?

Spyware.PWS.Tepfer.ftp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment