Categories: Trojan

Trojan:Win32/EyeStye.plugin information

The Trojan:Win32/EyeStye.plugin is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/EyeStye.plugin virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
Expresses interest in specific running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Code injection with CreateRemoteThread in a remote process
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
A process attempted to delay the analysis task by a long amount of time.
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Attempts to modify browser security settings
Creates a copy of itself
Attempts to disable browser security warnings
Harvests cookies for information gathering

How to determine Trojan:Win32/EyeStye.plugin?


File Info:
name: 7B8EB433C1EFCB949DD6.mlwpath: /opt/CAPEv2/storage/binaries/19932173cd9dd793f81e30b60973e04133a6fb84e0890b9e50664b89b4a72943crc32: ACA2E976md5: 7b8eb433c1efcb949dd621b22df22ac2sha1: 17dd3ed9aeea39c8aadea346308b0a13b934576dsha256: 19932173cd9dd793f81e30b60973e04133a6fb84e0890b9e50664b89b4a72943sha512: 0758248f5f31d2269e43ff2ffc5fbd158605669dbf9206620a69521aef3192f1c0101b5744dec021227de79e79781f8e23a019db2fc320e711afb54c957211a2ssdeep: 3072:PFwhoxGVdpfWye8n5nT9vulZM2S6VWR9lD+m82PZc+WQiFKpf4/hhxkdJ:PFuxfWOZ5V76VY9lSm8YdyifEPxStype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A614234E0790C7F5E7BB5EB4A1920759557CBCC2C6EC21CD543893F1AA2B1E306AE913sha3_384: 637f3098cc302daf86d0ef286f132a928ba3a0d07d183c29ce87f02cd3967bd1df535b201fc3e1517804688882b89660ep_bytes: 60be00b044008dbe0060fbff5783cdfftimestamp: 2004-06-08 08:59:05
Version Info:
CompanyName: AVG Technologies CZ, s.r.o.FileDescription: AVG Tray MonitorFileVersion: 9.0.0.871InternalName: avgtrayLegalCopyright: Copyright © 2010 AVG Technologies CZ, s.r.o.OriginalFilename: avgtray.exeProductName: AVG Internet SecurityProductVersion: 9.0.0.871PrivateBuild: Win32 Release_UnicodeSpecialBuild: Avg8VC8_2010_1109_133319(871), SVNRev 145063 (/branches/release/SmallUpdate9-12)Translation: 0x0409 0x04e4

Trojan:Win32/EyeStye.plugin also known as:

Bkav	W32.MosquitoQKK.Fam.Trojan
Lionic	Trojan.Win32.Diple.4!c
MicroWorld-eScan	Gen:Heur.FKP.!c!.1
FireEye	Gen:Heur.FKP.!c!.1
CAT-QuickHeal	Worm.SlenfBot.Gen
ALYac	Gen:Heur.FKP.!c!.1
Cylance	Unsafe
Zillya	Trojan.Diple.Win32.4493
Sangfor	Trojan.Win32.EyeStye.H
K7AntiVirus	Trojan ( f1000f011 )
Alibaba	Trojan:Win32/EyeStye.808bbe89
K7GW	Trojan ( f1000f011 )
Cybereason	malicious.3c1efc
VirIT	Trojan.Win32.Siggen2.BHGA
Cyren	W32/Zbot.CN.gen!Eldorado
Symantec	Downloader.Lofog!gen4
ESET-NOD32	a variant of Win32/Kryptik.LPD
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Spyware.Zbot-1279
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Heur.FKP.!c!.1
NANO-Antivirus	Trojan.Win32.Diple.ieicl
ViRobot	Trojan.Win32.A.Diple.200192.J[UPX]
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Generic.Ajvy
Ad-Aware	Gen:Heur.FKP.!c!.1
Sophos	Mal/Generic-R + Mal/FakeAV-IU
Comodo	TrojWare.Win32.Trojan.XPACK.Gen@2ho5ur
DrWeb	Trojan.Siggen2.22464
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_CRYPTR.SMAL
McAfee-GW-Edition	W32/Pinkslipbot.gen.ae
Emsisoft	Gen:Heur.FKP.!c!.1 (B)
SentinelOne	Static AI – Malicious PE
GData	Gen:Heur.FKP.!c!.1
Jiangmin	Packed.Krap.fnxn
Webroot	W32.Infostealer.Gen
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.18E4DB6
Kingsoft	Win32.Troj.Diple.(kcloud)
SUPERAntiSpyware	Trojan.Agent/Gen-FakeAVG
Microsoft	Trojan:Win32/EyeStye.plugin
Cynet	Malicious (score: 99)
AhnLab-V3	Worm/Win32.Kolab.R3715
McAfee	Artemis!7B8EB433C1EF
MAX	malware (ai score=99)
VBA32	Trojan.Zeus.EA.0999
Malwarebytes	Malware.Heuristic.1003
TrendMicro-HouseCall	TROJ_CRYPTR.SMAL
Rising	Worm.Kolab!8.1C4D (CLOUD)
Yandex	Trojan.GenAsa!aj/jMlpwICk
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Kryptik.NAS!tr
BitDefenderTheta	Gen:NN.ZexaF.34212.mmKfa0HEfigc
AVG	Win32:Malware-gen
Panda	Bck/Qbot.AO
CrowdStrike	win/malicious_confidence_100% (W)