Malware

Troj/Steal-HS malicious file

Malware Removal

The Troj/Steal-HS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Steal-HS virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Network activity detected but not expressed in API logs
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Harvests information related to installed mail clients

How to determine Troj/Steal-HS?



File Info:

crc32: 74179F57
md5: 31be0d62cc1ce49489a8e0e684fd285b
name: pov.exe
sha1: 580438d397364fdec95ebaba6f292853f32e7c69
sha256: 92495754dd61c60ad7542d49515051cd6e37d2d076c9ffa848bb0d3f9baaae6c
sha512: a71c4edf90b2b2f992c26fed9e665952f6e8080ad8982089d94e20794809eba74c2fd506aefaba3b1c66ff4591a1f1fdf40038f37ec62511b1fc6d749997897f
ssdeep: 6144:zkiQfA5M5jcDRJa+whj5vEq5ZImOe7Y6q3VCmbP:zkiQfEaC6HOen
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright:  
Assembly Version: 0.0.0.0
InternalName: QLoGLwGwEVfXOXmrLqnwRTf.exe
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
FileDescription:  
OriginalFilename: QLoGLwGwEVfXOXmrLqnwRTf.exe

Troj/Steal-HS also known as:

MicroWorld-eScanGen:Variant.Razy.577898
FireEyeGeneric.mg.31be0d62cc1ce494
McAfeeRDN/Generic PWS.y
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 0056069a1 )
BitDefenderGen:Variant.Razy.577898
K7GWTrojan ( 0056069a1 )
Cybereasonmalicious.397364
TrendMicroTROJ_GEN.R002C0DBR20
F-ProtW32/MSIL_Troj.RC.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:PWSX-gen [Trj]
ClamAVWin.Packed.Razy-7426372-0
GDataGen:Variant.Razy.577898
KasperskyHEUR:Trojan-PSW.MSIL.Agensla.a
AlibabaBackdoor:MSIL/Remcos.4a15a153
NANO-AntivirusTrojan.Win32.Agensla.hcmddf
AegisLabTrojan.MSIL.Agensla.i!c
RisingSpyware.AgentTesla!1.B864 (CLOUD)
Endgamemalicious (high confidence)
SophosTroj/Steal-HS
ComodoMalware@#30a88mr8zkfv7
F-SecureTrojan.TR/Spy.Gen8
DrWebTrojan.PWS.AgenslaNET.1
VIPRETrojan.Win32.Generic!BT
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
Trapminemalicious.high.ml.score
EmsisoftTrojan-Spy.Agent (A)
IkarusTrojan-Spy.Keylogger.AgentTesla
CyrenW32/MSIL_Troj.RC.gen!Eldorado
AviraTR/Spy.Gen8
eGambitUnsafe.AI_Score_100%
MAXmalware (ai score=100)
Antiy-AVLTrojan[PSW]/MSIL.Agensla
MicrosoftBackdoor:MSIL/Remcos!rfn
ArcabitTrojan.Razy.D8D16A
ZoneAlarmHEUR:Trojan-PSW.MSIL.Agensla.a
AhnLab-V3Trojan/Win32.AgentTesla.C3450450
Acronissuspicious
ALYacGen:Variant.Razy.577898
Ad-AwareGen:Variant.Razy.577898
MalwarebytesSpyware.AgentTesla.MSIL.Generic
PandaTrj/GdSda.A
ESET-NOD32a variant of MSIL/Autorun.Spy.Agent.DF
TrendMicro-HouseCallTROJ_GEN.R002C0DBR20
TencentWin32.Trojan.Spy.Ljko
SentinelOneDFI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Spy.AES!tr
BitDefenderThetaGen:NN.ZemsilF.34090.rm0@a01wb6m
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Generic/Trojan.PSW.a32

How to remove Troj/Steal-HS?

Troj/Steal-HS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment