Trojan

Trojan-PSW.Win32.Stealer.wtd (file analysis)

Malware Removal

The Trojan-PSW.Win32.Stealer.wtd is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-PSW.Win32.Stealer.wtd virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Possible date expiration check, exits too soon after checking local time
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Network activity detected but not expressed in API logs
  • CAPE detected the A310Logger malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

Related domains:

wpad.local-net

How to determine Trojan-PSW.Win32.Stealer.wtd?



File Info:

name: 85DF23E3B2AA5EA0D17F.mlw
path: /opt/CAPEv2/storage/binaries/7c1e5d688d1e1e7d641fae1f0915b86a1632b7d3e1ac409d41367069ed16b41c
crc32: F03DD5F7
md5: 85df23e3b2aa5ea0d17f7c13f15378fa
sha1: 4d315941723741fad03d39ddd7c21de571593fcb
sha256: 7c1e5d688d1e1e7d641fae1f0915b86a1632b7d3e1ac409d41367069ed16b41c
sha512: 7e45ece4e4c7bf21e07d7e7990bfe5389e0efd5d41b1ca1406f414f4efb0fe62450ded4093030fd43a904dbad642081165f725a0547071d98927686f715c371d
ssdeep: 24576:EZNxGn6eAZxSl+vFDNWX3UA8YyeqU1eyjTnIIQsV9giaMw9OeeEM92izKfRwz1ar:EAn663UA8FJq4unpM9rFhmOwz1FlE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B745331FD1E10FCDE626E0F590F7DE064FA48596FCB0C52A7BA82A9E83D22C854125F5
sha3_384: 47bdfec5b324f1b2169b5caa94a30235b3777077125446ffb588068e8759d3a0a61e5910a9787d185a5cadec30f7cfa4
ep_bytes: eb1066623a432b2b484f4f4b90e90010
timestamp: 2085-03-15 07:07:27


Version Info:

Translation: 0x0000 0x04b0
Comments: 44 CALIBER
CompanyName: 44 CALIBER
FileDescription: 44 CALIBER
FileVersion: 1.6.2.0
InternalName: Insidious.exe
LegalCopyright: FuckTheSystem Copyright ©  2021
LegalTrademarks: 
OriginalFilename: Insidious.exe
ProductName: 44 CALIBER
ProductVersion: 1.6.2.0
Assembly Version: 1.6.2.0

Trojan-PSW.Win32.Stealer.wtd also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Stealer.i!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.85df23e3b2aa5ea0
McAfeeGenericRXPG-OJ!85DF23E3B2AA
CylanceUnsafe
K7AntiVirusTrojan ( 0055f2201 )
AlibabaTrojanPSW:Win32/Stealer.5b214c77
K7GWTrojan ( 0055f2201 )
Cybereasonmalicious.172374
CyrenW32/Trojan.FFG.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Enigma.DS
APEXMalicious
AvastWin32:Trojan-gen
KasperskyTrojan-PSW.Win32.Stealer.wtd
BitDefenderTrojan.GenericKD.38101242
MicroWorld-eScanTrojan.GenericKD.38101242
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
Ad-AwareTrojan.GenericKD.38101242
SophosMal/Generic-S
DrWebTrojan.PWS.Siggen3.6726
TrendMicroTROJ_GEN.R002C0DKN21
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftTrojan.GenericKD.38101242 (B)
Paloaltogeneric.ml
AviraHEUR/AGEN.1142094
GridinsoftRansom.Win32.Gen.sa
MicrosoftTrojan:Win32/ProtectorEnigma.RF!MTB
ViRobotTrojan.Win32.Z.Enigma.1236992
GDataTrojan.GenericKD.38101242
AhnLab-V3Trojan/Win.Generic.R415459
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34294.lz0@aWiBM9j
ALYacTrojan.GenericKD.38101242
MAXmalware (ai score=81)
VBA32Trojan.Inject
MalwarebytesSpyware.PasswordStealer.44
TrendMicro-HouseCallTROJ_GEN.R002C0DKN21
SentinelOneStatic AI – Malicious PE
FortinetW32/CoinMiner.AK!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_80% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan-PSW.Win32.Stealer.wtd?

Trojan-PSW.Win32.Stealer.wtd removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment