Malware

What is “Exploit.Win32.BypassUAC.cqy”?

Malware Removal

The Exploit.Win32.BypassUAC.cqy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Exploit.Win32.BypassUAC.cqy virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Modifies host OEM information
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Attempts to modify desktop wallpaper
  • Uses suspicious command line tools or Windows utilities

How to determine Exploit.Win32.BypassUAC.cqy?



File Info:

name: AEB63E249590EC907D62.mlw
path: /opt/CAPEv2/storage/binaries/65e232c8a08569f77be731886192735bdd3b6e032800f60aed8a59f71e214dda
crc32: BB774E1B
md5: aeb63e249590ec907d627e89cc33057b
sha1: df854e72d4f8882343224f5be7b923afbc8a3756
sha256: 65e232c8a08569f77be731886192735bdd3b6e032800f60aed8a59f71e214dda
sha512: a92b543d101f3dec07c5a00fe267cf77eacbf1da0cfafc8a35b4ec787aa653db4d2d98982d093d68a67be80b44f383daa6fac7059b328f3991834d97cae3df9a
ssdeep: 12288:e1JSgyPzsB7kmIFZUUvHqnuF2E8/LFE4Xqg28Eh/GYEYjUGDkkoTo:c0BG9gGUvH+u2LFE4h28E1jEYjUXRM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17C255920A6928472DD41BDF0DE6EA676B569ADD50E1046F363B0FF3994322B3DC3621C
sha3_384: c9c0b28c5277f7b763e8790bbf56c137aba15ededafcd05bbd59c697bd7840abcc53f7e7b2f148c4976d10f2e49be916
ep_bytes: 558bec6aff68b0064400685c34430064
timestamp: 2013-07-16 17:19:51


Version Info:

Comments: 
CompanyName: Chilkat Software, Inc.
FileDescription: Self-Extractor
FileVersion: 1, 0, 0, 1
InternalName: SelfEtractor
LegalCopyright: Copyright © 2012
LegalTrademarks: 
OriginalFilename: SelfExtractor.exe
PrivateBuild: 
ProductName: Chilkat Software, Inc. SaPayload
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x0409 0x04b0

Exploit.Win32.BypassUAC.cqy also known as:

LionicHacktool.Win32.BypassUAC.3!c
DrWebTrojan.MulDrop8.25860
MicroWorld-eScanTrojan.GenericKD.5705374
McAfeeArtemis!AEB63E249590
CylanceUnsafe
SangforExploit.Win32.BypassUAC.cqy
AlibabaExploit:Win32/BypassUAC.8aa8cb8b
Cybereasonmalicious.49590e
BitDefenderThetaGen:NN.ZexaF.34084.8q3@amlEePbi
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002C0WLA21
AvastWin32:Malware-gen
KasperskyExploit.Win32.BypassUAC.cqy
BitDefenderTrojan.GenericKD.5705374
NANO-AntivirusExploit.Win32.BypassUAC.erhgmv
TencentWin32.Exploit.Bypassuac.Lqyo
Ad-AwareTrojan.GenericKD.5705374
SophosGeneric PUA NP (PUA)
ComodoMalware@#39pq0dxtfucw7
TrendMicroTROJ_GEN.R002C0WLA21
McAfee-GW-EditionBehavesLike.Win32.Generic.dm
FireEyeGeneric.mg.aeb63e249590ec90
EmsisoftTrojan.GenericKD.5705374 (B)
Paloaltogeneric.ml
GDataTrojan.GenericKD.5705374
ArcabitTrojan.Generic.D570E9E
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Trojan/Win32.BypassUAC.C2559469
VBA32BScope.TrojanPSW.BAT.Agent
ALYacTrojan.GenericKD.5705374
MAXmalware (ai score=100)
APEXMalicious
RisingTrojan.Generic@ML.82 (RDML:OwZtes8MnkWy8CtTZFE+MQ)
YandexExploit.BypassUAC!KCEA3XybUWU
IkarusExploit.BypassUAC
FortinetW32/BypassUAC.CQY!exploit
AVGWin32:Malware-gen
PandaTrj/CI.A

How to remove Exploit.Win32.BypassUAC.cqy?

Exploit.Win32.BypassUAC.cqy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment