Trojan-Spy.Win32.Stealer.aomo removal tips

The Trojan-Spy.Win32.Stealer.aomo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Spy.Win32.Stealer.aomo virus can do?

• Behavioural detection: Executable code extraction – unpacking
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• NtSetInformationThread: attempt to hide thread from debugger
• Dynamic (imported) function loading detected
• Enumerates running processes
• Expresses interest in specific running processes
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• Unconventionial language used in binary resources: Serbian (Cyrillic)
• The binary contains an unknown PE section name indicative of packing
• The binary likely contains encrypted or compressed data.
• Authenticode signature is invalid
• Detects Sandboxie through the presence of a library
• Queries information on disks, possibly for anti-virtualization
• Checks for the presence of known windows from debuggers and forensic tools
• Checks for the presence of known devices from debuggers and forensic tools
• Detects VirtualBox through the presence of a device
• Anomalous binary characteristics
• Binary compilation timestomping detected

How to determine Trojan-Spy.Win32.Stealer.aomo?

File Info:
name: 303F53898524448B232A.mlw
path: /opt/CAPEv2/storage/binaries/15a8e9422ff4b53917e28a2f3abcfe734a0b9c290ca540c9b194dfea3d2462ec
crc32: E0AA7806
md5: 303f53898524448b232a5c18c4111d6f
sha1: 57e444bf7d40b63f515bc1717f0c2350d4997e03
sha256: 15a8e9422ff4b53917e28a2f3abcfe734a0b9c290ca540c9b194dfea3d2462ec
sha512: d5da5db02c0ccf50ada9a3aaa7e138979477272c1702615a86c7c1bf69236ba149035859009d34ea7dcfddaa0f83833a280d5439e4222612a3d4ba19d44305c7
ssdeep: 12288:L+X3tqh1XZaMDTSFa8IpHANqWCGiHy+94NZCGO/94v:LAqTpaMDT0IpHAN1HUyC4U
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F7A4025122F90558F2F7B7349DF59AE149F27C638839E19D13843E0D2A76D02FA68B23
sha3_384: 0f9e795217c7f47af4772c9440cc8b9640225800f31fd7d9f5ab57ec915a9f161c8349dc43dd2e87e58d7fba5f7cf7f5
ep_bytes: eb05399e99f6a050eb05c7ccd6f2b2e8
timestamp: 2099-11-08 10:21:09

Version Info:
CompanyName: Google LLC
FileDescription: Google Update Setup
FileVersion: 1.3.35.452
InternalName: Google Update Setup
LegalCopyright: Copyright 2018 Google LLC
OriginalFilename: GoogleUpdateSetup.exe
ProductName: Google Update
ProductVersion: 1.3.35.452
LanguageId: en
Translation: 0x0409 0x04b0

Trojan-Spy.Win32.Stealer.aomo also known as:

How to remove Trojan-Spy.Win32.Stealer.aomo?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.