Spy Trojan

Trojan-Spy.Win32.Stealer.cppa (file analysis)

Malware Removal

The Trojan-Spy.Win32.Stealer.cppa is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan-Spy.Win32.Stealer.cppa virus can do?

  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Trojan-Spy.Win32.Stealer.cppa?


File Info:

name: B96697816EF9A8262FF9.mlw
path: /opt/CAPEv2/storage/binaries/9cb6296abd8602a29b53a43db6432c877c2850e28563bf792f4863a06f8f62a0
crc32: 04DD986C
md5: b96697816ef9a8262ff93f11ddb1bd22
sha1: 1e46e613685b1f23900884c0a1a9727e4adb0414
sha256: 9cb6296abd8602a29b53a43db6432c877c2850e28563bf792f4863a06f8f62a0
sha512: 5cac98542e439b75d22e5607406fc81c86b1e27a635960ee6433e66a4d7a960c5680f2a0d5e1c8a95eb4a69a1fa16cb293bd641b1e3d9e4f19c8758ade293c3c
ssdeep: 24576:0/5k2KksqbO/l89pN96Y5Y8D24rujMlHd1h1MiDONPbFRzvqD+Qcz5jLkzh5Ol3r:I5k2KksOO+9pNEKMFRzvO+Qcz5j9l3r
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1FBD53B139A8B0D75CED237B4A1CB633A9734FD30CA2A8B7FF648C42959532D46C5A742
sha3_384: 72bc89457cbda79e7f95d32ec1cc152fa9a32dbdb2ffab3841a16c2a1c71000c4521536b6df435b0a5f85fd8f12506d4
ep_bytes: 83ec0cc705b853550000000000e8fefe
timestamp: 2022-09-17 09:22:34

Version Info:

0: [No Data]

Trojan-Spy.Win32.Stealer.cppa also known as:

MicroWorld-eScanGen:Variant.Fragtor.142336
FireEyeGen:Variant.Fragtor.142336
McAfeeGenericRXUA-US!B96697816EF9
CylanceUnsafe
K7AntiVirusTrojan ( 005959c81 )
CyrenW32/Trojan.HLPX-5019
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HQDK
APEXMalicious
ClamAVWin.Malware.Fragtor-9934292-0
KasperskyTrojan-Spy.Win32.Stealer.cppa
BitDefenderGen:Variant.Fragtor.142336
AvastWin32:CrypterX-gen [Trj]
Ad-AwareGen:Variant.Fragtor.142336
SophosMal/Generic-S
VIPREGen:Variant.Fragtor.142336
McAfee-GW-EditionGenericRXUA-US!B96697816EF9
EmsisoftGen:Variant.Fragtor.142336 (B)
IkarusTrojan.Win32.RedlineStealer
GoogleDetected
AviraTR/Crypt.Agent.hokjb
Antiy-AVLTrojan/Generic.ASMalwS.50E8
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Trojan.PSE.1DCJQUL
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.US.R520056
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34646.R!Z@auzGZeo
MAXmalware (ai score=86)
VBA32BScope.Trojan.RedLineStealer
MalwarebytesMalware.AI.1895533466
RisingStealer.Agent!8.C2 (TFE:5:XjIDlFaMHZV)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/RedLineStealer.D!tr
AVGWin32:CrypterX-gen [Trj]

How to remove Trojan-Spy.Win32.Stealer.cppa?

Trojan-Spy.Win32.Stealer.cppa removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment