Trojan-Spy.Win32.Stealer.cqye removal instruction

The Trojan-Spy.Win32.Stealer.cqye is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Spy.Win32.Stealer.cqye virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan-Spy.Win32.Stealer.cqye?


File Info:
name: A9D78AAC4542716196AF.mlw
path: /opt/CAPEv2/storage/binaries/1da43869c753f70975bf16a445c9f300d76355fd75c7cc590059ecccb062ed7c
crc32: 29596FD1
md5: a9d78aac4542716196af3b6ad0f8320e
sha1: 13fa50a0c133c096f889345435c6a0492c17fcd1
sha256: 1da43869c753f70975bf16a445c9f300d76355fd75c7cc590059ecccb062ed7c
sha512: fea334a2b4fec5639c3fbff1d87222f1a7e0558e2f93dd8ad73f4796887643b18c8587a424c7135097dd1d1b2fbc4bf828b436a539addc5cf22c2660c9ebf1f0
ssdeep: 24576:rPuJEYEHyIvTv3YlYhIEY3uuMfqdKrRNYPF2S0Vag+eyjtLjHa8gl3RuQ55313h:DuJxESIvTscQF2Radeyjti8gl3T
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T12CC52B139A8B0D75CDD23BB491CB633AA734ED30CA2A9F7FB608C43959532C56C5A742
sha3_384: c5a2ffc65a33ee5923cdf1333949cb2a9be3d7f5b22f47883de0bcd0d3ff50d05c81bd83e527943c47e0eacfe8ce56b2
ep_bytes: 83ec0cc705b853540000000000e8bea0
timestamp: 2022-09-24 19:02:43

Version Info:
0: [No Data]

Trojan-Spy.Win32.Stealer.cqye also known as:

Cylance	Unsafe
Cyren	W32/Trojan.HLPX-5019
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HQDK
Cynet	Malicious (score: 99)
Kaspersky	Trojan-Spy.Win32.Stealer.cqye
Avast	Win32:TrojanX-gen [Trj]
DrWeb	Trojan.PWS.Steam.33091
McAfee-GW-Edition	GenericRXUA-US!A9D78AAC4542
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
GData	Win32.Trojan.PSE.14K7H74
Avira	TR/Crypt.Agent.jufkx
Antiy-AVL	Trojan/Generic.ASMalwS.5123
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
AhnLab-V3	Trojan/Win.US.C5244578
McAfee	GenericRXUA-US!A9D78AAC4542
VBA32	BScope.Trojan.RedLineStealer
Malwarebytes	Malware.AI.1259400604
Rising	Backdoor.Agent!8.C5D (TFE:5:roJ2h4dAxDP)
Ikarus	Trojan.Win32.RedlineStealer
Fortinet	W32/RedLineStealer.D!tr
BitDefenderTheta	Gen:NN.ZexaF.34682.N!Z@aqiSlqh
AVG	Win32:TrojanX-gen [Trj]

How to remove Trojan-Spy.Win32.Stealer.cqye?

Trojan-Spy.Win32.Stealer.cqye removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X