Ransom • Trojan

Trojan-Ransom.Win32.Blocker.gqmj (file analysis)

The Trojan-Ransom.Win32.Blocker.gqmj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Ransom.Win32.Blocker.gqmj virus can do?

Creates RWX memory
Drops a binary and executes it
Installs itself for autorun at Windows startup
Creates a copy of itself
Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Blocker.gqmj?


File Info:
crc32: 4446920A
md5: 42264c8459540c094079d576a7e6465e
name: 42264C8459540C094079D576A7E6465E.mlw
sha1: 8f34b5dd46e979ecde1bb07d7583e3337e96cf59
sha256: 7a69cf34e8259a89c12ebae7fed7bfe906590e5e12434cefbecd49588f2ed318
sha512: db6715ffc32442315f9a38ce174c7c4e0c4058e3ca59be68d60354f3f280cc164738a014df0e24c6bde568ab4dee320a87718ad1a8c1afd3f1031b10925a6db9
ssdeep: 192:PWhmcVY2G0jLQMd9Kx27e6ith0mtCYEUbfo:AmcVYLIW2xImYv
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright:  
Assembly Version: 0.0.0.0
InternalName: VIRUS_XERQ.exe
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
FileDescription:  
OriginalFilename: VIRUS_XERQ.exe

Trojan-Ransom.Win32.Blocker.gqmj also known as:

DrWeb	Trojan.DownLoader12.58986
FireEye	Generic.mg.42264c8459540c09
Cylance	Unsafe
AegisLab	Trojan.Win32.Blocker.j!c
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.d46e97
BitDefenderTheta	Gen:NN.ZemsilF.34608.am0@aixbGKe
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Ransom.Win32.Blocker.gqmj
NANO-Antivirus	Trojan.Win32.Blocker.dpebox
Rising	Ransom.Blocker!8.12A (CLOUD)
McAfee-GW-Edition	Artemis!Trojan
SentinelOne	Static AI – Malicious PE
Microsoft	Backdoor:Win32/Bladabindi!ml
AhnLab-V3	ASD.Reputation.C866498
ZoneAlarm	Trojan-Ransom.Win32.Blocker.gqmj
McAfee	Artemis!42264C845954
VBA32	Hoax.Blocker
Panda	Trj/CI.A
Tencent	Win32.Trojan.Blocker.Ozic
Yandex	Trojan.Blocker!ajWhR4gksUA
MAX	malware (ai score=99)
eGambit	Unsafe.AI_Score_99%
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Blocker.HgIASOYA

How to remove Trojan-Ransom.Win32.Blocker.gqmj?

Trojan-Ransom.Win32.Blocker.gqmj removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X