Spy Trojan

What is “Trojan:Win32/Spy!pz”?

Malware Removal

The Trojan:Win32/Spy!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan:Win32/Spy!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the embedded pe malware family
  • Binary file triggered YARA rule
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Attempts to access Bitcoin/ALTCoin wallets
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Spy!pz?


File Info:

name: E016AA16DAE9761BCAEA.mlw
path: /opt/CAPEv2/storage/binaries/9bde87483a40c05b178fc40941f2411d664835d4cc812855ed301f9b2993ba5f
crc32: 1EC87CC7
md5: e016aa16dae9761bcaea0e682760edce
sha1: d0aa550f27d19f3812137dac37967292705b4e63
sha256: 9bde87483a40c05b178fc40941f2411d664835d4cc812855ed301f9b2993ba5f
sha512: d6b64fe89b78a3c782cdcb017735164911ee564a016f6ded7682d6abdfac94ca735b7964478e0b7660ad2dfeda1e1f3ee23592263706547f18cf236b30215b68
ssdeep: 6144:3YASJKenie2xT2NU2OTFQb8Fb0IQUfFmn:3k5nilTFQbI0v+o
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B034F12ED6137AC5C62CBA7C14F32B7C9E47102B177807251B8BD60DEA982B17F97208
sha3_384: 5e14fab3e4126830598084dfb6a5d15a18de23e212f5bfc41d49e2d0e633844448159a257e702e70b53aca8d48c62b7e
ep_bytes: 558bec81ec040100006a01ff15904040
timestamp: 2015-09-01 08:30:23

Version Info:

0: [No Data]

Trojan:Win32/Spy!pz also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebTrojan.Siggen27.33733
MicroWorld-eScanGeneric.Zamg.X.3D6B9CBC
FireEyeGeneric.mg.e016aa16dae9761b
SkyhighBehavesLike.Win32.Generic.dc
McAfeeGenericRXNC-NE!E016AA16DAE9
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Shifu.Win32.1668
SangforTrojan.Win32.Save.a
K7AntiVirusSpyware ( 004ce3951 )
K7GWSpyware ( 004ce3951 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.19B1B57A1B
VirITTrojan.Win32.Injector.CCS
SymantecSMG.Heur!gen
ESET-NOD32a variant of Win32/Spy.Shiz.NCR
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Gamarue-9832405-0
KasperskyHEUR:Trojan-Banker.Win32.Shifu.pef
BitDefenderGeneric.Zamg.X.3D6B9CBC
NANO-AntivirusTrojan.Win32.Invader.ggbjbz
SUPERAntiSpywareTrojan.Agent/Gen-Injector
AvastWin32:Shifu-B [Trj]
TencentTrojan.Win32.Spy.tb
TACHYONBanker/W32.Shifu.237590
EmsisoftGeneric.Zamg.X.3D6B9CBC (B)
F-SecureTrojan.TR/ATRAPS.Gen
VIPREGeneric.Zamg.X.3D6B9CBC
TrendMicroTrojanSpy.Win32.SHIZ.SMTH
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Invader.cms
GoogleDetected
AviraTR/ATRAPS.Gen
Antiy-AVLTrojan/Win32.Invader
MicrosoftTrojan:Win32/Spy!pz
XcitiumTrojWare.Win32.Spy.Shiz.NCA@8m98i8
ArcabitGeneric.Zamg.X.3D6B9CBC
ZoneAlarmHEUR:Trojan-Banker.Win32.Shifu.pef
GDataGeneric.Zamg.X.3D6B9CBC
VaristW32/Shiz.AH.gen!Eldorado
AhnLab-V3Trojan/Win.Shifu.R639506
ALYacGeneric.Zamg.X.3D6B9CBC
MAXmalware (ai score=82)
VBA32BScope.TrojanRansom.Blocker
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTrojanSpy.Win32.SHIZ.SMTH
RisingSpyware.Shiz!8.4BA (TFE:2:RlW8FkxcJgM)
YandexTrojan.GenAsa!66C98u5XYiI
IkarusTrojan-Spy.Win32.Shiz
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Shiz.NCR!tr.spy
AVGWin32:Shifu-B [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Shifu.A

How to remove Trojan:Win32/Spy!pz?

Trojan:Win32/Spy!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment