Spy Trojan

Trojan-Spy.MSIL.Quasar.lmi information

Malware Removal

The Trojan-Spy.MSIL.Quasar.lmi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.MSIL.Quasar.lmi virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • A HTTP/S link was seen in a script or command line
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Attempts to execute suspicious powershell command arguments

How to determine Trojan-Spy.MSIL.Quasar.lmi?



File Info:

name: 8A2FBB5075F36833A5B3.mlw
path: /opt/CAPEv2/storage/binaries/b2edcea64bb4d250cdeb63499d3c453d38bb434a64c0731ee6c9ec3c89fc8029
crc32: 28886734
md5: 8a2fbb5075f36833a5b33e82e52f1eba
sha1: fbb996a001a288f7e68d6dffe4ed0bfd4e75d650
sha256: b2edcea64bb4d250cdeb63499d3c453d38bb434a64c0731ee6c9ec3c89fc8029
sha512: 5dac667555614f93529aa870863a82ef36420e096b052b046acd5b77c95a03c9a12933c0557544c93b11b55d231aea0563baba889831fb70e8d9ad22de28e212
ssdeep: 196608:DbM1OBLYZwsTFuX0SGh/D9kFBv+1xQInDg0F/Mx:DbGOBIwiFu7Gsjv+gIox
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15286332843D630BFC1896231A48D5E91D0ABEE37A20725FB1B4C3F14B47D5D52A3EA5B
sha3_384: e8f09fb5d207fd91f5e011d5a8880c0ddb0a4e4a4d411cebbec55c01d8853432fa46030ff5bc3384b4a79276a6644479
ep_bytes: 558bec6aff68a0964100683066410064
timestamp: 2016-04-02 22:14:17


Version Info:

Comments: And Left Software
CompanyName: And Left Software
FileDescription: And Left Software
LegalCopyright: And Left Software
LegalTrademarks: And Left Software
ProductName: And Left Software
FileVersion: 5.19.53
ProductVersion: 5.19.53
InternalName: And Left
OriginalFilename: And Left.exe
Translation: 0x0407 0x04b0

Trojan-Spy.MSIL.Quasar.lmi also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Graftor.4!c
CynetMalicious (score: 99)
FireEyeGeneric.mg.8a2fbb5075f36833
ALYacGen:Variant.Graftor.910461
CylanceUnsafe
ZillyaTrojan.Agent.Win32.1412561
SangforTrojan.Win32.Sabsik.FL
K7AntiVirusTrojan ( 0057aa071 )
AlibabaPacked:Win32/7Drop.5974545f
K7GWTrojan ( 0057aa071 )
Cybereasonmalicious.075f36
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.7Zip.S.gen
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Spy.MSIL.Quasar.lmi
BitDefenderGen:Variant.Graftor.910461
MicroWorld-eScanGen:Variant.Graftor.910461
AvastWin32:7Drop-D [Trj]
TencentWin32.Packed.7zip.Eadr
Ad-AwareGen:Variant.Graftor.910461
SophosMal/Generic-R + Troj/Agent-BGQN
TrendMicroTROJ_GEN.R002C0RB422
McAfee-GW-EditionBehavesLike.Win32.Vawtrak.rc
EmsisoftGen:Variant.Graftor.910461 (B)
GDataGen:Variant.Graftor.910461
JiangminTrojan.Alien.gk
AviraHEUR/AGEN.1227117
Antiy-AVLTrojan/Generic.ASMalwS.30EE536
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Graftor.DDE47D
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
AhnLab-V3Trojan/Win.Generic.C4539179
McAfeeArtemis!8A2FBB5075F3
MAXmalware (ai score=89)
TrendMicro-HouseCallTROJ_GEN.R002C0RB422
RisingMalware.AbnormalStub/SFX!1.D758 (CLASSIC)
FortinetW32/CoinMiner.910461!tr
BitDefenderThetaGen:NN.ZexaF.34212.@t3@aSZvcZei
AVGWin32:7Drop-D [Trj]
PandaTrj/CI.A

How to remove Trojan-Spy.MSIL.Quasar.lmi?

Trojan-Spy.MSIL.Quasar.lmi removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment