Trojan.PasswordStealer

By CagedTech in Trojans

Threat Scorecard

Ranking:	91
Threat Level:	80 % (High)
Infected Computers:	273,952

First Seen:	August 6, 2016
Last Seen:	April 15, 2024
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove Trojan.PasswordStealer

File System Details

Trojan.PasswordStealer may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	Help.dll	6a47f6cc6b5b48d32c285ad399b59091	10,105
Name: Help.dll MD5: 6a47f6cc6b5b48d32c285ad399b59091 Size: 5.63 KB (5632 bytes) Detections: 10,105 Type: Dynamic link library Path: I:\ProgramData\fb\Help.dll Group: Malware file Last Updated: April 15, 2024
2.	chatgptsupport.exe	4189f49681fcbd7f070174609430eb1a	123
Name: chatgptsupport.exe MD5: 4189f49681fcbd7f070174609430eb1a Size: 143.3 MB (143309270 bytes) Detections: 123 Type: Executable File Path: c:\Users\<username>\appdata\local\programs\vbloks\resources\resource Group: Malware file Last Updated: January 3, 2024
3.	Folder_Share.exe	04ca4a3f081ba875c866e6f202e062a2	47
Name: Folder_Share.exe MD5: 04ca4a3f081ba875c866e6f202e062a2 Size: 435.71 KB (435712 bytes) Detections: 47 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Folder_Share.exe Group: Malware file Last Updated: February 3, 2022
4.	sbncv.exe	3a837fa52d8e251904b66d24bea9249d	26
Name: sbncv.exe MD5: 3a837fa52d8e251904b66d24bea9249d Size: 593.92 KB (593920 bytes) Detections: 26 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\sbncv Group: Malware file Last Updated: May 20, 2019
5.	Bert.exe	9bb3638f28f1184c0ca0c1500d6698d6	21
Name: Bert.exe MD5: 9bb3638f28f1184c0ca0c1500d6698d6 Size: 2.69 MB (2699828 bytes) Detections: 21 Type: Executable File Path: %ALLUSERSPROFILE%\Bert.exe Group: Malware file Last Updated: June 26, 2020
6.	q.exe	4c9b9256c5a8db928b92d62b9206660c	9
Name: q.exe MD5: 4c9b9256c5a8db928b92d62b9206660c Size: 684.03 KB (684032 bytes) Detections: 9 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\q.exe Group: Malware file Last Updated: June 26, 2020
7.	sbncv.vbs	74c96ab122d3a7c31bcf3d30bbe9cc54	9
Name: sbncv.vbs MD5: 74c96ab122d3a7c31bcf3d30bbe9cc54 Size: 1.02 KB (1024 bytes) Detections: 9 Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\temp\sbncv\sbncv.vbs Group: Malware file Last Updated: June 26, 2020
8.	SyncHost.exe	dd49f8c25e59efd1e83965b400b36821	5
Name: SyncHost.exe MD5: dd49f8c25e59efd1e83965b400b36821 Size: 1.99 MB (1997824 bytes) Detections: 5 Type: Executable File Path: C:\Users\<username>\AppData\Local\Chrome Group: Malware file Last Updated: March 6, 2020
9.	International Business Machines Corp.exe	c8fb97a8a400781bf8f7e3d2ab66e95a	3
Name: International Business Machines Corp.exe MD5: c8fb97a8a400781bf8f7e3d2ab66e95a Size: 491.52 KB (491520 bytes) Detections: 3 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\International Business Machines Corp Group: Malware file Last Updated: March 26, 2018
10.	zbt.exe	9be2e85d0a008bb1fc5d1b0986c6b4ac	3
Name: zbt.exe MD5: 9be2e85d0a008bb1fc5d1b0986c6b4ac Size: 547.11 KB (547112 bytes) Detections: 3 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\zbt Group: Malware file Last Updated: April 21, 2018
11.	Image_Logger.exe	ed87ae934ab37b2c90dd5ca67be4ee13	3
Name: Image_Logger.exe MD5: ed87ae934ab37b2c90dd5ca67be4ee13 Size: 22.39 MB (22399509 bytes) Detections: 3 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: June 24, 2023
12.	ce17ffc16d96467ec6b8d66231bffe92.exe	91fb7f99d235f264633962f425143bc3	2
Name: ce17ffc16d96467ec6b8d66231bffe92.exe MD5: 91fb7f99d235f264633962f425143bc3 Size: 69.12 KB (69120 bytes) Detections: 2 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: July 11, 2018
13.	audioth.exe	c657b7554bc4c6209434d0c07d833c26	2
Name: audioth.exe MD5: c657b7554bc4c6209434d0c07d833c26 Size: 931.32 KB (931328 bytes) Detections: 2 Type: Executable File Path: C:\Users\Public Group: Malware file Last Updated: August 23, 2018
14.	file.exe	067a21b7c4eaf0804eca920abb213a6b	1
Name: file.exe MD5: 067a21b7c4eaf0804eca920abb213a6b Size: 671.74 KB (671744 bytes) Detections: 1 Type: Executable File Path: C:\Program Files (x86)\Oi4zt Group: Malware file Last Updated: April 27, 2018
15.	e9cfb6eb3a77cd6ea162cf4cb131b5f6ad2a679c0ba9757d718c2f9265a9668f	1c234a8879840da21f197b2608a164c9	1
Name: e9cfb6eb3a77cd6ea162cf4cb131b5f6ad2a679c0ba9757d718c2f9265a9668f MD5: 1c234a8879840da21f197b2608a164c9 Size: 386.04 KB (386048 bytes) Detections: 1 Path: %SYSTEMDRIVE%\Users\<username>\Desktop\2thu5406933073559552\e9cfb6eb3a77cd6ea162cf4cb131b5f6ad2a679c0ba9757d718c2f9265a9668f Group: Malware file Last Updated: March 25, 2021
16.	bluefield.exe	a0e0833e38b2619a1f90f3103a918b98	1
Name: bluefield.exe MD5: a0e0833e38b2619a1f90f3103a918b98 Size: 1.7 MB (1700864 bytes) Detections: 1 Type: Executable File Path: C:\Users\Public Group: Malware file Last Updated: August 23, 2018
17.	aatray.exe	2495c85309cbba36b339193d518b4cbb	1
Name: aatray.exe MD5: 2495c85309cbba36b339193d518b4cbb Size: 2.12 MB (2123776 bytes) Detections: 1 Type: Executable File Path: C:\Users\Public Group: Malware file Last Updated: August 23, 2018
18.	file.exe	4ba8fb08b10e0219f26db6d68c66c854	1
Name: file.exe MD5: 4ba8fb08b10e0219f26db6d68c66c854 Size: 539.64 KB (539648 bytes) Detections: 1 Type: Executable File Path: C:\Users\<username>\Desktop Group: Malware file Last Updated: October 9, 2018
19.	file.exe	5cd4e7b034bf422acf2d933a984e8690	1
Name: file.exe MD5: 5cd4e7b034bf422acf2d933a984e8690 Size: 241.66 KB (241664 bytes) Detections: 1 Type: Executable File Group: Malware file
20.	point.exe	ff9ac2eb4f143ce69dbcb032c355cd5d	1
Name: point.exe MD5: ff9ac2eb4f143ce69dbcb032c355cd5d Size: 475.64 KB (475648 bytes) Detections: 1 Type: Executable File Path: c:\Users\<username>\appdata\local Group: Malware file Last Updated: December 7, 2018
21.	file.exe	37603cb769804597c5567a6773d49159	1
Name: file.exe MD5: 37603cb769804597c5567a6773d49159 Size: 787.45 KB (787456 bytes) Detections: 1 Type: Executable File Path: C:\Users\<username>\Desktop Group: Malware file Last Updated: December 10, 2018
22.	file.exe	85d16c42d701f850d6a28d4b9cc56915	0
Name: file.exe MD5: 85d16c42d701f850d6a28d4b9cc56915 Size: 245.24 KB (245248 bytes) Detections: 0 Type: Executable File Group: Malware file
23.	file.exe	bbb14c8b592158de6caac3ff8b94c7a0	0
Name: file.exe MD5: bbb14c8b592158de6caac3ff8b94c7a0 Size: 1.08 MB (1081344 bytes) Detections: 0 Type: Executable File Group: Malware file
24.	file.exe	34e09f58cd14b8dada815226cebe1ba1	0
Name: file.exe MD5: 34e09f58cd14b8dada815226cebe1ba1 Size: 302.08 KB (302080 bytes) Detections: 0 Type: Executable File Group: Malware file
25.	sayed_output5b144e0.msi	902fcc181a1e43acd5a695d9a628dbcc	0
Name: sayed_output5b144e0.msi MD5: 902fcc181a1e43acd5a695d9a628dbcc Size: 352.25 KB (352256 bytes) Detections: 0 Type: Windows Installer Package Group: Malware file
26.	file.exe	94106a45d35392cc8841f43dd1057dad	0
Name: file.exe MD5: 94106a45d35392cc8841f43dd1057dad Size: 2.4 MB (2404280 bytes) Detections: 0 Type: Executable File Group: Malware file
27.	curt.dll	35a51ee0728180cfa840a80d8acc70a3	0
Name: curt.dll MD5: 35a51ee0728180cfa840a80d8acc70a3 Size: 841.72 KB (841728 bytes) Detections: 0 Type: Dynamic link library Group: Malware file
28.	origin.exe	01428fe9def50d27906308eb1e21eda2	0
Name: origin.exe MD5: 01428fe9def50d27906308eb1e21eda2 Size: 14.84 KB (14848 bytes) Detections: 0 Type: Executable File Group: Malware file

More files

Registry Details

Trojan.PasswordStealer may create the following registry entry or registry entries:

Regexp file mask

%ALLUSERSPROFILE%\Bert.exe

%ALLUSERSPROFILE%\fb\FacebookRobot[RANDOM CHARACTERS]

%ALLUSERSPROFILE%\fb\Help.dll

%ALLUSERSPROFILE%\fb\Update.dll

%ALLUSERSPROFILE%\Important.exe

%ALLUSERSPROFILE%\Vepos{0,1}.exe

%APPDATA%\Baldr.exe

%APPDATA%\Erhvervsvejledningerne6.exe

%APPDATA%\International Business Machines Corp\International Business Machines Corp.exe

%APPDATA%\Jaty\WebHelper.exe

%APPDATA%\kmsv.exe

%APPDATA%\LocalOffice\SpoolColorLV.exe

%APPDATA%\MicrosoftUpdate\MicrosoftUpdate.exe

%APPDATA%\run2.exe

%APPDATA%\Skype\Skype.exe

%APPDATA%\Tempo\BusinessDirectory.exe

%APPDATA%\tes.exe

%APPDATA%\test\test.exe

%AppData%\win32.dll

%LOCALAPPDATA%\filename.exe

%LOCALAPPDATA%\Folder_Share.exe

%LOCALAPPDATA%\NVIDIA Driver\NVIDIA Service Handler.exe

%PUBLIC%\workout.exe

%TEMP%\des_date.txt

%temp%\htn.rar

%temp%\htn.txt

%temp%\htn[NUMBERS].bat

%TEMP%\meltt.txt

%TEMP%\update.txt

%USERPROFILE%\Pictures\svchost.exe

%WINDIR%\mcicda.dll

%WINDIR%\System32\Tasks\Wirtual Internet Services

%WINDIR%\system32\wirtual.exe

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Microsoft\Tracing\starmoney_RASAPI32

SOFTWARE\Microsoft\Tracing\starmoney_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\starmoney_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\starmoney_RASMANCS

System\ControlSet001\Services\wfpgameprotect

System\ControlSet002\Services\wfpgameprotect

System\CurrentControlSet\Services\wfpgameprotect

Directories

Trojan.PasswordStealer may create the following directory or directories:

%ALLUSERSPROFILE%\task processor 3.0

%APPDATA%\Adobe Reader

%APPDATA%\AdobeR

%APPDATA%\AdobeSWF

%APPDATA%\Adobe\Adobe Inc\AdobeRead

%APPDATA%\MyOtApp

%APPDATA%\Skypee

%APPDATA%\YComLib

%HOMEDRIVE%\Chrome\XMR2

%TEMP%\jjghgjhfyt6

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan.PasswordStealer

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Trojan.PasswordStealer

File System Details

Registry Details

Directories

Submit Comment

Trending

CVE-2024-3094 Vulnerability (XZ Backdoor)

Hupdex Crypto Scam

Check-tl-ver-12-7.top

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?