Backdoor

How to remove “Backdoor.Win32.Poison.jqnu”?

Malware Removal

The Backdoor.Win32.Poison.jqnu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor.Win32.Poison.jqnu virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor.Win32.Poison.jqnu?



File Info:

name: 7C0F57090B749ECC3229.mlw
path: /opt/CAPEv2/storage/binaries/cd0e40ae1ec05822189292310930fbc3a3c46456ac2fa9cf4360fb5849f10518
crc32: DBDDBC31
md5: 7c0f57090b749ecc3229cc55b9cb9115
sha1: 1cb8434601d33ed00c0aea4472fa79f4586dc314
sha256: cd0e40ae1ec05822189292310930fbc3a3c46456ac2fa9cf4360fb5849f10518
sha512: 5a481a1f5108b8fe968d1ed01a46a7cd52f4493742e0ab1821ed34ade5a5e893c5bf30405b87d2836ebf3fe6d25faae7d1d6ef317f97e32a9d7a1f24492b8916
ssdeep: 98304:o5CauE/fwLvXA8vk6xxAvc2N7V/i1sbBKhDo0kxuTkbeBchPpTIj399YgiQWEyMQ:ocxE/4LYXukN7V/i1NovxuIyiPp0LMER
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EF46236321552146C5D14C3B8A27FDE136F31BA60582FC7AAC9B3DCA3A264F0B713993
sha3_384: e6a3873f3f244a2d9cf9e7e6f1a6a9060e2f3c940d5cf0a49f8fc7224fdffb07e943b1cc6452c2bd1d95001ad8f8f73e
ep_bytes: 68fcaedb73e84c84fcff8b54250066d3
timestamp: 2019-04-28 07:40:04


Version Info:

FileVersion: 1.0.0.0
FileDescription: VeriSign Class 
ProductName: VeriSign Class 
ProductVersion: 1.0.0.0
CompanyName: VeriSign Class 
LegalCopyright: VeriSign Class 
Comments: VeriSign Class
Translation: 0x0804 0x04b0

Backdoor.Win32.Poison.jqnu also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Strictor.4!c
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.48175066
ALYacTrojan.GenericKD.48175066
CylanceUnsafe
VIPRETrojan.GenericKD.48175066
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0056e6e91 )
AlibabaBackdoor:Win32/Poison.b038984e
K7GWTrojan ( 0056e6e91 )
Cybereasonmalicious.90b749
CyrenW32/FlyStudio.W.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/FlyStudio.Packed.AN potentially unwanted
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Poison.jqnu
BitDefenderTrojan.GenericKD.48175066
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.48175066
EmsisoftTrojan.GenericKD.48175066 (B)
ZillyaTrojan.GenKryptik.Win32.41801
McAfee-GW-EditionBehavesLike.Win32.Backdoor.tc
FireEyeGeneric.mg.7c0f57090b749ecc
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.48175066
AviraHEUR/AGEN.1200342
Antiy-AVLTrojan/Win32.Fuerboos
ArcabitTrojan.Generic.D2DF17DA
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
Acronissuspicious
McAfeeArtemis!7C0F57090B74
VBA32Backdoor.Poison
MalwarebytesMalware.AI.4154623427
RisingTrojan.Generic@AI.99 (RDMK:+yBGVINYO1G0zF4UbQLCPg)
YandexTrojan.GenKryptik!WiGg9iSsw78
IkarusTrojan.Win32.Krypt
MaxSecureTrojan.Malware.74217998.susgen
BitDefenderThetaGen:NN.ZexaF.34796.@B0@ay@xwVab
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Backdoor.Win32.Poison.jqnu?

Backdoor.Win32.Poison.jqnu removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment