What is “Trojan-Spy.Win32.Stealer.ckwk”?

The Trojan-Spy.Win32.Stealer.ckwk is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Spy.Win32.Stealer.ckwk virus can do?

Yara rule detections observed from a process memory dump/dropped files/CAPE
Authenticode signature is invalid
CAPE detected the RedLine malware family

How to determine Trojan-Spy.Win32.Stealer.ckwk?


File Info:
name: 8987F61B8A85898EFCD9.mlw
path: /opt/CAPEv2/storage/binaries/e9de355d13057732694f15baeca1778c2e99cf380c3da7187c12db230023138b
crc32: C57E606E
md5: 8987f61b8a85898efcd99c444b7876af
sha1: d56025e0e30606458972ebd8c5ec88ad63f29285
sha256: e9de355d13057732694f15baeca1778c2e99cf380c3da7187c12db230023138b
sha512: 628f94137c7212e0f577bcd9d55e0eb4e630be473bdbcad7ff36c21f25ba797b20b461188e9472bdac3631fe1064eb61f3be8a92f53b5e73d91ccb70ccc11335
ssdeep: 24576:gSQxN9xXR8yr5Y6YYbvbdbFMW3dq6ocIwvvvweQOF/:gBiy5mHwvvIfOF/
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T183455C2AE74715B4DA635771859EEA7B9B047A348022AE3FFF4BDA0CB4331133C85256
sha3_384: 22e822b59e428887237f8be1a61c32ade91c67f43261516a74e7a5178a120a85f558e45194a7c3a840a2eb5f26c0fc2e
ep_bytes: 83ec0cc705b823520000000000e89e18
timestamp: 2022-08-22 00:47:57

Version Info:
0: [No Data]

Trojan-Spy.Win32.Stealer.ckwk also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.91223
FireEye	Trojan.GenericKDZ.91223
McAfee	GenericRXTY-AR!8987F61B8A85
Cylance	Unsafe
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.FZBK
TrendMicro-HouseCall	TROJ_GEN.R06CC0PHN22
ClamAV	Win.Spyware.Redlinestealer-9964510-0
Kaspersky	Trojan-Spy.Win32.Stealer.ckwk
BitDefender	Trojan.GenericKDZ.91223
Cynet	Malicious (score: 100)
Avast	Win32:Trojan-gen
Ad-Aware	Trojan.GenericKDZ.91223
Emsisoft	Trojan.GenericKDZ.91223 (B)
F-Secure	Trojan.TR/Kryptik.unbzu
TrendMicro	TROJ_GEN.R06CC0PHN22
McAfee-GW-Edition	GenericRXTY-AR!8987F61B8A85
Sophos	Mal/Generic-S (PUA)
APEX	Malicious
Avira	TR/Kryptik.unbzu
MAX	malware (ai score=88)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	Trojan-Spy.Win32.Stealer.ckwk
GData	Win32.Trojan.PSE.1DV6CWU
Google	Detected
AhnLab-V3	Trojan/Win.RedLineStealer.R512127
VBA32	BScope.Trojan.Inject
Malwarebytes	Spyware.RedLineStealer
Ikarus	Trojan.Win32.RedlineStealer
Rising	Spyware.Convagent!8.12330 (TFE:5:vyWeQ8A22bD)
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (W)

How to remove Trojan-Spy.Win32.Stealer.ckwk?

Trojan-Spy.Win32.Stealer.ckwk removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X