What is “BAT/Agent.QBP”?

The BAT/Agent.QBP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What BAT/Agent.QBP virus can do?

Sample contains Overlay data
Uses Windows utilities for basic functionality
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Deletes executed files from disk

How to determine BAT/Agent.QBP?


File Info:
name: B4AF38A5C0B67D67FE67.mlw
path: /opt/CAPEv2/storage/binaries/3a920300f139ba5753986f2d8efdefc70d5d264a529fb32b46d282f967b781c5
crc32: B8DE7483
md5: b4af38a5c0b67d67fe676d45b935ce75
sha1: df680a53cb0b0e316a22292c76781209cde0dccd
sha256: 3a920300f139ba5753986f2d8efdefc70d5d264a529fb32b46d282f967b781c5
sha512: 746884569c69040f260ad6d371e4a9977cf6928556d602fbd587dd45529f82ba32b76c4520f8efa670adf9096dc5f6b6b807cdf673079475d3d92ab3e329375e
ssdeep: 3072:6zltUSOsaWc8mlsoT/PV8ziN/djco3ZGBjM0:eHOsaWc8Cso/PVDdjw/
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1BBD33B1FB74913B3C2C202B9160A78F6E75B7A79232547E3119CC09E92A9FE4C7B7164
sha3_384: ed825d8827c786e14d6b0b86a54448898c008ef588194fb12bac2d7abf4ae89278bd48a8258c32a1c5e22b67be6a3062
ep_bytes: 6800010000680000000068d8e34000e8
timestamp: 2015-06-15 16:06:34

Version Info:
CompanyName: Scanvec
FileVersion: 1,0,0,0
ProductName: Flexisign
ProductVersion: 1.0.0.0
LegalCopyright: www.signs101.com
Translation: 0x0000 0x04e4

BAT/Agent.QBP also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Multi.Generic.mAxd
tehtris	Generic.Malware
DrWeb	BAT.Siggen.250
FireEye	Generic.mg.b4af38a5c0b67d67
Skyhigh	BehavesLike.Win32.Backdoor.ch
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Joke.Win32.Agent.Vc60
CrowdStrike	win/malicious_confidence_90% (D)
Alibaba	Trojan:Win32/WrongInf.7ded1b8e
BitDefenderTheta	Gen:NN.ZexaF.36802.hC3@ayGroLf
VirIT	Backdoor.Win32.Generic.CNLA
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	BAT/Agent.QBP
APEX	Malicious
ClamAV	Win.Packed.Barys-10002063-0
Kaspersky	UDS:Hoax.Win32.Agent.gen
NANO-Antivirus	Virus.Win32.Sality.bgiylc
Avast	Win32:WrongInf-E [Susp]
Rising	PUF.Agent!8.1B6B (TFE:5:glJui2UR09D)
Sophos	Mal/Generic-S
Google	Detected
F-Secure	Trojan.TR/Dropper.Gen
Trapmine	malicious.high.ml.score
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDropper.Daws.fyt
Varist	W32/Trojan.OTMT-9114
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Win32.Lazy
Kingsoft	malware.kb.a.817
Microsoft	Trojan:Win32/Lazy.AB!MTB
ZoneAlarm	Hoax.Win32.Agent.gen
GData	Win32.Trojan.PSE.WEKX0Z
Cynet	Malicious (score: 100)
McAfee	Artemis!B4AF38A5C0B6
Cylance	unsafe
Panda	Trj/Genetic.gen
Zoner	Trojan.Win32.64771
Tencent	Trojan.Win32.Agent.kbv
Ikarus	Trojan.Tiggre
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/BAT.OBP!tr
AVG	Win32:WrongInf-E [Susp]
DeepInstinct	MALICIOUS
alibabacloud	SypWare:Win/Lazy.AB!MTB

How to remove BAT/Agent.QBP?

BAT/Agent.QBP removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X