How to remove “CQUIRE T00ls (PUA)”?

The CQUIRE T00ls (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What CQUIRE T00ls (PUA) virus can do?

The binary likely contains encrypted or compressed data.
Anomalous binary characteristics

How to determine CQUIRE T00ls (PUA)?


File Info:
crc32: B794067F
md5: fe2b6c30a7a2899992f3694c3390a18e
name: FE2B6C30A7A2899992F3694C3390A18E.mlw
sha1: c155f7949569cc12c58e591bf9940b52d9fe076a
sha256: ea89ece6fe97fca7d18c42421194f91396784c179030c6c4f190e726a4432491
sha512: dfca438e32315e2b104400104119a5fb0198f8c9bac955ece795b3b45ec17744886010a4fa5ed00e0da5fb56515b5d1396a06ad1f09ecc9d882d5d58b6f6d584
ssdeep: 3072:2m8Nc69I4OJ0S1V3pqUmHHG03cPrmgq06Z1iSBJhgyuE0:X8Nc7NUUn03GCVP1Jeyu
type: PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2015
Assembly Version: 1.0.0.0
InternalName: 077bc6e5388542e6a63811141e221df0.exe
FileVersion: 1.0.0.0
CompanyName: CQURE
Comments: Tools
ProductName: CQURE T00ls
ProductVersion: 1.0.0.0
FileDescription: ReflectivePELoader
OriginalFilename: 077bc6e5388542e6a63811141e221df0.exe

CQUIRE T00ls (PUA) also known as:

Elastic	malicious (high confidence)
DrWeb	Tool.Mimikatz.336
CrowdStrike	win/malicious_confidence_70% (D)
Cybereason	malicious.49569c
ESET-NOD32	a variant of Win64/Riskware.Mimikatz.F
APEX	Malicious
ClamAV	Win.Malware.Mimikatz-9807955-0
Kaspersky	HEUR:Trojan.Win32.Agent.gen
Sophos	CQUIRE T00ls (PUA)
McAfee-GW-Edition	HTool-MimiKatz!FE2B6C30A7A2
SentinelOne	Static AI – Suspicious PE
eGambit	Unsafe.AI_Score_99%
GData	MSIL.Riskware.Mimikatz.E
McAfee	HTool-MimiKatz!FE2B6C30A7A2
Malwarebytes	Malware.AI.4021939086
Ikarus	PUA.RiskWare.Mimikatz

How to remove CQUIRE T00ls (PUA)?

CQUIRE T00ls (PUA) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X