Spy Trojan

What is “Trojan-Spy.Win32.Stealer.bxcp”?

Malware Removal

The Trojan-Spy.Win32.Stealer.bxcp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.Win32.Stealer.bxcp virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan-Spy.Win32.Stealer.bxcp?



File Info:

name: CFD48FD7D9CAC5942396.mlw
path: /opt/CAPEv2/storage/binaries/27bf1ae7ef709c22ea6d2b11d1615b8bce7cab062dff58c81e9ae7c1c26249b5
crc32: 0AB2C680
md5: cfd48fd7d9cac59423969c3e11ba7938
sha1: 6562845c0e335a1f26e95facc252dc5b4975838b
sha256: 27bf1ae7ef709c22ea6d2b11d1615b8bce7cab062dff58c81e9ae7c1c26249b5
sha512: 67830523dda2eae13dd3f98c148f72a7441180505fc7a38ee30400525e082296f45fb946114c316b86f7a3093affe4b80ddd534a4f0a59a2eb4bf996426cd3c7
ssdeep: 49152:J6SrBv8x8Y6KfycE8bzDKJVIXX+dR3RVX79rv3NNyoEW3gWVup6aaIb7b7YEKtac:JR58xV64ycE8bzDKJaXX+dR3Rj3NNjEG
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T197A5ADC397851026D9A3B53A501E4D6E61261D3653CFB43B37C8BEF8E33B1C2566A623
sha3_384: 3a7a94fa68926198cf777fbe4b374126f581d6d1f2a6d40ce8162e8b7747be42f9efa42a1d8645d69aafad3f09c8c538
ep_bytes: 60f7dffc2d380300002bf387d60fcefc
timestamp: 2022-04-28 08:42:40


Version Info:

0: [No Data]

Trojan-Spy.Win32.Stealer.bxcp also known as:

MicroWorld-eScanTrojan.GenericKDZ.87096
FireEyeTrojan.GenericKDZ.87096
ALYacTrojan.GenericKDZ.87096
CylanceUnsafe
BitDefenderThetaGen:NN.ZexaF.34638.bIY@aGn5GFn
CyrenW32/Kryptik.GKG.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HPFH
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-Spy.Win32.Stealer.bxcp
BitDefenderTrojan.GenericKDZ.87096
RisingTrojan.Kryptik!8.8 (TFE:dGZlOgTKZQLtHpArTw)
Ad-AwareTrojan.GenericKDZ.87096
EmsisoftTrojan.GenericKDZ.87096 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
SophosMal/Generic-S
AviraTR/Crypt.EPACK.Gen2
ZoneAlarmTrojan-Spy.Win32.Stealer.bxcp
GDataWin32.Trojan.Kryptik.SL
AhnLab-V3Trojan/Win.Generic.R488842
McAfeeGenericRXSS-LC!CFD48FD7D9CA
VBA32BScope.Trojan.Sabsik
MalwarebytesTrojan.MalPack
APEXMalicious
MAXmalware (ai score=87)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HPEJ!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan-Spy.Win32.Stealer.bxcp?

Trojan-Spy.Win32.Stealer.bxcp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment