Malware

Mal/Generic-R + Troj/Steal-CQL malicious file

Malware Removal

The Mal/Generic-R + Troj/Steal-CQL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-R + Troj/Steal-CQL virus can do?

  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • CAPE detected the StormKitty malware family

How to determine Mal/Generic-R + Troj/Steal-CQL?



File Info:

name: EDA89B5B6D37B7AA3913.mlw
path: /opt/CAPEv2/storage/binaries/7311e447a36650252b6320cd7699ea9253604ed02134aa9eb2e4c9f86f2f151b
crc32: 956DF1C7
md5: eda89b5b6d37b7aa3913f954f8346e62
sha1: 5a8c33febf01325f663035b434e31ffa239af6ab
sha256: 7311e447a36650252b6320cd7699ea9253604ed02134aa9eb2e4c9f86f2f151b
sha512: 4b020f6f5c88d7c6c9836b4f54ca86d184a475570fbfad9ba387623abdfd23c9ca7e51b793084089409468627a93524e9a1e053abb08e5281d826d748ba61db8
ssdeep: 768:Mvcq4lGNwxOCROyjY0QK9nDB31N0nfGd2uxumKiuNIV0fZOv11hL6N935WfpGF:uN4lRhROyjIKNdSBNb41hLg93gBS
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T140434A40BFEA4A64E2FF4EB998B201355335F0636826DF5E1CC850AD19B2BC44A54BE7
sha3_384: 90d4ccd83676e07384da44386cc6389ccd2b34335a334bb0a2ceca773041846b0418e24c543b4b7ceb7b9afabef8483d
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-06-10 13:44:06


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Hehe.exe
LegalCopyright:  
OriginalFilename: Hehe.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Mal/Generic-R + Troj/Steal-CQL also known as:

BkavW32.AIDetectNet.01
DrWebTrojan.PWS.DiscordNET.50
MicroWorld-eScanIL:Trojan.MSILZilla.15602
FireEyeGeneric.mg.eda89b5b6d37b7aa
ALYacIL:Trojan.MSILZilla.15602
SangforVirus.Win32.Save.a
BitDefenderThetaGen:NN.ZemsilF.34742.dm0@am8nUXh
CyrenW32/Azorult.D.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/PSW.Agent.SCI
ClamAVWin.Packed.Msilzilla-9952126-0
KasperskyHEUR:Trojan-PSW.MSIL.Disco.gen
BitDefenderIL:Trojan.MSILZilla.15602
AvastWin32:MalwareX-gen [Trj]
Ad-AwareIL:Trojan.MSILZilla.15602
SophosMal/Generic-R + Troj/Steal-CQL
McAfee-GW-EditionRDN/Generic PWS.y
Trapminemalicious.high.ml.score
EmsisoftIL:Trojan.MSILZilla.15602 (B)
SentinelOneStatic AI – Malicious PE
GDataMSIL.Trojan-Stealer.DiscordStealer.D
AviraHEUR/AGEN.1203048
MAXmalware (ai score=82)
ArcabitIL:Trojan.MSILZilla.D3CF2
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C5143894
McAfeeRDN/Generic PWS.y
MalwarebytesMalware.AI.3792042228
APEXMalicious
RisingStealer.Agent!8.C2 (TFE:dGZlOg0qc5jF0bwGoQ)
IkarusTrojan.MSIL.PSW
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Agent.SCI!tr.pws
AVGWin32:MalwareX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Mal/Generic-R + Troj/Steal-CQL?

Mal/Generic-R + Troj/Steal-CQL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment