Trojan

Trojan:Win32/Stealc.DW!MTB removal

Malware Removal

The Trojan:Win32/Stealc.DW!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan:Win32/Stealc.DW!MTB virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Stealc.DW!MTB?


File Info:

name: 9E347D3A9D2BB27E37A6.mlw
path: /opt/CAPEv2/storage/binaries/54e9e5877447d033c73426aaf5fd92667c0aacbe2c69d60683f05a25b649f3f6
crc32: 04440B59
md5: 9e347d3a9d2bb27e37a6915040911f58
sha1: 47d3f1008d8399bb77ff4326b5ea226762b36848
sha256: 54e9e5877447d033c73426aaf5fd92667c0aacbe2c69d60683f05a25b649f3f6
sha512: 39644706708c873a3f49e68ff530730adacafde8c0ebfeb384c975877a8079b1c35629bc8ab9c52d0941b85b8748159dbae1109389a1bb27ffaea48223c576af
ssdeep: 3072:BmcCnOhy5t4nI5Qdxl0Wbyl35JL6cTQ+QrR3JeMp1EPYsvPbZRi8A:aOhy0xuW+3C+y5eM4PFRi8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167F39D41F7D28072C477143406F0B3709EBE7AA046E98DAF5FD40F7E4F215A992359AA
sha3_384: f2dbbb15a06b5da7dfd761c31613fcb54d9924316396eb296aa7f944617f5f18fbefba63bb3ed747b15e484c0415bcbd
ep_bytes: e8a3020000e97afeffff558bec8b4508
timestamp: 2023-09-21 12:06:29

Version Info:

0: [No Data]

Trojan:Win32/Stealc.DW!MTB also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ser.Lazy.4901
ClamAVWin.Trojan.Lazy-10008543-0
MalwarebytesSpyware.Stealer
VIPREGen:Variant.Ser.Lazy.4901
Cybereasonmalicious.08d839
CyrenW32/Stealer.FL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/PSW.Agent.ORL
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-PSW.Win32.Stealerc.gen
BitDefenderGen:Variant.Ser.Lazy.4901
AvastWin32:TrojanX-gen [Trj]
EmsisoftGen:Variant.Ser.Lazy.4901 (B)
F-SecureTrojan.TR/Dldr.Agent_AGen.uppvq
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.9e347d3a9d2bb27e
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Ser.Lazy.4901
JiangminTrojan.PSW.Stealerc.gv
AviraTR/Dldr.Agent_AGen.uppvq
MAXmalware (ai score=87)
Antiy-AVLTrojan/Win32.Wacatac.b
ArcabitTrojan.Ser.Lazy.D1325
ZoneAlarmHEUR:Trojan-PSW.Win32.Stealerc.gen
MicrosoftTrojan:Win32/Stealc.DW!MTB
GoogleDetected
AhnLab-V3Trojan/Win.TrojanX-gen.R606345
BitDefenderThetaGen:NN.ZexaF.36722.kuX@aiGYJBmi
ALYacGen:Variant.Ser.Lazy.4901
VBA32BScope.TrojanPSW.Stealerc
Cylanceunsafe
PandaTrj/GdSda.A
RisingTrojan.Generic@AI.100 (RDML:JGe6V3QT4yC4EdkjVx4HLw)
FortinetW32/Agent.ORL!tr
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan:Win32/Stealc.DW!MTB?

Trojan:Win32/Stealc.DW!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment