Categories: SpyTrojan

Trojan-Spy.Win32.Stealer.vqh malicious file

The Trojan-Spy.Win32.Stealer.vqh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Spy.Win32.Stealer.vqh virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Performs some HTTP requests
Unconventionial language used in binary resources: Ukrainian
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Attempts to repeatedly call a single API many times in order to delay analysis time
Attempts to identify installed AV products by installation directory
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

iplogger.org

leatherbond.top

How to determine Trojan-Spy.Win32.Stealer.vqh?


File Info:
crc32: F6885B6Fmd5: cf9789f166db5c71af1b66f9b6ace520name: CF9789F166DB5C71AF1B66F9B6ACE520.mlwsha1: aa8162bb254d0bdd93c980bf74be9acbe5a525dcsha256: 4eb5508fd5f2e2e2c78f406c2312dd83d7790d3822cb2182fbb86df85afd6777sha512: ee4c53bff067ebc76b8c27b8dd163640409864168c924869d7f8fe2543da4d03c0ae55cc08e1b2bd36684df72d4d21453b3ca6fff28c16737b123a27bdc793acssdeep: 12288:lt/iCUEqXidfu7Gc7zkmsfN2hN7QzxPgXTMccF3mL/0RZvGK:lt/iCsiVu7Gg4NSsdPgXTMccsoZvGKtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
InternalSurname: debaukd.ekzeProduct: 1.7.7FileVersions: 1.0.5.6LegalCo: Copyri (C) 2019, permudationz

Trojan-Spy.Win32.Stealer.vqh also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.45211615
FireEye	Generic.mg.cf9789f166db5c71
Qihoo-360	Win32/Trojan.Spy.6a6
McAfee	RDN/Generic.grp
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0057558f1 )
BitDefender	Trojan.GenericKD.45211615
K7GW	Trojan ( 0057558f1 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/Kryptik.CVF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	Trojan-Spy.Win32.Stealer.vqh
Alibaba	TrojanSpy:Win32/Stealer.052337f5
ViRobot	Trojan.Win32.Z.Agent.609280.CB
AegisLab	Trojan.Multi.Generic.4!c
Tencent	Win32.Trojan-spy.Stealer.Tclz
Ad-Aware	Trojan.GenericKD.45211615
Sophos	Mal/Generic-S
Comodo	Malware@#3lwxh57tqtgzx
F-Secure	Trojan.TR/AD.AHKInfoSteal.muasi
DrWeb	Trojan.MulDrop16.3346
TrendMicro	TROJ_GEN.R002C0WLS20
McAfee-GW-Edition	BehavesLike.Win32.PWSBanker.hc
Emsisoft	Trojan.GenericKD.45211615 (B)
SentinelOne	Static AI – Malicious PE
Webroot	W32.Trojan.Gen
Avira	TR/AD.AHKInfoSteal.muasi
MAX	malware (ai score=83)
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Zenpack.MT!MTB
Gridinsoft	Trojan.Win32.Kryptik.oa
Arcabit	Trojan.Generic.D2B1DFDF
ZoneAlarm	Trojan-Spy.Win32.Stealer.vqh
GData	Trojan.GenericKD.45211615
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.RL_Kryptik.R360897
Acronis	suspicious
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Kryptik.HILM
TrendMicro-HouseCall	TROJ_GEN.R002C0WLS20
Rising	Backdoor.Agent!8.C5D (TFE:5:IhzqwXEXQUL)
Yandex	TrojanSpy.Stealer!5Fr30jRCB/g
Ikarus	Trojan.Win32.Crypt
eGambit	Unsafe.AI_Score_90%
Fortinet	W32/Kryptik.HGHW!tr
AVG	Win32:DropperX-gen [Drp]
Cybereason	malicious.b254d0
Paloalto	generic.ml