Categories: Malware

How to remove “Dropped:Application.Agent.QN”?

The Dropped:Application.Agent.QN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Dropped:Application.Agent.QN virus can do?

Executable code extraction
Creates RWX memory
Reads data out of its own binary image
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Uses Windows utilities for basic functionality
Modifies boot configuration settings
The sample wrote data to the system hosts file.
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

xvidcodecx.com

How to determine Dropped:Application.Agent.QN?


File Info:
crc32: 262F157Emd5: 5ea77b31d813a08758103744b7c2ec9fname: 5EA77B31D813A08758103744B7C2EC9F.mlwsha1: a7932e9c800e5bf893c877be0aa272cea517259esha256: 1a440c5a6602f1611e496b954a645866d07da0a43f2153847891da9ae9e62879sha512: 79dbb7a1f3ace2900fe8f6f10bb70bfec0711c4ec6c7b3e631f49391751abd6f8c2237445efa1985189db69eee252fab71041ce9e9b5cb18c670a5bcba4ab0fdssdeep: 12288:TVFCPJ3G4/XDrUCqkTNSZnUmJ5Cyoo0Pb8YtBaYIczVmjuldONAvA7KGbNuwX:MJ3//XfNNS7roTbhtlSudONgA7XU+type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, Nullsoft Installer self-extracting archive
Version Info:
LegalCopyright: InternalName: FileVersion: 1.1.0.0CompanyName: Country: ProductName: ProductVersion: FileDescription: Release: DevelopmentOriginalFilename: WAT Fix.exe

Dropped:Application.Agent.QN also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Riskware ( 0040eff71 )
Lionic	Adware.Win32.Generic.2!c
Elastic	malicious (high confidence)
DrWeb	Program.Activator.2
Cynet	Malicious (score: 99)
ALYac	Dropped:Application.Agent.QN
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.1d813a
Cyren	W32/Dunik.TMYC-7238
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Trojan.Keygen-152
Kaspersky	HackTool.Win32.KMSAuto.ad
BitDefender	Dropped:Application.Agent.QN
NANO-Antivirus	Trojan.Nsis.Dwn.dbodjq
MicroWorld-eScan	Dropped:Application.Agent.QN
Tencent	Win32.Hacktool.Kmsauto.Szvr
Ad-Aware	Dropped:Application.Agent.QN
Sophos	Generic PUA KH (PUA)
BitDefenderTheta	Gen:NN.ZexaF.34236.QmNfa8VZ1Qoi
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Generic.ys
FireEye	Generic.mg.5ea77b31d813a087
Emsisoft	Dropped:Application.Agent.QN (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.Generic.lyzl
Avira	SPR/WatFix.70288
Antiy-AVL	Trojan/Generic.ASMalwS.9EBDF6
Microsoft	Trojan:Win32/Wacatac.A!ml
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
GData	Dropped:Application.Agent.QN
McAfee	Artemis!5EA77B31D813
MAX	malware (ai score=71)
VBA32	Adware.Conduit
Yandex	Trojan.GenAsa!mccaaNi4hMc
Ikarus	HackTool.Activator
Fortinet	Riskware/KMSAuto
AVG	Win32:Malware-gen
Paloalto	generic.ml