Malware

Troj/ZAccess-QQ malicious file

Malware Removal

The Troj/ZAccess-QQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/ZAccess-QQ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Collects information to fingerprint the system
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/ZAccess-QQ?



File Info:

name: 8F3688F6A38D3329B1F0.mlw
path: /opt/CAPEv2/storage/binaries/08105b75efdd7c45f04ac6b16ec5ea35cc1d1c21a80911de5ca1ea79d5204ac2
crc32: 1DCEB349
md5: 8f3688f6a38d3329b1f0253d51bcad88
sha1: 2c90e37328c639c486308e0e827a4b005bdab290
sha256: 08105b75efdd7c45f04ac6b16ec5ea35cc1d1c21a80911de5ca1ea79d5204ac2
sha512: 8193dfd4f3f1a6c9da481a464bddddeb172ccf2d38ef9cfe056f8a580c4b69c97d4f8c01e6a76b6642b7cc307380baee2b1008194e49ff66cd1986fb69c9037b
ssdeep: 3072:BEYfn7m/bQMC0zBT+M2LGdJ3wjeEEncJuDK5hS03uTCTm/zezhWaD5z9:BxDmzxC0z8M28wj2cJZS0a/u
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FB34D042F0506812C49F38792EAF5824578198F3EF798BF129745E5CF0E2AB0992BD7D
sha3_384: d918680d7943498679fb2c34c57a4f75a01f93b637e1f00463f4a3e7ea7b54f6cdddfadd18b7a56e0bbb4f1e70575cca
ep_bytes: 558bec81ec180200008b4d08890d5cde
timestamp: 2013-09-04 04:56:19


Version Info:

CompanyName: Корпорация  Майкрософт
FileDescription: Редактор личных символов
Translation: 0x0419 0x04b0

Troj/ZAccess-QQ also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.lJXE
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Lethic.Gen.11
ClamAVWin.Trojan.Agent-1232679
FireEyeGeneric.mg.8f3688f6a38d3329
CAT-QuickHealTrojanDropper.Gepys.A
ALYacTrojan.Lethic.Gen.11
Cylanceunsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005110401 )
K7GWTrojan ( 005110401 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Adware.Kryptik.b
VirITTrojan.Win32.Generic.BWCU
SymantecPacked.Generic.459
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.BJOT
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Lethic.Gen.11
NANO-AntivirusTrojan.Win32.Mods.cqhzuu
SUPERAntiSpywareTrojan.Agent/Gen-Defmid
SophosTroj/ZAccess-QQ
F-SecureTrojan.TR/Gepys.EB
BitDefenderThetaGen:NN.ZexaF.36250.oG1@aaNNwjgc
ZillyaTrojan.ShipUp.Win32.2263
TrendMicroTROJ_KRYPTK.SML2
McAfee-GW-EditionBehavesLike.Win32.Dropper.dh
Trapminemalicious.high.ml.score
EmsisoftTrojan.Lethic.Gen.11 (B)
IkarusTrojan-Dropper.Win32.Gepys
JiangminTrojan/ShipUp.vi
AviraTR/Gepys.EB
Antiy-AVLTrojan/Win32.ShipUp
XcitiumTrojWare.Win32.Gepys.AA@522ik2
ArcabitTrojan.Lethic.Gen.11
ViRobotTrojan.Win32.Z.Zaccess.240888.A
ZoneAlarmHEUR:Trojan.Win32.Generic
GoogleDetected
AhnLab-V3Trojan/Win32.Shipup.R82302
McAfeeGenericRXLO-DF!8F3688F6A38D
MAXmalware (ai score=100)
DeepInstinctMALICIOUS
MalwarebytesGeneric.Malware.AI.DDS
TrendMicro-HouseCallTROJ_KRYPTK.SML2
TencentTrojan.Win32.ShipUp.a
YandexTrojan.GenAsa!7eFl9yRkLhE
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.ShipUp.gen
Cybereasonmalicious.6a38d3
PandaTrj/Genetic.gen

How to remove Troj/ZAccess-QQ?

Troj/ZAccess-QQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment