Malware

PWS:Win32/QQShou malicious file

Malware Removal

The PWS:Win32/QQShou is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PWS:Win32/QQShou virus can do?

  • Sample contains Overlay data
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Unusual version info supplied for binary

How to determine PWS:Win32/QQShou?



File Info:

name: B5A97ABFB9B8B7FCC56C.mlw
path: /opt/CAPEv2/storage/binaries/4c4f732b699ef8085d5b9e6bc03c1b126e78f5aea085c39a3a1dc27dfa1c92dd
crc32: F2087227
md5: b5a97abfb9b8b7fcc56ced6c7d82c704
sha1: 6c09a4c9110b53723cc69635159d6efdccfeb35d
sha256: 4c4f732b699ef8085d5b9e6bc03c1b126e78f5aea085c39a3a1dc27dfa1c92dd
sha512: 0a356ba85c6d1cbc58afb4c5505eb96469cf99baea124513e07d2850d897954abe5ab4f79fd4b1560efa08eae3f8b17943b4daa3d58d7cca50688efb5156053c
ssdeep: 384:W9GW2Uj2+ShiMjCzQplrkTVEzOZJCrO+SM:WQW2Uj2+QiMd+TSzOerOt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17A72C06583D8169BE82357B4627F2602BF59AC72037F8B5FFD4021433E269940C3B51B
sha3_384: ad224195f18f732fc44326dcc904f7f4df2a35f0838d1c1f716c547bbf1465ad58c4cbe0e093fb1a8360153554ebe0fa
ep_bytes: 9061be00e040008dbe0030ffff5783cd
timestamp: 2006-01-22 06:50:51


Version Info:

Comments: 
CompanyName: 
FileDescription: Microsoft 基础类图片程序
FileVersion: 1, 0, 0, 1
InternalName: Cent
LegalCopyright: 版权所有 (C) Microsoft 2004
LegalTrademarks: 
OriginalFilename: system.exe
PrivateBuild: 
ProductName: GIF图象引擎
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x0804 0x04b0

PWS:Win32/QQShou also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.VB.tnP7
MicroWorld-eScanGeneric.Malware.SMPPk!g.7C6ACF6D
FireEyeGeneric.mg.b5a97abfb9b8b7fc
SkyhighBehavesLike.Win32.PWSGoft.lc
ALYacGeneric.Malware.SMPPk!g.7C6ACF6D
VIPREGeneric.Malware.SMPPk!g.7C6ACF6D
SangforInfostealer.Win32.Agent.ff
K7AntiVirusTrojan ( 005326b01 )
BitDefenderGeneric.Malware.SMPPk!g.7C6ACF6D
CrowdStrikewin/malicious_confidence_100% (D)
VirITTrojan.Win32.Agent.BDT
SymantecW32.Gammima
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/PSW.QQShou
APEXMalicious
ClamAVWin.Spyware.4249-1
KasperskyTrojan-PSW.Win32.Agent.ff
AlibabaTrojanPSW:Win32/QQShou.94b8e238
NANO-AntivirusTrojan.Win32.Agent.kjmf
RisingMalware.Undefined!8.C (TFE:5:fTv8Xblr8wT)
TACHYONTrojan/W32.Small.17175.C
SophosMal/Behav-156
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.PWS.Gamania
ZillyaTrojan.Agent.Win32.22139
TrendMicroTSPY_QQPASS.GEN
Trapminemalicious.moderate.ml.score
EmsisoftGeneric.Malware.SMPPk!g.7C6ACF6D (B)
IkarusTrojan-PWS.Win32.QQShou.bn
JiangminTrojan/PSW.Agent.afm
GoogleDetected
AviraTR/Dropper.Gen
VaristW32/PWS.NDLA-1870
Antiy-AVLTrojan[PSW]/Win32.Agent
KingsoftWin32.PSWTroj.Undef.a
MicrosoftPWS:Win32/QQShou.gen
XcitiumTrojWare.Win32.PSW.QQShou.ek2@qqup4
ArcabitGeneric.Malware.SMPPk!g.7C6ACF6D
ZoneAlarmTrojan-PSW.Win32.Agent.ff
GDataGeneric.Malware.SMPPk!g.7C6ACF6D
CynetMalicious (score: 100)
McAfeeArtemis!B5A97ABFB9B8
MAXmalware (ai score=100)
DeepInstinctMALICIOUS
VBA32BScope.TrojanPSW.QQShou
Cylanceunsafe
PandaTrj/QQshou.U
TrendMicro-HouseCallTSPY_QQPASS.GEN
TencentWin32.Trojan-QQPass.QQRob.Lqil
YandexTrojan.GenAsa!IiQ2BGPMJ3o
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.2095092.susgen
FortinetW32/QQShou.PW!tr
AVGWin32:QQShou-C [Trj]
Cybereasonmalicious.9110b5
AvastWin32:QQShou-C [Trj]

How to remove PWS:Win32/QQShou?

PWS:Win32/QQShou removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment