Spy Trojan

Should I remove “UDS:Trojan-Spy.Win32.Stealer.ciwd”?

Malware Removal

The UDS:Trojan-Spy.Win32.Stealer.ciwd is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What UDS:Trojan-Spy.Win32.Stealer.ciwd virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics

How to determine UDS:Trojan-Spy.Win32.Stealer.ciwd?

File Info:

name: 680CE6B377059BA46C9E.mlw
path: /opt/CAPEv2/storage/binaries/036f86a5fec1dbbf94ef4e98623c96a737c9564b16b23caf19158c6d318c5be8
crc32: 31926226
md5: 680ce6b377059ba46c9e87f80b543bbd
sha1: 09d0ba90d1dd0c7ed80ff1ef6a3f6ace7f7e7ae8
sha256: 036f86a5fec1dbbf94ef4e98623c96a737c9564b16b23caf19158c6d318c5be8
sha512: d4fbb310f4d735b3a6cd184e165400f0099f1c03355fb14c1a835bc53e18102c7509110d3cee94d7d95aa95cf592d9c1897617250b4e09daf8ec59db7da732ba
ssdeep: 24576:Go00znPXaLxs1uYBYY8e1vBSMh/drbEWbt1/MBc2mWLeFq8yl3RuQ55313L:G6zPXSxsQbqT/MBc2mWl8yl3V
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1C4C53B135A8B0E79DDD23BB461CB633AA734ED30CA3A9B7FB608C43559532C56C1A742
sha3_384: a31baa8115ef64c30feba5a29f2cd3678bc386b411bec39c308fcdea5ff32667f8db297e422fd29dd8288edf54598472
ep_bytes: 83ec0cc705d8b3520000000000e88e67
timestamp: 2022-08-01 20:38:23

Version Info:

0: [No Data]

UDS:Trojan-Spy.Win32.Stealer.ciwd also known as:

Elasticmalicious (high confidence)
K7AntiVirusTrojan ( 00593a4b1 )
K7GWTrojan ( 00593a4b1 )
ESET-NOD32a variant of Win32/Kryptik.HQDK
AvastFileRepMalware [Misc]
SentinelOneStatic AI – Suspicious PE
CynetMalicious (score: 100)
RisingSpyware.Convagent!8.12330 (TFE:dGZlOgUz6kFAynQuKA)
AVGFileRepMalware [Misc]

How to remove UDS:Trojan-Spy.Win32.Stealer.ciwd?

UDS:Trojan-Spy.Win32.Stealer.ciwd removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment