Trojan

TrojanPSW.DiscordNET (file analysis)

Malware Removal

The TrojanPSW.DiscordNET is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanPSW.DiscordNET virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary file triggered YARA rule

How to determine TrojanPSW.DiscordNET?



File Info:

name: 8496F5E5F09842BCE498.mlw
path: /opt/CAPEv2/storage/binaries/12b4885f0e8a55daea2b94e0ce61400f55f616c3e5b16e97abb4f78ab2d6aef1
crc32: 24A49EF2
md5: 8496f5e5f09842bce498c0589a7ba4f4
sha1: 775ff3817df5ceed4eb05a66010c41efc23c7e8f
sha256: 12b4885f0e8a55daea2b94e0ce61400f55f616c3e5b16e97abb4f78ab2d6aef1
sha512: a4030d3dab75d8bf5d1285631120c5a733a4ff41370a89a9b78513d94ce11048b74ca60cecbc9988cadddd6ebc3915d6aa095c3a42edc081db9c775a7a21fe44
ssdeep: 768:D34P73ibL85y7ezSa/STMMaj6zSTzd1AX12cTTC68NNjUc5DTmdN/8+W4zwtjtgu:0SQHSDCT6MTOmf1pJ2HbVZ1+YS
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T16953A843B5E1B465E2BFAEF03437005DBF35EB97A06DD6B8854EA0143E722419079FA8
sha3_384: 3ddd7c3443c98661d6c4038621962c2078ba5aeb62c9bdd35fd68312529decb5ee043ebc63d4dbddeb49d84e5ea07579
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-06-28 17:32:42


Version Info:

Translation: 0x0000 0x04b0
Comments: By T1L_DOz0#3339
CompanyName: 
FileDescription: LePen Raid
FileVersion: 1.0.0.0
InternalName: LePen Raid.exe
LegalCopyright: Copyright ©  2020
LegalTrademarks: 
OriginalFilename: LePen Raid.exe
ProductName: MoMoHub Community
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

TrojanPSW.DiscordNET also known as:

LionicTrojan.Win32.Perseus.4!c
MicroWorld-eScanGen:Variant.MSILPerseus.224284
FireEyeGen:Variant.MSILPerseus.224284
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
SkyhighArtemis!Trojan
McAfeeArtemis!8496F5E5F098
Cylanceunsafe
ZillyaTrojan.Discord.Win32.3236
SangforTrojan.MSIL.Discord.FM
K7AntiVirusPassword-Stealer ( 00566f871 )
AlibabaTrojan:MSIL/CryptInject.b737055a
K7GWPassword-Stealer ( 00566f871 )
Cybereasonmalicious.5f0984
SymantecTrojan.Gen.MBT
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of MSIL/PSW.Discord.FM
BitDefenderGen:Variant.MSILPerseus.224284
AvastWin32:Trojan-gen
TencentWin32.Trojan.Agen.Ijgl
EmsisoftGen:Variant.MSILPerseus.224284 (B)
F-SecureTrojan.TR/PSW.Discord.ienxr
DrWebTrojan.PWS.DiscordNET.22
VIPREGen:Variant.MSILPerseus.224284
SophosMal/Disteal-I
IkarusTrojan.MSIL.PSW
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/PSW.Discord.ienxr
MicrosoftTrojan:MSIL/CryptInject.AA!MTB
ArcabitTrojan.MSILPerseus.D36C1C
GDataGen:Variant.MSILPerseus.224284
ALYacGen:Variant.MSILPerseus.224284
MAXmalware (ai score=85)
VBA32TrojanPSW.DiscordNET
MalwarebytesDiscordStealer.Spyware.Stealer.DDS
PandaTrj/GdSda.A
RisingStealer.AnarchyGrabber!1.C716 (CLASSIC)
MaxSecureTrojan.Malware.101574277.susgen
FortinetMSIL/Discord.EG!tr
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudTrojan:MSIL/GenericML.B

How to remove TrojanPSW.DiscordNET?

TrojanPSW.DiscordNET removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment