Categories: SpyTrojan

About “Trojan-Spy.Win32.Stealer.vqf” infection

The Trojan-Spy.Win32.Stealer.vqf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Spy.Win32.Stealer.vqf virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Performs some HTTP requests
Unconventionial language used in binary resources: Ukrainian
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Attempts to repeatedly call a single API many times in order to delay analysis time
Attempts to identify installed AV products by installation directory
Checks the CPU name from registry, possibly for anti-virtualization
Anomalous binary characteristics

Related domains:

iplogger.org

leatherbond.top

How to determine Trojan-Spy.Win32.Stealer.vqf?


File Info:
crc32: 43C5471Amd5: 1f87473ccecf48a5a570ad8ef35c0ee4name: 1F87473CCECF48A5A570AD8EF35C0EE4.mlwsha1: 4e21b16f6574b28d67fcecd7aebae704f921b4f2sha256: a8d6e8219c6ec6f8284026609f9989fa8caa68e517a239973da19793d1fc2d60sha512: 285578f8a7673948483854b05a4ff09c658432123f9c166ae3629beeabd6e72523687d8a56b76b8cb34fd814cc109116c0abdd25bddae2465b7cb36f153435f4ssdeep: 12288:1WoADjLyJGVasui7pBT++/jPVpORATvwpS900ZLa+KWLfabF9:1KyJKasui1BT+UbLT93ha+KWjiF9type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
InternalSurname: debaukd.ekzeProduct: 1.7.7FileVersions: 1.0.5.6LegalCo: Copyri (C) 2019, permudationz

Trojan-Spy.Win32.Stealer.vqf also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.45211445
FireEye	Generic.mg.1f87473ccecf48a5
McAfee	GenericRXAA-AA!1F87473CCECF
Cylance	Unsafe
AegisLab	Trojan.Win32.Stealer.l!c
Sangfor	Malware
K7AntiVirus	Trojan ( 0057558f1 )
BitDefender	Trojan.GenericKD.45211445
K7GW	Trojan ( 0057558f1 )
Cybereason	malicious.f6574b
Cyren	W32/Kryptik.CVF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	Trojan-Spy.Win32.Stealer.vqf
Alibaba	TrojanSpy:Win32/Stealer.bc200bfe
ViRobot	Trojan.Win32.Z.Agent.608768.DF
Tencent	Win32.Trojan-spy.Stealer.Ebrj
Ad-Aware	Trojan.GenericKD.45211445
Sophos	Mal/Generic-S
Comodo	Malware@#39fhs8qamm8yb
F-Secure	Trojan.TR/Crypt.Agent.gaktv
DrWeb	Trojan.MulDrop16.3346
TrendMicro	TROJ_GEN.R002C0WLS20
McAfee-GW-Edition	BehavesLike.Win32.PWSBanker.hc
Emsisoft	Trojan.GenericKD.45211445 (B)
SentinelOne	Static AI – Malicious PE
Avira	TR/Crypt.Agent.gaktv
MAX	malware (ai score=81)
Kingsoft	Win32.Troj.Stealer.v.(kcloud)
Microsoft	Trojan:Win32/Zenpack.MT!MTB
Gridinsoft	Trojan.Win32.Kryptik.oa
Arcabit	Trojan.Generic.D2B1DF35
ZoneAlarm	Trojan-Spy.Win32.Stealer.vqf
GData	Trojan.GenericKD.45211445
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C4280701
Acronis	suspicious
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Kryptik.HILM
TrendMicro-HouseCall	TROJ_GEN.R002C0WLS20
Rising	Backdoor.Agent!8.C5D (TFE:5:IhzqwXEXQUL)
Ikarus	Trojan.Win32.AutoHotKey
eGambit	Unsafe.AI_Score_72%
Fortinet	W32/Kryptik.HGHW!tr
Webroot	W32.Trojan.Gen
AVG	Win32:DropperX-gen [Drp]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.Spy.083