PUA

PUA.QqhackRI.S25060021 information

Malware Removal

The PUA.QqhackRI.S25060021 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA.QqhackRI.S25060021 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine PUA.QqhackRI.S25060021?



File Info:

name: B2EC0D9A5558DD0FD76C.mlw
path: /opt/CAPEv2/storage/binaries/b0e98c99cb7851ce8b1d5e1fd5b7ec7b59aa4a4f05d8696c649a411ebf4b5c0a
crc32: C71C05EF
md5: b2ec0d9a5558dd0fd76cde4c73b5de5d
sha1: 6a4733acafe5c8cb73326bf81f4b88fe43c3f1bd
sha256: b0e98c99cb7851ce8b1d5e1fd5b7ec7b59aa4a4f05d8696c649a411ebf4b5c0a
sha512: 7ab87cc2a13aad256cd1cea531b2eb60f902c05bcead814cc4488c72db124eef00a20d928c8a82930d87e8d523f93f08ca82c2ce466753700430ac6d90a28c18
ssdeep: 12288:pTJf1PF53LXpMPQsl34xeDLXtN+4C7TquR:NJ9PtMZl34xcofquR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F1B4D2044B32D802C47B5A7C0E52E7F68FDD1EA29D8AFBD84446FFD81972DE9C24605A
sha3_384: ca8120228564b1ede8d31a2f71d6c8577f816753af67b87d84c990d67c08106140129c1949bad27d396bdbeb1d285ce7
ep_bytes: 60be00904f008dbe0080f0ff5783cdff
timestamp: 2013-04-14 09:18:39


Version Info:

FileVersion: 2.3.0.0
FileDescription:  
ProductName: QQ小助手
ProductVersion: 2.3.0.0
CompanyName:  
LegalCopyright:   版权所有
Comments:  
Translation: 0x0804 0x04b0

PUA.QqhackRI.S25060021 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.303337
FireEyeGeneric.mg.b2ec0d9a5558dd0f
CAT-QuickHealPUA.QqhackRI.S25060021
ALYacGen:Variant.Graftor.303337
CylanceUnsafe
ZillyaTool.QQHack.Win32.193
K7AntiVirusTrojan ( 004bd1471 )
K7GWTrojan ( 004bd1471 )
Cybereasonmalicious.a5558d
BitDefenderThetaGen:NN.ZexaF.34084.HmMfaWqF!7ab
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/QQWare.Z
APEXMalicious
KasperskyHackTool.Win32.QQHack.py
BitDefenderGen:Variant.Graftor.303337
NANO-AntivirusTrojan.Win32.QQHack.bropoh
AvastWin32:Qqhack-D [PUP]
TencentHackTool.Win32.QQHack.a
Ad-AwareGen:Variant.Graftor.303337
EmsisoftGen:Variant.Graftor.303337 (B)
DrWebTrojan.Spambot.15871
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.hc
SophosGeneric ML PUA (PUA)
IkarusHackTool.Win32.QQHack
GDataGen:Variant.Graftor.303337
JiangminHackTool.QQHack.j
AviraHEUR/AGEN.1132552
Antiy-AVLTrojan/Generic.ASMalwS.153C37
ArcabitTrojan.Graftor.D4A0E9
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
Acronissuspicious
McAfeeGenericRXAA-AA!B2EC0D9A5558
MAXmalware (ai score=89)
VBA32BScope.Backdoor.Poison
MalwarebytesMalware.AI.4238656223
YandexHackTool.QQHack!Wr96RPNYpuk
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetRiskware/Spambot
AVGWin32:Qqhack-D [PUP]
PandaTrj/Genetic.gen
MaxSecureTrojan.Malware.300983.susgen

How to remove PUA.QqhackRI.S25060021?

PUA.QqhackRI.S25060021 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment