Spy Trojan

What is “Trojan-Spy.Win32.Stealer.wer”?

Malware Removal

The Trojan-Spy.Win32.Stealer.wer is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.Win32.Stealer.wer virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial language used in binary resources: Polish
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Network activity detected but not expressed in API logs
  • Attempts to identify installed AV products by installation directory
  • Anomalous binary characteristics

How to determine Trojan-Spy.Win32.Stealer.wer?



File Info:

crc32: 0FDCEE21
md5: d83cd7278c47f4f3c7884eb9593a256c
name: D83CD7278C47F4F3C7884EB9593A256C.mlw
sha1: 026983b49e5356ed0497109de09ea43e5be9e54c
sha256: 9986d7d421e26cce5a64a65a7f72b757043cbe7dfe2dd0b32f66d25203922415
sha512: 5b84ede84c3c76795e45dcc1cc8e186be3f09d03f4965c8b88bda8294f2c0b9983dde4b37532773b07cafe3a1483c8aedd4c4230dbdc06714c5c7c097386fa1b
ssdeep: 12288:wQTTl0gbCBn4RYTDD0LGz3G7FmTy21Ya0ovDLl28eAX95VGyt:Ogi42b0K27FmTPuovt28ztu8
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

InternalSurname: vebug.ekzec
Prod: 1.2.5
FileVersions: 1.0.5.8
LegalCo: Copyri (C) 2019, permudationzy

Trojan-Spy.Win32.Stealer.wer also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.36066182
FireEyeGeneric.mg.d83cd7278c47f4f3
CAT-QuickHealTrojan.Multi
Qihoo-360Generic/HEUR/QVM11.1.805B.Malware.Gen
McAfeeRDN/GenericM
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 00575ee91 )
BitDefenderTrojan.GenericKD.36066182
K7GWTrojan ( 00575ee91 )
Cybereasonmalicious.49e535
CyrenW32/Kryptik.CXI.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:TrojanX-gen [Trj]
KasperskyTrojan-Spy.Win32.Stealer.wer
AlibabaTrojanSpy:Win32/Stealer.ae9197da
ViRobotTrojan.Win32.Z.Zenpack.625152
RisingTrojan.Ransom.GlobeImposter!1.AF70 (TFE:5:bYXJg1YG3DR)
Ad-AwareTrojan.GenericKD.36066182
EmsisoftTrojan.GenericKD.36066182 (B)
ComodoMalware@#1m7vyccrgxxww
F-SecureTrojan.TR/AD.PredatorThief.sphdz
DrWebTrojan.PWS.Siggen2.61052
ZillyaTrojan.Stealer.Win32.9833
TrendMicroTrojan.Win32.MALREP.THAOIBA
McAfee-GW-EditionBehavesLike.Win32.Trojan.jc
SophosMal/Generic-S
IkarusTrojan-Spy.Agent
JiangminTrojanSpy.Stealer.dnw
WebrootW32.Trojan.Gen
AviraTR/AD.PredatorThief.sphdz
MAXmalware (ai score=98)
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Glupteba.KMG!MTB
GridinsoftTrojan.Win32.Packed.oa
ArcabitTrojan.Generic.D2265386
ZoneAlarmTrojan-Spy.Win32.Stealer.wer
GDataTrojan.GenericKD.36066182
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R362780
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34760.MmGfaiKgGFfG
VBA32TrojanSpy.Stealer
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Kryptik.HIQX
TrendMicro-HouseCallTrojan.Win32.MALREP.THAOIBA
YandexTrojan.GenAsa!A3rOJaxYS2w
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_93%
FortinetW32/Kryptik.HGHW!tr
AVGWin32:TrojanX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan-Spy.Win32.Stealer.wer?

Trojan-Spy.Win32.Stealer.wer removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment