Trojan

Trojan-Dropper.Win32.Agent.tetqkz removal

Malware Removal

The Trojan-Dropper.Win32.Agent.tetqkz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Dropper.Win32.Agent.tetqkz virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Albanian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Collects and encrypts information about the computer likely to send to C2 server
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan-Dropper.Win32.Agent.tetqkz?


File Info:

name: 1D1577A17E5D1B8C4827.mlw
path: /opt/CAPEv2/storage/binaries/e99289e66fc7737dbd03f086ee9095de1ee2f3f43fcdc68a9994f8017dc29a47
crc32: DE92497A
md5: 1d1577a17e5d1b8c4827c9aa2769be06
sha1: aa28df75d28be9a94fc07a30b44ca83bc9cfe4b2
sha256: e99289e66fc7737dbd03f086ee9095de1ee2f3f43fcdc68a9994f8017dc29a47
sha512: 4cc77970b868ac54da4ba83c74b921de8c2fddfe528f1c3a157d585f908d5ee4856d72bcf8958113659c0ca6c774b70ce269b53c88e137b50455dc5dae2b2d86
ssdeep: 98304:/ZXYAvngjiUwQFYMuS0on/Icp3DjfecclHD7j:WAqi9lodp33ehlz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D1F5F1127391B025FE966173CE76B2718B7C7D240133AE5E32CC2C697C7CB616A6D262
sha3_384: 2f8312e6f113c98f297f442d888aa5d69b53f17c3c077d47fc85badea721b8de3b75cb7f4fe8f05da32695de43f9af93
ep_bytes: e8c5d00000e97ffeffffcccccccccccc
timestamp: 2021-07-10 04:00:07

Version Info:

FileVersion: 6.7.2.0710
Comments: 一款优化电脑清理垃圾的小工具
FileDescription: https://sj.twm.cn
ProductVersion: 6.7
LegalCopyright: Copyright © 2011 - 2021 Pn All Rights Reserved.
OriginalFilename: 一款优化电脑清理垃圾的小工具
ProductName: 一款优化电脑清理垃圾的小工具一款优化电脑清理垃圾的小工具
InternalName: 一款优化电脑清理垃圾的小工具
CompanyName: https://sj.twm.cn(https://sj.twm.cn)
Compiler: youhua.exe
Translation: 0x041c 0x04b0

Trojan-Dropper.Win32.Agent.tetqkz also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.46610593
FireEyeTrojan.GenericKD.46610593
CAT-QuickHealHacktool.Flystudio.16558
McAfeeArtemis!1D1577A17E5D
VIPRETrojan.GenericKD.46610593
Cybereasonmalicious.17e5d1
BitDefenderThetaAI:Packer.309E490417
CyrenW32/AutoIt.UO.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32multiple detections
TrendMicro-HouseCallTROJ_GEN.R002H0CJS21
ClamAVWin.Malware.Trojanx-9879965-0
KasperskyTrojan-Dropper.Win32.Agent.tetqkz
BitDefenderTrojan.GenericKD.46610593
AvastWin32:TrojanX-gen [Trj]
Ad-AwareTrojan.GenericKD.46610593
EmsisoftTrojan.GenericKD.46610593 (B)
DrWebTrojan.Siggen14.31682
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
APEXMalicious
GDataTrojan.GenericKD.46610593 (2x)
AviraHEUR/AGEN.1245565
Antiy-AVLTrojan/Generic.ASCommon.FA
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.R429160
Acronissuspicious
VBA32TrojanDropper.Autoit
ALYacTrojan.GenericKD.46610593
MAXmalware (ai score=85)
RisingTrojan.Obfus/Autoit!1.D77B (CLASSIC)
IkarusTrojan.Win32.Autoit
FortinetW32/Agent.OKY!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Trojan-Dropper.Win32.Agent.tetqkz?

Trojan-Dropper.Win32.Agent.tetqkz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment