Trojan

Trojan-PSW.Win32.QQPass.mbpo information

Malware Removal

The Trojan-PSW.Win32.QQPass.mbpo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-PSW.Win32.QQPass.mbpo virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan-PSW.Win32.QQPass.mbpo?



File Info:

name: 95292FA73160DA9B377B.mlw
path: /opt/CAPEv2/storage/binaries/02af22da38fa7e4076042ddebbf293111a49c32496f39603216cb4b41e994c73
crc32: 0B7798CB
md5: 95292fa73160da9b377b1d4e6075ebf4
sha1: 9fde10879b9a360f91f4538be4d51c167147b81b
sha256: 02af22da38fa7e4076042ddebbf293111a49c32496f39603216cb4b41e994c73
sha512: 0efdb0255ed37f798cd4c89f5edbf7dafc06be4fb4f6c06c71d3dbebd18ca5b30d1223f94d55d127b897debac596a69e7bf4e40d8435bb4877b316bff8b88dcd
ssdeep: 393216:DPy1sheANa96hgIiMLaRuRBgpm9J+qhjqS3:Ssh/096gPRurgpVq1qM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13EF63347A182D034DC67027628B587B64A26BD301BE4C0F3EBD5B12AEE727D29772747
sha3_384: ad88b9dd1fdd87287cb3b165c977ef18cd9bb31cd50d9d9335c0e809601be0628bbbf068c30b1d4f03d31772c53e6a58
ep_bytes: e8a61d0000e989feffff8bff565733f6
timestamp: 2011-02-02 14:21:34


Version Info:

Comments: Created with Setup Factory
FileDescription: Setup Application
FileVersion: 9.0.1.0
InternalName: suf_launch
LegalCopyright: Setup Engine Copyright © 2004-2011 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename: suf_launch.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.0.1.0
Translation: 0x0409 0x04e4

Trojan-PSW.Win32.QQPass.mbpo also known as:

BkavW32.Common.D229D0EC
SkyhighBehavesLike.Win32.Dropper.vc
Cylanceunsafe
ZillyaTrojan.Generic.Win32.1801785
AlibabaTrojanPSW:Win32/QQPass.1e3b525e
KasperskyTrojan-PSW.Win32.QQPass.mbpo
RisingTrojan.Generic@AI.100 (RDML:jc2DH+nW7IKB+oBRR6kxiA)
KingsoftWin32.Trojan.Generic.a
ZoneAlarmTrojan-PSW.Win32.QQPass.mbpo
McAfeeArtemis!95292FA73160
MaxSecureTrojan.Malware.7164915.susgen
alibabacloudTrojan[stealer]:Win/QQPass.mbpo

How to remove Trojan-PSW.Win32.QQPass.mbpo?

Trojan-PSW.Win32.QQPass.mbpo removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment