Trojan

TrojanPSW.Predator malicious file

Malware Removal

The TrojanPSW.Predator is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What TrojanPSW.Predator virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Collects information about installed applications
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients

How to determine TrojanPSW.Predator?



File Info:

crc32: 403D1049
md5: 33f1ef9ad6b769877873d3c463d2c0f4
name: one.exe
sha1: 1122303e611b5ef39bb803837549d676ef6048ea
sha256: 3db3651c5b2fc1200309482203e3e3f0a9edb7304342293410d99a9f0616cc31
sha512: 0e16bf55ee2a0e44e017dfb58a9074be45fe19954a84e4eba5efaa8efd75bd2abffb850dac1bfb38604d5b3acc9a9acdd7c333bd94590d6ee8626cfbd79d0625
ssdeep: 24576:1aUpqPg2fDEZYBlGGM+N+s7c27QNDpIKGJqUqp:VIPEZYBlGR+bf7+Dq0N
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: OPSWAT, Inc. (C)
InternalName: Centrylink2007outlook
FileVersion: 6.5.3.828
CompanyName: OPSWAT, Inc.
LegalTrademarks: OPSWAT, Inc. (C)
Comments: Lao Camcrders
ProductName: Centrylink2007outlook
ProductVersion: 6.5.3.828
FileDescription: Lao Camcrders
OriginalFilename: Centrylink2007outlook
Translation: 0x0409 0x04b0

TrojanPSW.Predator also known as:

MicroWorld-eScanGen:Variant.Razy.566122
FireEyeGeneric.mg.33f1ef9ad6b76987
CAT-QuickHealTrojan.Fuerboos
ALYacGen:Variant.Razy.566122
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
K7AntiVirusTrojan ( 005592a71 )
BitDefenderGen:Variant.Razy.566122
K7GWTrojan ( 005592a71 )
Cybereasonmalicious.e611b5
Invinceaheuristic
BitDefenderThetaGen:NN.ZexaF.32245.1u0@a4erFVfi
CyrenW32/Kryptik.AGF.gen!Eldorado
SymantecTrojan.Gen.2
Paloaltogeneric.ml
GDataGen:Variant.Razy.566122
KasperskyTrojan-PSW.Win32.Predator.dcx
AlibabaTrojan:Win32/GenKryptik.964d7c64
ViRobotTrojan.Win32.Z.Agent.880640.KW
RisingTrojan.Wacatac!8.10C01 (TFE:5:WOlYgNVmHsF)
Ad-AwareGen:Variant.Razy.566122
SophosMal/Generic-S
F-SecureTrojan.TR/AD.MalwareCrypter.canmp
DrWebTrojan.PWS.Stealer.24273
ZillyaTrojan.GenKryptik.Win32.35479
TrendMicroMal_HPGen-37b
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
SentinelOneDFI – Suspicious PE
EmsisoftGen:Variant.Razy.566122 (B)
APEXMalicious
F-ProtW32/Kryptik.AGF.gen!Eldorado
WebrootW32.Trojan.Gen
AviraTR/AD.MalwareCrypter.canmp
Antiy-AVLTrojan/Win32.Occamy
Endgamemalicious (high confidence)
ArcabitTrojan.Razy.D8A36A
ZoneAlarmTrojan-PSW.Win32.Predator.dcx
MicrosoftTrojan:Win32/Occamy.C
AhnLab-V3Malware/Win32.Hpgen.C3502964
Acronissuspicious
McAfeeRDN/Generic.gko
MAXmalware (ai score=84)
VBA32TrojanPSW.Predator
MalwarebytesTrojan.Crypt
PandaTrj/CI.A
ESET-NOD32a variant of Win32/GenKryptik.DUSK
YandexTrojan.GenKryptik!
IkarusTrojan-Ransom.GandCrab
eGambitUnsafe.AI_Score_81%
FortinetW32/GenKryptik.DUSK!tr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_90% (W)
Qihoo-360HEUR/QVM10.2.6F75.Malware.Gen

How to remove TrojanPSW.Predator?

TrojanPSW.Predator removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment