Trojan

Trojanpws.Win64 removal

Malware Removal

The Trojanpws.Win64 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojanpws.Win64 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Network anomalies occured during the analysis.
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Queries information on disks, possibly for anti-virtualization
  • Uses IOCTL_SCSI_PASS_THROUGH control codes to manipulate drive/MBR which may be indicative of a bootkit
  • Installs itself for autorun at Windows startup
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine Trojanpws.Win64?



File Info:

name: 6B1AD578C30EC796C8DD.mlw
path: /opt/CAPEv2/storage/binaries/e56e40b828cafc16582377e3086fa8a9f892190d2e6fe5b2686039c65dfb7360
crc32: 3D96AE1D
md5: 6b1ad578c30ec796c8dd231b5b87f901
sha1: c2afa062692c6e9973ae22bb108c2642c6682cd9
sha256: e56e40b828cafc16582377e3086fa8a9f892190d2e6fe5b2686039c65dfb7360
sha512: 47bb5a1289996adf4530b47912f7c5409797fc9c2af2e08ac80bc5c7505352d8649d7417369f2fc9db959b5f7d6fa590f63e0d8d0b3a7372881e45d783674d38
ssdeep: 196608:8pkZbUfQWfqziH+7tXZPjC5wiCdmjh/Z1FNgSbmr67GjlKf4W5VCOw:86hWyzd7pZPjCKiCkpxWSb3ajkU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T135A633C1DEF18BCBC8950B36982EF28FC586CF3766099DA22F763C8125F9D91D016256
sha3_384: a0d62ae09fb2ea07fd9dc79647bdbf862b47cc1125c9d1783e08053fd01cb24e1caf986e3c7deb909f704403729f9c7c
ep_bytes: 558bec81ecf40300005356576a205f33
timestamp: 2021-09-25 21:57:46


Version Info:

0: [No Data]

Trojanpws.Win64 also known as:

LionicTrojan.Win32.Stealer.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Trojan.GenericKDZ.82032
FireEyeGeneric.mg.6b1ad578c30ec796
CAT-QuickHealTrojanpws.Win64
McAfeeArtemis!6B1AD578C30E
CylanceUnsafe
SangforSpyware.Win32.Stealer.ky
K7AntiVirusTrojan ( 0056e5201 )
AlibabaTrojanPSW:Win32/Vimditator.0d32df3c
K7GWTrojan ( 0056e5201 )
Cybereasonmalicious.2692c6
SymantecTrojan.Gen.2
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:Trojan-Spy.Win32.Stealer
BitDefenderDropped:Trojan.GenericKDZ.82032
AvastWin32:Trojan-gen
TencentWin64.Trojan-qqpass.Qqrob.Wogg
Ad-AwareDropped:Trojan.GenericKDZ.82032
EmsisoftDropped:Trojan.GenericKDZ.82032 (B)
ComodoMalware@#2d2rbei43pln8
TrendMicroTROJ_FRS.0NA103A422
McAfee-GW-EditionGenericRXRG-RH!654E8F86AEE5
SophosMal/Generic-S
GDataWin32.Trojan.Agent.MZZTPK
WebrootW32.Trojan.GenKDZ
AviraHEUR/AGEN.1208938
KingsoftWin32.PSWTroj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ViRobotTrojan.Win32.Z.Yakes.10052622
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R460426
VBA32Backdoor.Androm
ALYacDropped:Trojan.GenericKDZ.82032
MAXmalware (ai score=80)
MalwarebytesMalware.AI.4274795064
TrendMicro-HouseCallTROJ_FRS.0NA103A422
FortinetW32/Asprotect.DBB8!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojanpws.Win64?

Trojanpws.Win64 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment