What is “Trojan.Win32.Staser.elcv”?

The Trojan.Win32.Staser.elcv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Staser.elcv virus can do?

• Behavioural detection: Executable code extraction – unpacking
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• Possible date expiration check, exits too soon after checking local time
• Dynamic (imported) function loading detected
• Enumerates running processes
• Expresses interest in specific running processes
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• Drops a binary and executes it
• The binary contains an unknown PE section name indicative of packing
• Authenticode signature is invalid
• Attempts to modify desktop wallpaper
• Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
• Network activity detected but not expressed in API logs
• Likely virus infection of existing system binary

Related domains:

How to determine Trojan.Win32.Staser.elcv?

File Info:
name: 9D165CE8D407DA4BA0D0.mlw
path: /opt/CAPEv2/storage/binaries/f31c3ecd37049a808e48b0aaa45f62f007cbbcfc7590f77f37fa9dc8ac307124
crc32: EAAB6463
md5: 9d165ce8d407da4ba0d04268ee9b7164
sha1: 707d9a791f04408b2422fb2684d8838ae0ed7c4b
sha256: f31c3ecd37049a808e48b0aaa45f62f007cbbcfc7590f77f37fa9dc8ac307124
sha512: 3c3bf9120340fbd35a450697d520a7ae19a15c0220776b21cefdc4f037667145cc6571284a050ccfc5a735ce1834ea4b4a9a7b5425c30cc59e4f5e3973ec00b2
ssdeep: 49152:dcsQ6QE0+6yST7roSJuV/c4ObaOINXtbEBrz6AQBbYa:d1QTEBUrRsLfXAruAebYa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T170E5F227B298A53EC49E27364573A02058FFB66DF417BE1676F0C48DCF260C11E3AA65
sha3_384: 87a328c40f9227a54dbe78b01a49e7bfa709f66c7a78742b865b1dbe6d9cc3e6025ab787199111cdebc48d3381686a12
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2021-07-22 05:43:38

Version Info:
Comments: This installation was built with Inno Setup.
CompanyName: Cot Logic                                                   
FileDescription: CotList Setup                                               
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: CotList                                                     
ProductVersion: 0.8.1.0                                           
Translation: 0x0000 0x04b0

Trojan.Win32.Staser.elcv also known as:

How to remove Trojan.Win32.Staser.elcv?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.