Spy

Should I remove “Troj/CardSpy-E”?

Malware Removal

The Troj/CardSpy-E is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Troj/CardSpy-E virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Korean
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/CardSpy-E?


File Info:

name: 1760CFE45273F9C7BAD9.mlw
path: /opt/CAPEv2/storage/binaries/c515345c7dbd7730549bcc3d2ddf520cf14a37d8c0cbb60d63a58268ee6637d4
crc32: 4BBAD73F
md5: 1760cfe45273f9c7bad9b6923bb679c5
sha1: 635807f4608bd67291e547d2a1493fc29ee53b3a
sha256: c515345c7dbd7730549bcc3d2ddf520cf14a37d8c0cbb60d63a58268ee6637d4
sha512: f5607bb50414516595e5c08db3b0482eb73e79fe6d949625e94c1232c173a6589ef3f725bafd6baa6ad1b838b088fde2fab2d260b217ee039169c01ac23e1ad6
ssdeep: 3072:VlYUaeN4hBoxT3O14cHydiFlqan0pMwmQIN3C9ISE0qJiNlUdp34UZQ:Vl474CSgqXKQISzqJBp+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16124DF52660048A5F31D0F714A46F5E8489A8E7C69D8F14FF93CBE37A8362875AB710F
sha3_384: 51e5566b9fba220b1dc6302edfd9bc488d3faf37d23e35782276e1e4255ae7c4a40593e695caea45db49050a7100c29d
ep_bytes: b864104b005064ff3500000000648925
timestamp: 2013-09-04 13:31:47

Version Info:

0: [No Data]

Troj/CardSpy-E also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.SP.Urelas.1
FireEyeGeneric.mg.1760cfe45273f9c7
CAT-QuickHealTrojan.Urelas.C.mue
McAfeeCorrupt-CD!1760CFE45273
Cylanceunsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusSpyware ( 00588d7d1 )
AlibabaMalware:Win32/km_28d85.None
K7GWSpyware ( 00588d7d1 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Trojan.Urelas.d
VirITTrojan.Win32.Generic.CONR
CyrenW32/S-2f42b7bd!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Spy.CardSpy.NAF
APEXMalicious
ClamAVWin.Malware.Wecod-9957978-0
KasperskyTrojan.Win32.Wecod.all
BitDefenderGen:Heur.Mint.SP.Urelas.1
NANO-AntivirusTrojan.Win32.TrjGen.dycqws
TencentTrojan.Win32.CardSpy.16000130
EmsisoftGen:Heur.Mint.SP.Urelas.1 (B)
F-SecureHeuristic.HEUR/AGEN.1314922
DrWebTrojan.Siggen7.2913
VIPREGen:Heur.Mint.SP.Urelas.1
McAfee-GW-EditionBehavesLike.Win32.Corrupt.dc
Trapminesuspicious.low.ml.score
SophosTroj/CardSpy-E
IkarusTrojan-PWS.Banker6
GDataGen:Heur.Mint.SP.Urelas.1
JiangminTrojan/Wecod.de
GoogleDetected
AviraHEUR/AGEN.1314922
Antiy-AVLTrojan/Win32.Wecod
XcitiumTrojWare.Win32.Small.NAF@531prv
ArcabitTrojan.Mint.SP.Urelas.1
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftTrojanDownloader:Win32/Upatre
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Plite.R80332
BitDefenderThetaGen:NN.ZexaF.36196.nmXfam63yceO
MAXmalware (ai score=80)
DeepInstinctMALICIOUS
VBA32BScope.Trojan.Urelas
MalwarebytesCardSpy.Spyware.Stealer.DDS
TrendMicro-HouseCallTROJ_GEN.R03BC0DEP23
RisingDownloader.Upatre!8.B5 (TFE:3:SOgd8B5LK8L)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CardSpy.NAF!tr
Cybereasonmalicious.45273f
PandaTrj/Genetic.gen

How to remove Troj/CardSpy-E?

Troj/CardSpy-E removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment