Trojan

Should I remove “Trojan-PSW.Win32.CoinStealer.bh”?

Malware Removal

The Trojan-PSW.Win32.CoinStealer.bh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-PSW.Win32.CoinStealer.bh virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Unconventionial language used in binary resources: Spanish (Modern)
  • Authenticode signature is invalid

How to determine Trojan-PSW.Win32.CoinStealer.bh?



File Info:

name: 08D9BB678E6D04226AFB.mlw
path: /opt/CAPEv2/storage/binaries/277c6acea5ff435595ba4456861fc1018aa43a63d6963252c8cc440544afce80
crc32: 8A9DF123
md5: 08d9bb678e6d04226afb409dac6df6ae
sha1: 9b976e285111b3e0a71cee1ca13864919f7b9284
sha256: 277c6acea5ff435595ba4456861fc1018aa43a63d6963252c8cc440544afce80
sha512: 72fad978f3bbf7f363dd6f1abde1aa9cb73ecd9795498a45aea59afbb4223f701622e7ff300b5aeac550be20c81d6382b3e15390ad60df1803eddf235aa7ff27
ssdeep: 384:6t6g3lNXLR1KTCyTFbBbWMSWDA4hiWEEt6g:6tJ3jdMFVSMS8xwEtJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F8B29326B68C403FF159C7B319A581B2532A7CB515888E1BBF8D4E681E366532DF0B0F
sha3_384: 2cb727268fe258889c14ac402e2ab06a9742899182f3f5504f1da2299ab9832f6e4834f39df9332cd4ee61838abeb728
ep_bytes: 68181e4000e8f0ffffff000000000000
timestamp: 2018-01-09 08:25:57


Version Info:

Translation: 0x0c0a 0x04b0
Comments: Truevib 5
CompanyName: Truevib 5
FileDescription: Truevib 5
LegalCopyright: Truevib 5
LegalTrademarks: Truevib 5
ProductName: Truevib 5
FileVersion: 6.09.0017
ProductVersion: 6.09.0017
InternalName: Truevib 5
OriginalFilename: Truevib 5.exe

Trojan-PSW.Win32.CoinStealer.bh also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
CAT-QuickHealTrojan.AgentVMF.S25435768
SkyhighGenericRXGF-DY!08D9BB678E6D
McAfeeGenericRXGF-DY!08D9BB678E6D
MalwarebytesMalware.AI.2064763958
SangforSuspicious.Win32.Save.vb
K7AntiVirusPassword-Stealer ( 0052593f1 )
AlibabaTrojanPSW:Win32/Generic.7c4b5f38
K7GWPassword-Stealer ( 0052593f1 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/PSW.VB.NON
Paloaltogeneric.ml
KasperskyTrojan-PSW.Win32.CoinStealer.bh
AvastWin32:Malware-gen
RisingStealer.VB!8.78D (CLOUD)
SophosMal/Generic-S
GoogleDetected
F-SecureHeuristic.HEUR/AGEN.1334006
Trapminemalicious.moderate.ml.score
WebrootW32.Trojan.Gen
VaristW32/VB.CK_b.gen!Eldorado
AviraHEUR/AGEN.1334006
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.TSGeneric
Kingsoftmalware.kb.a.920
XcitiumTrojWare.Win32.TrojanDownloader.VB.PMEA@4rev5s
ZoneAlarmTrojan-PSW.Win32.CoinStealer.bh
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Tiggre.R304712
BitDefenderThetaGen:NN.ZevbaF.36804.bm0@aievNTT
VBA32TrojanPSW.Agent
Cylanceunsafe
PandaTrj/Genetic.gen
TencentWin32.Trojan-QQPass.QQRob.Jtgl
YandexTrojan.GenAsa!EsIXQzNbLDk
IkarusTrojan-PSW
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Trojan-PSW.Win32.CoinStealer.bh?

Trojan-PSW.Win32.CoinStealer.bh removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment