Trojan.PasswordStealer
Posted: August 6, 2016
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 258 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 662,355 |
| First Seen: | August 6, 2016 |
|---|---|
| Last Seen: | March 10, 2025 |
| OS(es) Affected: | Windows |
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Program Files\Microsoft\ExecSystem.exe
File name: ExecSystem.exeSize: 6.39 MB (6392832 bytes)
MD5: 1342205f8fccd2535d332a43d4f6720b
Detection count: 522
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files\Microsoft\ExecSystem.exe
Group: Malware file
Last Updated: January 3, 2021
%SYSTEMDRIVE%\Users\<username>\AppData\Local\Folder_Share.exe
File name: Folder_Share.exeSize: 435.71 KB (435712 bytes)
MD5: 04ca4a3f081ba875c866e6f202e062a2
Detection count: 110
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Folder_Share.exe
Group: Malware file
Last Updated: February 3, 2022
%PROGRAMFILES(x86)%\HDPlayer\AppAuthentication.exe
File name: AppAuthentication.exeSize: 147.96 KB (147968 bytes)
MD5: 3d66fc8a9e725833185132e12d8a7310
Detection count: 108
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\HDPlayer
Group: Malware file
Last Updated: September 28, 2016
%SYSTEMDRIVE%\Users\<username>\Desktop\2thu5406933073559552\e9cfb6eb3a77cd6ea162cf4cb131b5f6ad2a679c0ba9757d718c2f9265a9668f
File name: e9cfb6eb3a77cd6ea162cf4cb131b5f6ad2a679c0ba9757d718c2f9265a9668fSize: 386.04 KB (386048 bytes)
MD5: 1c234a8879840da21f197b2608a164c9
Detection count: 81
Path: %SYSTEMDRIVE%\Users\<username>\Desktop\2thu5406933073559552\e9cfb6eb3a77cd6ea162cf4cb131b5f6ad2a679c0ba9757d718c2f9265a9668f
Group: Malware file
Last Updated: March 25, 2021
%WINDIR%\SysWOW64\wirtual.exe
File name: wirtual.exeSize: 327.68 KB (327680 bytes)
MD5: 40e4105b62da869c9ef346b4966acfc9
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: July 1, 2017
C:\Users\<username>\Desktop\file.exe
File name: file.exeSize: 787.45 KB (787456 bytes)
MD5: 37603cb769804597c5567a6773d49159
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\Desktop
Group: Malware file
Last Updated: December 10, 2018
C:\Users\<username>\AppData\Local\Temp\sbncv\sbncv.exe
File name: sbncv.exeSize: 593.92 KB (593920 bytes)
MD5: 3a837fa52d8e251904b66d24bea9249d
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\sbncv
Group: Malware file
Last Updated: May 20, 2019
%APPDATA%\MsTool\dllhost.exe
File name: dllhost.exeSize: 1.91 MB (1912832 bytes)
MD5: 5967691494eed2ca323cc5a081ea742b
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\MsTool
Group: Malware file
Last Updated: November 10, 2016
%ALLUSERSPROFILE%\Bert.exe
File name: Bert.exeSize: 2.69 MB (2699828 bytes)
MD5: 9bb3638f28f1184c0ca0c1500d6698d6
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Bert.exe
Group: Malware file
Last Updated: June 26, 2020
%APPDATA%\p.exe.exe
File name: p.exe.exeSize: 166.4 KB (166400 bytes)
MD5: 4876c213f406686885b796ba01cb8484
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: July 7, 2017
%SYSTEMDRIVE%\Users\<username>\appdata\local\temp\sbncv\sbncv.vbs
File name: sbncv.vbsSize: 1.02 KB (1024 bytes)
MD5: 74c96ab122d3a7c31bcf3d30bbe9cc54
Detection count: 21
Mime Type: unknown/vbs
Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\temp\sbncv\sbncv.vbs
Group: Malware file
Last Updated: June 26, 2020
C:\Users\<username>\AppData\Local\Chrome\SyncHost.exe
File name: SyncHost.exeSize: 1.99 MB (1997824 bytes)
MD5: dd49f8c25e59efd1e83965b400b36821
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Chrome
Group: Malware file
Last Updated: March 6, 2020
C:\Users\<username>\AppData\Roaming\International Business Machines Corp\International Business Machines Corp.exe
File name: International Business Machines Corp.exeSize: 491.52 KB (491520 bytes)
MD5: c8fb97a8a400781bf8f7e3d2ab66e95a
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\International Business Machines Corp
Group: Malware file
Last Updated: March 26, 2018
C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Image_Logger.exe
File name: Image_Logger.exeSize: 22.39 MB (22399509 bytes)
MD5: ed87ae934ab37b2c90dd5ca67be4ee13
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Group: Malware file
Last Updated: November 28, 2024
curt.dll
File name: curt.dllSize: 841.72 KB (841728 bytes)
MD5: 35a51ee0728180cfa840a80d8acc70a3
Detection count: 6
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
origin.exe
File name: origin.exeSize: 14.84 KB (14848 bytes)
MD5: 01428fe9def50d27906308eb1e21eda2
Detection count: 6
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
More files
Registry Modifications
The following newly produced Registry Values are:
Regexp file mask%ALLUSERSPROFILE%\Bert.exe%ALLUSERSPROFILE%\fb\FacebookRobot[RANDOM CHARACTERS]%ALLUSERSPROFILE%\fb\Help.dll%ALLUSERSPROFILE%\fb\Update.dll%ALLUSERSPROFILE%\Important.exe%ALLUSERSPROFILE%\Vepos{0,1}.exe%APPDATA%\Baldr.exe%APPDATA%\Erhvervsvejledningerne6.exe%APPDATA%\International Business Machines Corp\International Business Machines Corp.exe%APPDATA%\Jaty\WebHelper.exe%APPDATA%\kmsv.exe%APPDATA%\LocalOffice\SpoolColorLV.exe%APPDATA%\MicrosoftUpdate\MicrosoftUpdate.exe%APPDATA%\run2.exe%APPDATA%\Skype\Skype.exe%APPDATA%\Tempo\BusinessDirectory.exe%APPDATA%\tes.exe%APPDATA%\test\test.exe%AppData%\win32.dll%LOCALAPPDATA%\filename.exe%LOCALAPPDATA%\Folder_Share.exe%LOCALAPPDATA%\NVIDIA Driver\NVIDIA Service Handler.exe%PUBLIC%\workout.exe%TEMP%\des_date.txt%temp%\htn.rar%temp%\htn.txt%temp%\htn[NUMBERS].bat%TEMP%\meltt.txt%TEMP%\update.txt%USERPROFILE%\Pictures\svchost.exe%WINDIR%\mcicda.dll%WINDIR%\System32\Tasks\Wirtual Internet Services%WINDIR%\system32\wirtual.exeHKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Tracing\starmoney_RASAPI32SOFTWARE\Microsoft\Tracing\starmoney_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\starmoney_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\starmoney_RASMANCSSystem\ControlSet001\Services\wfpgameprotectSystem\ControlSet002\Services\wfpgameprotectSystem\CurrentControlSet\Services\wfpgameprotect
Regexp file mask%ALLUSERSPROFILE%\Bert.exe%ALLUSERSPROFILE%\fb\FacebookRobot[RANDOM CHARACTERS]%ALLUSERSPROFILE%\fb\Help.dll%ALLUSERSPROFILE%\fb\Update.dll%ALLUSERSPROFILE%\Important.exe%ALLUSERSPROFILE%\Vepos{0,1}.exe%APPDATA%\Baldr.exe%APPDATA%\Erhvervsvejledningerne6.exe%APPDATA%\International Business Machines Corp\International Business Machines Corp.exe%APPDATA%\Jaty\WebHelper.exe%APPDATA%\kmsv.exe%APPDATA%\LocalOffice\SpoolColorLV.exe%APPDATA%\MicrosoftUpdate\MicrosoftUpdate.exe%APPDATA%\run2.exe%APPDATA%\Skype\Skype.exe%APPDATA%\Tempo\BusinessDirectory.exe%APPDATA%\tes.exe%APPDATA%\test\test.exe%AppData%\win32.dll%LOCALAPPDATA%\filename.exe%LOCALAPPDATA%\Folder_Share.exe%LOCALAPPDATA%\NVIDIA Driver\NVIDIA Service Handler.exe%PUBLIC%\workout.exe%TEMP%\des_date.txt%temp%\htn.rar%temp%\htn.txt%temp%\htn[NUMBERS].bat%TEMP%\meltt.txt%TEMP%\update.txt%USERPROFILE%\Pictures\svchost.exe%WINDIR%\mcicda.dll%WINDIR%\System32\Tasks\Wirtual Internet Services%WINDIR%\system32\wirtual.exeHKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Tracing\starmoney_RASAPI32SOFTWARE\Microsoft\Tracing\starmoney_RASMANCSSOFTWARE\Wow6432Node\Microsoft\Tracing\starmoney_RASAPI32SOFTWARE\Wow6432Node\Microsoft\Tracing\starmoney_RASMANCSSystem\ControlSet001\Services\wfpgameprotectSystem\ControlSet002\Services\wfpgameprotectSystem\CurrentControlSet\Services\wfpgameprotect
Additional Information
The following directories were created:
%ALLUSERSPROFILE%\task processor 3.0%APPDATA%\Adobe Reader%APPDATA%\AdobeR%APPDATA%\AdobeSWF%APPDATA%\Adobe\Adobe Inc\AdobeRead%APPDATA%\MyOtApp%APPDATA%\Skypee%APPDATA%\YComLib%HOMEDRIVE%\Chrome\XMR2%TEMP%\jjghgjhfyt6
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.