Trojan

Trojan:Win32/Stealer removal instruction

Malware Removal

The Trojan:Win32/Stealer is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Stealer virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Windows Defender AV emulator via files
  • Anomalous binary characteristics

How to determine Trojan:Win32/Stealer?



File Info:

name: C1068B1362F8852D24F1.mlw
path: /opt/CAPEv2/storage/binaries/1aef8a934ae30cfea13c2e6a6d0ac9dc6884f82570d8ac6819bde30f82cece62
crc32: D9A2CBE2
md5: c1068b1362f8852d24f15520043f8028
sha1: d7998bb9655829a7f7f3c2b1f8fdeeeb5292ef85
sha256: 1aef8a934ae30cfea13c2e6a6d0ac9dc6884f82570d8ac6819bde30f82cece62
sha512: 34e4f122823a266510a38ed28a7b0cbe6b540f1c93d4e2d1458ff049c1704b915baed011b29848492732463e4b6e5d59a5aaa17168185740757daea871e3b0ce
ssdeep: 49152:i5+hF+0HezQuSCRX3aztoAzii0umjQjcqaflc2965yZ75:i5aF+dzxSISf5NJjcT9FcQZ75
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10695121D5F9984F3EA92A0F00318E2F729BDD63E4F1989A393802356951B2CFBDF9015
sha3_384: 83e690c4ed25fff8cbb0f268a2a8b83c4325a5094b74efcafea225a5a1663c80a0bc49522a93d3610f6efc890b236c22
ep_bytes: 558bec6aff6880fa410068f0c4410064
timestamp: 2016-04-02 22:14:34


Version Info:

CompanyName: Oleg N. Scherbakov
FileDescription: 7z Setup SFX (x86)
FileVersion: 1.7.0.3900
InternalName: 7ZSfxMod
LegalCopyright: Copyright © 2005-2016 Oleg N. Scherbakov
OriginalFilename: 7ZSfxMod_x86.exe
PrivateBuild: April 1, 2016
ProductName: 7-Zip SFX
ProductVersion: 1.7.0.3900
Translation: 0x0000 0x04b0

Trojan:Win32/Stealer also known as:

LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.373066
FireEyeGeneric.mg.c1068b1362f8852d
McAfeeArtemis!C1068B1362F8
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005798ba1 )
AlibabaTrojan:Win32/Crypzip.b3f02acc
K7GWTrojan ( 005798ba1 )
Cybereasonmalicious.362f88
ArcabitTrojan.Zusy.D5B14A
CyrenW32/Kryptik.DRF.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.7Zip.S.gen
Paloaltogeneric.ml
ClamAVWin.Malware.Zusy-9847818-0
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Zusy.373066
AvastWin32:7Drop-D [Trj]
RisingTrojan.HiddenRun/SFX!1.D57B (CLASSIC)
Ad-AwareGen:Variant.Zusy.373066
EmsisoftGen:Variant.Zusy.373066 (B)
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojan.Win32.CRYPZIP.SMRAH
McAfee-GW-EditionArtemis!Trojan
SophosTroj/Agent-BGQN
JiangminTrojan/CoinMiner.ab.a
AviraTR/Patched.Gen
MicrosoftTrojan:Win32/Stealer
GDataGen:Variant.Zusy.373066
CynetMalicious (score: 100)
ALYacGen:Variant.Zusy.373066
MAXmalware (ai score=84)
VBA32Trojan.Hesv
MalwarebytesTrojan.Dropper.Generic
TrendMicro-HouseCallTrojan.Win32.CRYPZIP.SMRAH
TencentWin32.Trojan.Falsesign.Sttm
YandexTrojan.Crypzip!29dXeIIDc34
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_98%
FortinetPossibleThreat.PALLAS.H
AVGWin32:7Drop-D [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Trojan:Win32/Stealer?

Trojan:Win32/Stealer removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment