Categories: SpyTrojan

Trojan-Spy.Win32.Stealer.vqg (file analysis)

The Trojan-Spy.Win32.Stealer.vqg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Spy.Win32.Stealer.vqg virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Performs some HTTP requests
Unconventionial language used in binary resources: Ukrainian
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Attempts to repeatedly call a single API many times in order to delay analysis time
Attempts to identify installed AV products by installation directory
Checks the CPU name from registry, possibly for anti-virtualization
Anomalous binary characteristics

Related domains:

iplogger.org

leatherbond.top

How to determine Trojan-Spy.Win32.Stealer.vqg?


File Info:
crc32: 192323E3md5: 0f672da130703a4bbbe1255b9467ef36name: 0F672DA130703A4BBBE1255B9467EF36.mlwsha1: 45d3adc63371a57dc617674a5e14d0265d590f24sha256: 226bf9a09e806c9d0a83adaef1711ad8a37058208e803fbf92cbf8be7e057f66sha512: 32c60623483d091b6d12bb83a9681cc1a508bd5981f99b482de1a53d0af56b5a2756617b195a151767b82aabbcf2e3dcd53773ef781ccb194ff26aaddca30015ssdeep: 12288:Lj3WWS1NzzfbrAy0P45plsA11R9KTHG6o3n4Feb0mq:33VelrQ45pjsH3o3n4Feb0mqtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
InternalSurname: debaukd.ekzeProduct: 1.7.7FileVersions: 1.0.5.6LegalCo: Copyri (C) 2019, permudationz

Trojan-Spy.Win32.Stealer.vqg also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.35897452
FireEye	Generic.mg.0f672da130703a4b
McAfee	RDN/Generic.dx
Cylance	Unsafe
AegisLab	Trojan.Multi.Generic.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 005755cb1 )
BitDefender	Trojan.GenericKD.35897452
K7GW	Trojan ( 005755cb1 )
Cybereason	malicious.63371a
Cyren	W32/Kryptik.CVF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	Trojan-Spy.Win32.Stealer.vqg
Alibaba	TrojanSpy:Win32/Stealer.e201c0f3
ViRobot	Trojan.Win32.Z.Agent.608768.DE
Tencent	Win32.Trojan-spy.Stealer.Hzb
Ad-Aware	Trojan.GenericKD.35897452
Emsisoft	Trojan.GenericKD.35897452 (B)
Comodo	Malware@#1w3ugjt84azyc
F-Secure	Trojan.TR/AD.AHKInfoSteal.plxzy
DrWeb	Trojan.MulDrop16.3346
TrendMicro	TROJ_GEN.R002C0WLS20
McAfee-GW-Edition	BehavesLike.Win32.PWSBanker.hc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Crypt
Avira	TR/AD.AHKInfoSteal.plxzy
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Zenpack.MT!MTB
Gridinsoft	Trojan.Win32.Packed.oa
Arcabit	Trojan.Generic.D223C06C
ZoneAlarm	Trojan-Spy.Win32.Stealer.vqg
GData	Trojan.GenericKD.35897452
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C4282774
Acronis	suspicious
MAX	malware (ai score=88)
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Kryptik.HILM
TrendMicro-HouseCall	TROJ_GEN.R002C0WLS20
Rising	Backdoor.Agent!8.C5D (TFE:5:IhzqwXEXQUL)
Yandex	TrojanSpy.Stealer!8KZPvdTVy5c
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_71%
Fortinet	W32/Kryptik.HGHW!tr
Webroot	W32.Trojan.Gen
AVG	Win32:DropperX-gen [Drp]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.Spy.d8e