Spy Trojan

TrojanSpy:Win32/Stealer!MSR removal guide

Malware Removal

The TrojanSpy:Win32/Stealer!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanSpy:Win32/Stealer!MSR virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Queries information on disks, possibly for anti-virtualization
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine TrojanSpy:Win32/Stealer!MSR?



File Info:

name: 723A41F7AB3E9C3561FC.mlw
path: /opt/CAPEv2/storage/binaries/c62d71d8d8394949fe7d834f4026833b06dfb6b3c06c54fd1014e1fc13428726
crc32: 152B3B6A
md5: 723a41f7ab3e9c3561fca83e1f4f3c7f
sha1: d77d5594259a78fea484c1d482dd62f97fc376cd
sha256: c62d71d8d8394949fe7d834f4026833b06dfb6b3c06c54fd1014e1fc13428726
sha512: 5811b53e29596d91d899a0c507e8b30919b57a8697851c16cc75eddf50a1315a01d0f845c34cb12ef8a835e49709b890f2f3620ff17038a04f0fc4fbe077e9c0
ssdeep: 24576:ZMKfdAU16jQXZa7IYsBRSGhTlBU+4yOMsN/LKv+5aoXj4pwH5dl:ZB6cJa7HeBq9fLgw7HJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D4352251F78A5FB9F826807BE86A8902275138CFD1E1576B206F751A2CA334314F3D2B
sha3_384: b7d139fbaac29141e5b7e90ef7fd40748485937624d59e67158d4a32461d759a0617dc7eea32045fdd88c26dbba6d0e2
ep_bytes: eb0511ad8ee17b50eb058f7dca271ee8
timestamp: 2067-08-13 21:58:08


Version Info:

CompanyName: Oracle Corporation
FileDescription: Java(TM) Platform SE binary
FileVersion: 8.0.3110.11
Full Version: 1.8.0_311-b11
InternalName: mlib_image
LegalCopyright: Copyright © 2021
OriginalFilename: mlib_image.dll
ProductName: Java(TM) Platform SE 8
ProductVersion: 8.0.3110.11
Translation: 0x0000 0x04b0

TrojanSpy:Win32/Stealer!MSR also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Convagent.b!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38197347
FireEyeGeneric.mg.723a41f7ab3e9c35
CAT-QuickHealTrojanSpy.Stealer
CylanceUnsafe
ZillyaTrojan.Stealer.Win32.20411
SangforTrojan.Win32.Obsidium.CS
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojanSpy:Win32/Stealer.8149bd08
K7GWTrojan ( 0058b7821 )
K7AntiVirusTrojan ( 0058b7821 )
VirITTrojan.Win32.Genus.LAJ
ESET-NOD32a variant of Win32/Packed.Obsidium.CS
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-Spy.Win32.Stealer.anyh
BitDefenderTrojan.GenericKD.38197347
AvastWin32:Trojan-gen
Ad-AwareTrojan.GenericKD.38197347
SophosMal/Generic-S
ComodoTrojWare.Win32.Agent.dgxyk@0
DrWebTrojan.PWS.Siggen3.7858
EmsisoftTrojan.Agent (A)
IkarusTrojan.Win32.Obsidium
JiangminTrojanSpy.Stealer.jrc
eGambitUnsafe.AI_Score_98%
KingsoftWin32.Troj.Stealer.an.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D246D863
MicrosoftTrojanSpy:Win32/Stealer!MSR
AhnLab-V3Trojan/Win.Generic.R457947
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34114.cr3@aCd90Nei
ALYacTrojan.GenericKD.38197347
MAXmalware (ai score=88)
VBA32TScope.Malware-Cryptor.SB
MalwarebytesSpyware.PasswordStealer
RisingTrojan.Generic@ML.98 (RDMK:e8JA3OK7QaOuCJX/BT29fA)
YandexTrojanSpy.Stealer!TcvJIwRyaHk
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.133255462.susgen
FortinetW32/PossibleThreat
WebrootW32.Trojan.Gen
AVGWin32:Trojan-gen
PandaTrj/CI.A

How to remove TrojanSpy:Win32/Stealer!MSR?

TrojanSpy:Win32/Stealer!MSR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment