Malware

ML/PE-A + Mal/Qbot-B information

Malware Removal

The ML/PE-A + Mal/Qbot-B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Mal/Qbot-B virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Attempts to modify browser security settings
  • Modifies Terminal Server registry keys for persistence
  • Anomalous binary characteristics

How to determine ML/PE-A + Mal/Qbot-B?



File Info:

name: B3180918147CD745714E.mlw
path: /opt/CAPEv2/storage/binaries/5bec71768dc13e9a7815396e610c6262a65575f2ed0bbe289592819349093a24
crc32: 7ACC6925
md5: b3180918147cd745714ec4fa18df494d
sha1: 17815b2617487545ccab236dc4bf4ac99d0309a8
sha256: 5bec71768dc13e9a7815396e610c6262a65575f2ed0bbe289592819349093a24
sha512: 94fc30906b96c238404fc5cb9d3d9d335c25dcab6e8fd1e3ec072e85227afa745770bb89722a5e74fdf3abcc10d16e59c3c24d36a0aba3702a16e8c9f5fc4874
ssdeep: 49152:lcqdOBSttso3Nlkj5N8vIF4pFPJdP06VGGoK5x:lcNBuj9lk1N8+4pBJtLIGzX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15CB52307C32EA0F1DC75AA7F780267A566EF7C381B55807239DA6B0331A23F15A4537A
sha3_384: 1aca6a418532dcbd84893ff6f42fa5b0bae732588710d371a37c4c3b3ad2acbd09e84ab324a729eb941cc104f0ba1b79
ep_bytes: 6a7dffb5c4feffffe88be9ffffffb594
timestamp: 2008-04-05 22:00:33


Version Info:

InternalName: vyfsnkn
Author: houfwul
FileDescription: rjlikdu
FileVersion: 9.61.9
LegalCopyright: 2000-
Comments: lginp
CompanyName: mnjb
Web: pvrds
Translation: 0x0409 0x04b0

ML/PE-A + Mal/Qbot-B also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.ManBat.1
FireEyeGeneric.mg.b3180918147cd745
ALYacGen:Heur.ManBat.1
CylanceUnsafe
VIPRETrojan-PWS.Win32.Zbot.gen.y (v)
SangforTrojan.Win32.Save.a
BitDefenderGen:Heur.ManBat.1
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.5E211D671F
CyrenW32/Trojan3.BXZ
SymantecBackdoor.Wecoym!g1
ESET-NOD32a variant of Win32/Kryptik.MKS
AvastWin32:MalOb-IJ [Cryp]
ClamAVWin.Spyware.Zbot-1282
KasperskyTrojan-Spy.Win32.Zbot.amqi
NANO-AntivirusTrojan.Win32.Zbot.iutgfg
ViRobotTrojan.Win32.A.Zbot.1460120
RisingSpyware.Zbot!8.16B (RDMK:cmRtazpY+/ssoCfFbJK9ROKeA0di)
SophosML/PE-A + Mal/Qbot-B
ComodoMalCrypt.Indus!@1qrzi1
DrWebTrojan.Packed.20343
ZillyaTrojan.Kryptik.Win32.897597
SentinelOneStatic AI – Malicious PE
EmsisoftGen:Heur.ManBat.1 (B)
APEXMalicious
JiangminTrojanSpy.Zbot.akuc
eGambitUnsafe.AI_Score_99%
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Generic.ASMalwS.1027D19
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ZoneAlarmTrojan-Spy.Win32.Zbot.amqi
GDataGen:Heur.ManBat.1
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R2104
McAfeeGenericRXRQ-RN!B3180918147C
VBA32SScope.Trojan.Psyhopath.xh
MalwarebytesMalware.AI.4289843483
PandaTrj/Sinowal.XER
YandexTrojan.GenAsa!IplvB5ptL3Q
MAXmalware (ai score=80)
FortinetW32/Kryptik.GM!tr
AVGWin32:MalOb-IJ [Cryp]
Cybereasonmalicious.8147cd

How to remove ML/PE-A + Mal/Qbot-B?

ML/PE-A + Mal/Qbot-B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment