Spy Trojan

Trojan-Spy.Win32.Stealer.bbrk malicious file

Malware Removal

The Trojan-Spy.Win32.Stealer.bbrk is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.Win32.Stealer.bbrk virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Binary compilation timestomping detected

How to determine Trojan-Spy.Win32.Stealer.bbrk?



File Info:

name: 06498B60457977DE2609.mlw
path: /opt/CAPEv2/storage/binaries/8e5360d064fc87f959460d510cd9de4ac02e37898a3f40cc5a60da1ca0bc3014
crc32: 90177E1A
md5: 06498b60457977de26092f267e1ccc29
sha1: e452ed5a5e7c1241e9a1b56162d63c8ff193a93a
sha256: 8e5360d064fc87f959460d510cd9de4ac02e37898a3f40cc5a60da1ca0bc3014
sha512: f0fba6ab73789c9b43af00406a9e81271990abfe115f1ee977a7900880d9593e1339ddd69c954977e0612d4cf65e7319e7622ed19dad559fce2ca8b8aea5c1e2
ssdeep: 6144:f1DbTHBt3xPZgx/xiWV+CBsurhD+qHpi0aumun2rRwdazFGOgY9HnaZkILkdSMYq:hHBzKyWZhSqHODF3zFGiHnamIIEYWQP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18BB401414A2C0B52DC258E36045E3995F66A3EFAEF949ADA3E17780D1FAC1F21073D1E
sha3_384: 032c5999b9309d7c16956275ca476b9edddd0f824c893acfe6e122ece28f2d5118bb9cda6f6a6797501570354ceaf6b2
ep_bytes: eb02bdbd50eb05dd0e87c66de8180000
timestamp: 2076-11-02 06:13:41


Version Info:

CompanyName: BreakPoint Software, Inc.
FileDescription: Hex Workshop Calculator
FileVersion: 6.8.0.5419
InternalName: CALC
LegalCopyright: Copyright (c) 1995-2014 BreakPoint Software,5419 Inc.  All Rights Reserved.
OriginalFilename: CALC.EXE
ProductName: Hex Workshop
ProductVersion: 6.8.0.5419
Translation: 0x0409 0x04b0

Trojan-Spy.Win32.Stealer.bbrk also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Stealer.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38878593
FireEyeGeneric.mg.06498b60457977de
CAT-QuickHealTrojanSpy.Stealer
ALYacTrojan.GenericKD.38878593
CylanceUnsafe
ZillyaTrojan.Stealer.Win32.21965
SangforSpyware.Win32.Stealer.bbrk
K7AntiVirusTrojan ( 0058cbd51 )
K7GWTrojan ( 0058cbd51 )
Cybereasonmalicious.a5e7c1
ArcabitTrojan.Generic.D2513D81
BitDefenderThetaGen:NN.ZexaF.34212.Gq3@aSY4xUhi
CyrenW32/Obsidium.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Obsidium.DX
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Spy.Win32.Stealer.bbrk
BitDefenderTrojan.GenericKD.38878593
AvastWin32:Trojan-gen
Ad-AwareTrojan.GenericKD.38878593
EmsisoftTrojan.GenericKD.38878593 (B)
ComodoMalware@#qz2xat6wjflx
TrendMicroTROJ_GEN.R002C0PB922
McAfee-GW-EditionBehavesLike.Win32.Generic.hc
SophosMal/Generic-S
IkarusTrojan.SuspectCRC
AviraTR/Spy.Stealer.uxglo
Antiy-AVLTrojan[Spy]/Win32.Stealer
GridinsoftMalware.Win32.GenericMC.cc
MicrosoftTrojan:MSIL/RedLineStealer.RPN!MTB
ViRobotTrojan.Win32.Z.Stealer.527360
ZoneAlarmTrojan-Spy.Win32.Stealer.bbrk
GDataTrojan.GenericKD.38878593
CynetMalicious (score: 100)
Acronissuspicious
McAfeeRDN/Generic PWS.y
MAXmalware (ai score=86)
VBA32BScope.Trojan.Packed
MalwarebytesTrojan.MalPack.Obsidium
TrendMicro-HouseCallTROJ_GEN.R002C0PB922
RisingSpyware.Convagent!8.12330 (CLOUD)
SentinelOneStatic AI – Malicious PE
FortinetW32/PossibleThreat
WebrootW32.Stealer.bbrk
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan-Spy.Win32.Stealer.bbrk?

Trojan-Spy.Win32.Stealer.bbrk removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment