Should I remove “Application.DealAgent.AIRQ”?

The Application.DealAgent.AIRQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Application.DealAgent.AIRQ virus can do?

• Behavioural detection: Executable code extraction – unpacking
• SetUnhandledExceptionFilter detected (possible anti-debug)
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• Anomalous file deletion behavior detected (10+)
• Guard pages use detected – possible anti-debugging.
• Dynamic (imported) function loading detected
• Enumerates running processes
• Expresses interest in specific running processes
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• The binary contains an unknown PE section name indicative of packing
• Authenticode signature is invalid
• Uses Windows utilities for basic functionality
• Deletes its original binary from disk
• Checks the version of Bios, possibly for anti-virtualization
• Checks the CPU name from registry, possibly for anti-virtualization
• Attempts to modify proxy settings
• Collects information to fingerprint the system
• Uses suspicious command line tools or Windows utilities

How to determine Application.DealAgent.AIRQ?

File Info:
name: 6D099845500036978A29.mlw
path: /opt/CAPEv2/storage/binaries/670715e3b0bf4197298d216b01b8b260f7935e13660fcb1d7bacc0460b94b540
crc32: 98FE9F9D
md5: 6d099845500036978a297ea4d9386ed7
sha1: 92dd5c28ae985e36c8ae029869590d458a157f92
sha256: 670715e3b0bf4197298d216b01b8b260f7935e13660fcb1d7bacc0460b94b540
sha512: f2c067ac205b4294fb51691b9a2f9c892318ae62fb0b1e6885dde73ff2610875a27a02d3b98b5abe047a3076e1809fc04e1955c7f6d345d0e469d5bd4aa9b62d
ssdeep: 24576:S4vHDybwyXJjjbgUE0wAFsjsZTj2eDpayc5c3enG7ly69VvIPqiESSI7eC/79ey9:SEHDybwyXJjjbFE/A2jsZTlayiG0NPqa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10F6512B7C4C400B1DCBAE3749765DD3DA63BEEAD5264A38C622DACAFBF077165001A11
sha3_384: e3133c3b38b6894e2d32b466e6c7a064be2c3974d2311c9c00749c2603475a5319277c6cfe5558e2271720e34afc179e
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:
Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Gufu Setup                                                  
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Gufu                                                        
ProductVersion: 3.8                 
Translation: 0x0000 0x04b0

Application.DealAgent.AIRQ also known as:

How to remove Application.DealAgent.AIRQ?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.