Spy Trojan

Trojan-Spy.Win32.Stealer.alqp removal guide

Malware Removal

The Trojan-Spy.Win32.Stealer.alqp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.Win32.Stealer.alqp virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Created a process from a suspicious location
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

How to determine Trojan-Spy.Win32.Stealer.alqp?



File Info:

name: FC1B8D99C2DFCF69D33F.mlw
path: /opt/CAPEv2/storage/binaries/b86e07e9c3fc56e83b70c5f40744c784b3146a9f3b255d6b68997c93ba1e6d91
crc32: 00A7347D
md5: fc1b8d99c2dfcf69d33f88d9b5af2940
sha1: 85cbb44deb9f94ed585b6b54b2942c9dd735e8f1
sha256: b86e07e9c3fc56e83b70c5f40744c784b3146a9f3b255d6b68997c93ba1e6d91
sha512: 52338d0131456df87ecd24daa4a8468552a112311622b592ccc5e7e93104dece962e182a1a9a6aeedeaf21b80f83778e63a950f6b174916471253cbbfc4b6e2e
ssdeep: 98304:BF/PjCo56sc9VoRkSdVj/hDMSrgulDt+VVR3hVELxrmV1LHro/G0j:L7ZdGVAnDMS8QiVlhy8V1LL8G0j
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DD3633F06EF0A036F0162873B464A23C36D47D2D9DB6293AFB46F55E70256C356A4B83
sha3_384: 97fe46fde1e2bb3ce2170bde6a363ccbb882d58978c3778431f7196b960f5d57db6fa55412d3849c59547467735e499b
ep_bytes: e885630000e978feffff8bff558bec56
timestamp: 2015-02-15 08:00:31


Version Info:

FileDescription: Precompress Allantoidea
InternalName: Throngingly
OriginalFilename: Contentiously
CompanyName: Salaminian Metascutellar
LegalCopyright: Copyright (C) 2000-2021 Cacographer
ProductName: Unbeggarly Daintyfingered
FileVersion: 1.4.0.8
ProductVersion: 1.4.0.8
Comments: Horseplayers
LegalTrademarks: Photosantonic Extradites
Title: Nonconjunction Stipendary
Assembly Version: 1.4.0.8
Translation: 0x0409 0x04b0

Trojan-Spy.Win32.Stealer.alqp also known as:

BkavW32.AIDetect.malware2
DrWebTrojan.PackedNET.1119
MicroWorld-eScanTrojan.GenericKD.38136086
McAfeeArtemis!FC1B8D99C2DF
K7AntiVirusTrojan ( 0058b0381 )
K7GWTrojan ( 0058b0381 )
BitDefenderThetaGen:NN.ZexaF.34062.pH2aaCOB1Rh
CyrenW32/Stealer.S.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32multiple detections
TrendMicro-HouseCallTROJ_GEN.R002H0DKS21
Paloaltogeneric.ml
KasperskyTrojan-Spy.Win32.Stealer.alqp
BitDefenderTrojan.GenericKD.38136086
AvastWin32:Trojan-gen
Ad-AwareTrojan.GenericKD.38136086
EmsisoftTrojan.GenericKD.38136086 (B)
McAfee-GW-EditionBehavesLike.Win32.Dropper.rc
FireEyeGeneric.mg.fc1b8d99c2dfcf69
SophosMal/Generic-S
IkarusTrojan.MSIL.Crypt
GDataTrojan.GenericKD.38136086
AviraTR/Kryptik.egzaq
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D245E916
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
VBA32BScope.TrojanPSW.Agent
ALYacTrojan.GenericKD.38136086
MAXmalware (ai score=86)
MalwarebytesTrojan.MalPack
APEXMalicious
YandexTrojan.GenAsa!l3ZfBja75G8
SentinelOneStatic AI – Malicious SFX
FortinetMSIL/Kryptik.FL!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A

How to remove Trojan-Spy.Win32.Stealer.alqp?

Trojan-Spy.Win32.Stealer.alqp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment