Trojan

Trojan-PSW.Win32.Stelega.atr information

Malware Removal

The Trojan-PSW.Win32.Stelega.atr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-PSW.Win32.Stelega.atr virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Attempts to create or modify system certificates
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan-PSW.Win32.Stelega.atr?



File Info:

name: FC7AA6397F1C4EDC360E.mlw
path: /opt/CAPEv2/storage/binaries/fa5b9433fb9e3e12660e288c53d9b4cd1a07cb7a82a10f5b7f2dbd2c9870964a
crc32: 664AD6BE
md5: fc7aa6397f1c4edc360ef7c4dfb5cbd1
sha1: b001a99e855860b99498f24294c617a6b9f8f8a7
sha256: fa5b9433fb9e3e12660e288c53d9b4cd1a07cb7a82a10f5b7f2dbd2c9870964a
sha512: 572690439dd02a84fd27393b2f76e391879d81bda154725a692b1e4dda16603df4a708e0c996b98c75d55726eacbc995990ec4900a0c1717398f7ac1dfa5eca0
ssdeep: 24576:6aH9v6CGrjBnybQg+mmhdP3+mCeZ7BxkHjx0XKd4PzD9XasdciEUux1zvNCp1cUX:6MvYjUbQgwP3y4PzDVFHEUujrMcq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17095BE46E6A949B5CB7138FEB36BD6EB4A311C44DA41C9098778F9614CB3063EE2431F
sha3_384: 7cb9d71d9b99ddc586c3c4272d863f6e981bdd7a648a1e3752f4b63ddb6e08636dd30d721df42ed3897174244bbc7038
ep_bytes: 5589e583ed18c745ec1063410052ba31
timestamp: 2019-03-14 20:01:24


Version Info:

Comments: www.opautoclicker.com
FileDescription: OP Auto Clicker
FileVersion: 3.0
LegalCopyright: www.opautoclicker.com
ProductName: OP Auto Clicker
ProductVersion: 3.0
Translation: 0x0409 0x04b0

Trojan-PSW.Win32.Stelega.atr also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Stelega.i!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Siggen3.20811
MicroWorld-eScanTrojan.GenericKD.46209447
McAfeeArtemis!FC7AA6397F1C
CylanceUnsafe
ZillyaTrojan.Agent.Win32.2048522
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005725111 )
AlibabaTrojanPSW:Win32/Stelega.ff191bae
K7GWTrojan ( 005725111 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.ACLV
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-PSW.Win32.Stelega.atr
BitDefenderTrojan.GenericKD.46209447
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Trojan-gen
TencentWin32.Trojan-QQPass.QQRob.Xfow
Ad-AwareTrojan.GenericKD.46209447
SophosMal/Generic-S
VIPRETrojan.GenericKD.46209447
TrendMicroTROJ_GEN.R007C0WH722
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
FireEyeGeneric.mg.fc7aa6397f1c4edc
EmsisoftTrojan.GenericKD.46209447 (B)
WebrootW32.Malware.Gen
GoogleDetected
AviraTR/Agent.nbvcz
MAXmalware (ai score=99)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Generic.D2C119A7
GDataTrojan.GenericKD.46209447
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4449533
Acronissuspicious
VBA32TrojanPSW.Stelega
ALYacTrojan.GenericKD.46209447
TrendMicro-HouseCallTROJ_GEN.R007C0WH722
RisingTrojan.Generic@AI.90 (RDML:BKx9xmdCflLc4OCUc4S6cw)
IkarusTrojan-Spy.Copperstealer
MaxSecureTrojan.Malware.117459793.susgen
FortinetW32/Stelega.ATR!tr.pws
AVGWin32:Trojan-gen
PandaTrj/CI.A

How to remove Trojan-PSW.Win32.Stelega.atr?

Trojan-PSW.Win32.Stelega.atr removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment