Trojan

Dropped:Trojan.Script.Agent.SQ (file analysis)

Malware Removal

The Dropped:Trojan.Script.Agent.SQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropped:Trojan.Script.Agent.SQ virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • CAPE detected the RDPWrap malware family
  • Attempts to execute suspicious powershell command arguments

How to determine Dropped:Trojan.Script.Agent.SQ?



File Info:

name: BE3D188F22F9A3A2A317.mlw
path: /opt/CAPEv2/storage/binaries/1dc63d103554221acdc202245b7c78cb4a7044341d036e26ea3fb84cf3e15c65
crc32: 08B8E803
md5: be3d188f22f9a3a2a317b4ea966d8220
sha1: 68c742aa304a43b3f049b408f50efef17323051b
sha256: 1dc63d103554221acdc202245b7c78cb4a7044341d036e26ea3fb84cf3e15c65
sha512: 4c4407e70a9d28896ef0d36c525b329d18a516d612986727714d3159bb909df82df9ab1f3f1476ef4d2898a89f6d30b2fbd02d1a20a600ee60bf77db57aa4966
ssdeep: 24576:qPTUiocoU2P945MVt5hYcbP/9Vfpw7sMDKE0QmRWjHPfqIi2bbmPhHMbCvM37:4UiPD5ct5hYcbdVfy7/WExjvFimm5qC6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1433523736BA8C9E7DAB055F11C783B4A9B6AFCA10061AF034BFD66536CD72F2821D501
sha3_384: 0af98feb01ffe4951c83a43a1f1293820c6049398f83918a6abc8422454ebc9975c53432f1a4f37a3bd3ce38e15a6626
ep_bytes: 81ec8401000053565733db6801800000
timestamp: 2018-01-30 03:57:45


Version Info:

Comments: asfs
CompanyName: rgasfa company
FileDescription: rasf Application
FileVersion: 1.8.3
LegalCopyright: Copyright hasf company
LegalTrademarks: raafa is a trademark of rafa company
ProductName: afasa
Translation: 0x0409 0x04e4

Dropped:Trojan.Script.Agent.SQ also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agentb.4!c
MicroWorld-eScanDropped:Trojan.Script.Agent.SQ
ClamAVWin.Malware.Ursu-9802322-0
FireEyeGeneric.mg.be3d188f22f9a3a2
ALYacDropped:Trojan.Script.Agent.SQ
CylanceUnsafe
ZillyaTrojan.Agentb.Win32.21154
SangforTrojan.Win32.Generik.FQPWYRB
K7AntiVirusTrojan ( 00544df21 )
AlibabaTrojan:MSIL/BypAmsi.9f47f2fe
K7GWTrojan ( 00544df21 )
CrowdStrikewin/malicious_confidence_70% (W)
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Generik.FQPWYRB
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyTrojan.Win32.Agentb.jias
BitDefenderDropped:Trojan.Script.Agent.SQ
NANO-AntivirusTrojan.Win32.Uacbypass.flswkp
AvastWin64:Malware-gen
TencentMsil.Trojan.Agent.Ymhl
Ad-AwareDropped:Trojan.Script.Agent.SQ
EmsisoftDropped:Trojan.Script.Agent.SQ (B)
ComodoMalware@#2l8s8gxt1dz4q
DrWebTrojan.Uacbypass.16
VIPREDropped:Trojan.Script.Agent.SQ
TrendMicroTrojan.MSIL.CMSTPBYE.A
McAfee-GW-EditionBehavesLike.Win32.ICLoader.tc
SophosMal/Generic-S
GDataDropped:Trojan.Script.Agent.SQ
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1225022
MAXmalware (ai score=88)
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
McAfeeArtemis!BE3D188F22F9
VBA32Trojan.Agentb
TrendMicro-HouseCallTrojan.MSIL.CMSTPBYE.A
RisingExploit.UACBypass!1.C9A2 (CLASSIC)
IkarusTrojan.UACBypass
MaxSecureTrojan.Malware.74047898.susgen
FortinetMSIL/Ursu.434872!tr
AVGWin64:Malware-gen
Cybereasonmalicious.f22f9a
PandaTrj/CI.A

How to remove Dropped:Trojan.Script.Agent.SQ?

Dropped:Trojan.Script.Agent.SQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment