Spy Trojan

What is “Trojan-Spy.Win32.Stealer.amuc”?

Malware Removal

The Trojan-Spy.Win32.Stealer.amuc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.Win32.Stealer.amuc virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • CAPE detected the RedLine malware family
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine Trojan-Spy.Win32.Stealer.amuc?



File Info:

name: 09F61B2BA8D637F736EB.mlw
path: /opt/CAPEv2/storage/binaries/14bb993965825a1464638f718cfa97503ff6765e8913b9e2282ad0ee43971395
crc32: E4B9DA96
md5: 09f61b2ba8d637f736eb599816f87b0b
sha1: 19709b7299c0202362aa43911a944c60498f22b5
sha256: 14bb993965825a1464638f718cfa97503ff6765e8913b9e2282ad0ee43971395
sha512: 67579fac648707391a3e35594a6d0294c5c85d39fa46c383831bcfd95a7e454dfad18d09c5ee12b7ac87a5eb4b2ed668f8dcd39e40661d0eb6a7209366126c34
ssdeep: 49152:8HS4l6zbkj/iBhr6W3DpPLys4UiwOXNa4AYSb:8plbO6WdP2dwO9bUb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EB75332F29F53F15C05A9BF9A73D27A293646AC9308580F277B94C42D4054BEB73B1B8
sha3_384: 11d75b77d08a1507a6f1d71a103d9c567f40d8139ba5e66e63a67b0e7fb4539643576dee1cd1eb7a05c82e4ed4066cd5
ep_bytes: 6801c07a00e801000000c3c35a158044
timestamp: 2097-03-16 11:36:22


Version Info:

Comments: wrhdTP8f
CompanyName: WdTuBeG7
FileDescription: hX4o2GsX
FileVersion: 9,7,5,0
InternalName: 7iS2psq0
LegalCopyright: FLxy51MX
OriginalFilename: 8vL7Hdl1
ProductName: lfzSwSt1
ProductVersion: 9,7,5,0
Assembly Version: 9,7,5,0
Translation: 0x0000 0x04b0

Trojan-Spy.Win32.Stealer.amuc also known as:

BkavW32.AIDetect.malware1
LionicTrojan.MSIL.Convagent.i!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Siggen3.7629
MicroWorld-eScanTrojan.GenericKD.38198370
FireEyeGeneric.mg.09f61b2ba8d637f7
McAfeeAgentTesla-FDFF!09F61B2BA8D6
MalwarebytesTrojan.MalPack
ZillyaTrojan.Stealer.Win32.20264
SangforTrojan.Win32.Asprotect.NAY
K7AntiVirusTrojan ( 0058b28c1 )
AlibabaTrojanSpy:Win32/Stealer.35dadc81
K7GWTrojan ( 0058b28c1 )
Cybereasonmalicious.299c02
BitDefenderThetaGen:NN.ZexaF.34114.KL1aayaZvlgi
CyrenW32/Stealer.S.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Asprotect.NAY
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Spy.Win32.Stealer.amuc
BitDefenderTrojan.GenericKD.38198370
AvastWin32:Trojan-gen
Ad-AwareTrojan.GenericKD.38198370
SophosMal/Generic-S
TrendMicroTrojanSpy.Win32.STEALER.USMANL521
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftTrojan.GenericKD.38198370 (B)
IkarusTrojan.Win32.ASProtect
GDataWin32.Trojan-Stealer.CredStealer.4UQGSI
JiangminTrojanSpy.Stealer.kyq
AviraTR/Spy.Stealer.qfolx
Antiy-AVLTrojan[Packed]/Win32.Asprotect
KingsoftWin32.Troj.Stealer.am.(kcloud)
GridinsoftTrojan.Win32.Packed.vb
MicrosoftTrojan:Win32/Tiggre!rfn
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R455306
Acronissuspicious
ALYacTrojan.GenericKD.38198370
MAXmalware (ai score=100)
VBA32BScope.TrojanPSW.Agent
CylanceUnsafe
TrendMicro-HouseCallTrojanSpy.Win32.STEALER.USMANL521
YandexTrojan.GenAsa!l3ZfBja75G8
SentinelOneStatic AI – Malicious PE
FortinetW32/Asprotect.NAY!tr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan-Spy.Win32.Stealer.amuc?

Trojan-Spy.Win32.Stealer.amuc removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment