Trojan

Trojan.Stealer (A) (file analysis)

Malware Removal

The Trojan.Stealer (A) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Stealer (A) virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Anomalous binary characteristics

How to determine Trojan.Stealer (A)?



File Info:

name: 7B9CADAC86DCBD6CC210.mlw
path: /opt/CAPEv2/storage/binaries/fa70a93f5f32824f76bad2637e773f9857a03407f4c3b603099cfdf0816290b3
crc32: 75610BE9
md5: 7b9cadac86dcbd6cc210958ea6be7556
sha1: ee15e4b4a89b4a9bfb86ebd769f2a6f79f0dd8f6
sha256: fa70a93f5f32824f76bad2637e773f9857a03407f4c3b603099cfdf0816290b3
sha512: 0fb7aebc2d749d187dc0bb0ca44b9161a737330b99b8a2611581095ef8fbfa741e56c40ec0f9b868163d70fd59cc97e411f255f8d49bcbd346a3972c0cdf68ee
ssdeep: 98304:EewBvfSmizKuQbC0dzmVPdu7j7C3RqQns0vKCyXpGy:Evv6b45k87j7aRqTSKCyEy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T142F533127FFD82B2C9E2017064041B6223E4EEB26BF448DF5BC0B85A6E5BBD14974CD6
sha3_384: 7e5e15567aeaa247f09ef0427a633f76ff9a82ff7765490002f2b958c68605464ed2bea232172923fc1b95c0fad2a58b
ep_bytes: 558bec6aff6810b34100684088410064
timestamp: 2016-01-14 18:28:57


Version Info:

CompanyName: Microsoft Corporation
LegalCopyright: Copyright Microsoft Corporation
OriginalFilename: msedgeupdate.dll
FileVersion: 1.3.147.37
ProductName: Microsoft Edge Update
ProductVersion: 1.3.147.37
InternalName: Microsoft Edge Update
FileDescription: Microsoft Edge Update
Created: 7z SFX Constructor v4.6.0.0 (http://usbtor.ru/viewtopic.php?t=798)
Builder: ahileeeeeess 00:20:43 03/08/2022
Translation: 0x0000 0x04b0

Trojan.Stealer (A) also known as:

LionicTrojan.MSIL.Stealer.l!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen18.33708
MicroWorld-eScanTrojan.GenericKD.61201543
FireEyeTrojan.GenericKD.61201543
CAT-QuickHealTrojanSpy.MSIL
ALYacTrojan.GenericKD.61201543
CylanceUnsafe
SangforSpyware.Win32.Starter.Vkzl
K7AntiVirusTrojan ( 005715c71 )
AlibabaTrojanSpy:MSIL/Stealer.57de4dfe
K7GWTrojan ( 005715c71 )
SymantecTrojan.Gen.MBT
ESET-NOD32BAT/Starter.NHH
TrendMicro-HouseCallTROJ_GEN.R002C0WH722
Paloaltogeneric.ml
ClamAVWin.Adware.InstallPack-9918495-0
KasperskyTrojan-Spy.MSIL.Stealer.dml
BitDefenderTrojan.GenericKD.61201543
AvastWin32:Trojan-gen
Ad-AwareTrojan.GenericKD.61201543
SophosMal/Generic-S (PUA)
F-SecureHeuristic.HEUR/AGEN.1251034
VIPRETrojan.GenericKD.61201543
TrendMicroTROJ_GEN.R002C0WH722
McAfee-GW-EditionArtemis!Trojan
EmsisoftTrojan.Stealer (A)
GDataTrojan.GenericKD.61201543
JiangminTrojan.BAT.mv
AviraHEUR/AGEN.1251034
ZoneAlarmTrojan-Spy.MSIL.Stealer.dml
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R511719
McAfeeArtemis!7B9CADAC86DC
MAXmalware (ai score=86)
MalwarebytesMalware.AI.4213000808
MaxSecureTrojan.Malware.186512542.susgen
FortinetW32/Starter.NHH!tr
AVGWin32:Trojan-gen

How to remove Trojan.Stealer (A)?

Trojan.Stealer (A) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment