Fake

About “Mal/Generic-R + Troj/FakeAV-CQY” infection

Malware Removal

The Mal/Generic-R + Troj/FakeAV-CQY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-R + Troj/FakeAV-CQY virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Steals private information from local Internet browsers
  • Collects and encrypts information about the computer likely to send to C2 server
  • Attempts to modify browser security settings
  • Collects information to fingerprint the system
  • Clears web history

How to determine Mal/Generic-R + Troj/FakeAV-CQY?



File Info:

name: E7138A7045DF93117849.mlw
path: /opt/CAPEv2/storage/binaries/6e2ffc38be97e1fde8edc56534f86f2e7d25ab1b383886c27cc14b13e2d426f0
crc32: A33F2CE9
md5: e7138a7045df93117849c11e253c34cb
sha1: ac97fbf3426ba255075c07632f72f3996f22c157
sha256: 6e2ffc38be97e1fde8edc56534f86f2e7d25ab1b383886c27cc14b13e2d426f0
sha512: 26cff516e0f8ef871ddc9cc6b59903a2ff5001f1842b76656b284b5dff83350680336725daa59b32b9a3b6dedb18c1618b45951e7db2bc61e09af2155de67f14
ssdeep: 1536:fnM08kauMF/MHCiE72HvjdaOGxHIeoynMrXaV3eTIXUv9yfIHU3Z5m3iX5mWA9p5:fnM08iskiF7cdCHeI36IN8UpISsZ9pyk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T134B31293DF241E99DD638B33A056134B3C2CF2896E94C37E8B2D19289C435D99F2E25D
sha3_384: 223b7e2a9c1009fb15cd7f2d186763c923e24a8f879c0acfe6b11ed2e105bf2eda4127e7d4744e91838b74c6ea5e567c
ep_bytes: 60be001042008dbe0000feff57eb0b90
timestamp: 2004-10-25 06:02:06


Version Info:

CompanyName: AVG Technologies CZ, s.r.o.
FileDescription: AVG Tray Monitor
FileVersion: 9.0.0.871
InternalName: avgtray
LegalCopyright: Copyright © 2010 AVG Technologies CZ, s.r.o.
OriginalFilename: avgtray.exe
ProductName: AVG Internet Security
ProductVersion: 9.0.0.871
PrivateBuild: Win32 Release_Unicode
SpecialBuild: Avg8VC8_2010_1109_133319(871), SVNRev 145063 (/branches/release/SmallUpdate9-12)
Translation: 0x0409 0x04e4

Mal/Generic-R + Troj/FakeAV-CQY also known as:

BkavW32.MosquitoQKK.Fam.Trojan
LionicTrojan.Win32.Zbot.l94N
Elasticmalicious (high confidence)
DrWebTrojan.Packed.21467
MicroWorld-eScanGen:Heur.VIZ.!e!.1
FireEyeGeneric.mg.e7138a7045df9311
CAT-QuickHealWorm.SlenfBot.Gen
ALYacGen:Heur.VIZ.!e!.1
CylanceUnsafe
VIPREBackdoor.Win32.Qakbot.ax (v)
SangforTrojan.Win32.Zbot.gen!Y
CrowdStrikewin/malicious_confidence_60% (W)
AlibabaTrojanPSW:Win32/FakeAV.50ffc535
K7GWTrojan ( f1000f011 )
K7AntiVirusTrojan ( f1000f011 )
BitDefenderThetaGen:NN.ZexaF.34212.gmLfaKf0lFfc
VirITTrojan.Win32.Generic.NSG
CyrenW32/Risk.UVSM-4930
SymantecTrojan.Zbot
ESET-NOD32Win32/Spy.Zbot.YW
TrendMicro-HouseCallBKDR_QAKBOT.SMG
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.VIZ.!e!.1
NANO-AntivirusTrojan.Win32.Zbot.shdyp
SUPERAntiSpywareTrojan.Agent/Gen-FakeAVG
AvastWin32:Kryptik-AHL [Trj]
TencentMalware.Win32.Gencirc.1169fd28
Ad-AwareGen:Heur.VIZ.!e!.1
SophosMal/Generic-R + Troj/FakeAV-CQY
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
ZillyaTrojan.FakeAV.Win32.48347
TrendMicroBKDR_QAKBOT.SMG
IkarusWorm.Win32.Slenfbot
GDataGen:Heur.VIZ.!e!.1
JiangminTrojan/Diple.acy
AviraTR/Crypt.ULPM.Gen
ArcabitTrojan.VIZ.!e!.1
ViRobotTrojan.Win32.Diple.113288
MicrosoftPWS:Win32/Zbot
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.FraudPack.R3415
McAfeeArtemis!E7138A7045DF
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
MalwarebytesMalware.AI.1553884152
APEXMalicious
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojan.GenAsa!rTvAwvnOGnE
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Kryptik.NAS!tr
WebrootW32.Infostealer.Gen
AVGWin32:Kryptik-AHL [Trj]
PandaBck/Qbot.AO

How to remove Mal/Generic-R + Troj/FakeAV-CQY?

Mal/Generic-R + Troj/FakeAV-CQY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment