Trojan

MSIL/TrojanDownloader.Small.BQA information

Malware Removal

The MSIL/TrojanDownloader.Small.BQA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDownloader.Small.BQA virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine MSIL/TrojanDownloader.Small.BQA?



File Info:

name: 9B40EF4F14312350E7F3.mlw
path: /opt/CAPEv2/storage/binaries/6382288c0b0d51054c08f9e804b04049f6a69b5cfa4cf70bbddd0aa2b757cc1b
crc32: E65C6358
md5: 9b40ef4f14312350e7f3f5ee6b73a2e2
sha1: bbcc1e88a8f5a3b87328398f1b918214ddc90e7e
sha256: 6382288c0b0d51054c08f9e804b04049f6a69b5cfa4cf70bbddd0aa2b757cc1b
sha512: cc4b155e079f29dc8e315b5814edd1d054388d2ec1edfa537168e1f3c527da3360c272530ade58b3f2c467d47a74d41432001be25283ce820ee0573ee6d0cf01
ssdeep: 768:zf1/7H+e83jm4pgbOHNqWJYW5ZQ+hJ+cmhJp9hpaVbVqk3CHO9z0DauxXrG3Xz9W:b1/7H+e83S4qbOHNqWJYW5ZQ+hJ+cmhR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16EF2C99FF6988520E92DFB779C4252616A3686030D03DEBF5DC74E854373BE14E84CA5
sha3_384: f55c1a0a87c793b2147088003155f681393bc3d621edcf8ae8fcfe52de0f33bdc77cee3ba9ce49432aee1dbfcf4eead8
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-06-28 23:13:48


Version Info:

Translation: 0x0000 0x04b0
FileDescription: Sistem
FileVersion: 5.8.6.0
InternalName: ትЬiロbg.exe
LegalCopyright:  
OriginalFilename: ትЬiロbg.exe
ProductName: Sistem
ProductVersion: 5.8.6.0
Assembly Version: 6.7.0.7

MSIL/TrojanDownloader.Small.BQA also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.45692965
FireEyeGeneric.mg.9b40ef4f14312350
McAfeeArtemis!9B40EF4F1431
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojan:MSIL/Generic.a567d369
K7GWTrojan-Downloader ( 00530cde1 )
K7AntiVirusTrojan-Downloader ( 00530cde1 )
ESET-NOD32a variant of MSIL/TrojanDownloader.Small.BQA
APEXMalicious
BitDefenderTrojan.GenericKD.45692965
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.45692965
EmsisoftTrojan.GenericKD.45692965 (B)
ComodoMalware@#31aikbib2cy91
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
IkarusTrojan-Downloader.MSIL.Small
GDataTrojan.GenericKD.45692965
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1103993
MAXmalware (ai score=80)
ArcabitTrojan.Generic.D2B93825
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 99)
BitDefenderThetaGen:NN.ZemsilF.34084.cq0@auIFaKg
TrendMicro-HouseCallTROJ_GEN.R002H0CLA21
YandexTrojan.DL.Small!4UjdZybHu5g
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Small.BQA!tr.dldr
AVGWin32:Malware-gen
Cybereasonmalicious.f14312
PandaTrj/GdSda.A

How to remove MSIL/TrojanDownloader.Small.BQA?

MSIL/TrojanDownloader.Small.BQA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment