Categories: SpyTrojan

Trojan-Spy.Win32.Stealer.vqj malicious file

The Trojan-Spy.Win32.Stealer.vqj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Spy.Win32.Stealer.vqj virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
At least one IP Address, Domain, or File Name was found in a crypto call
Performs some HTTP requests
Unconventionial language used in binary resources: Ukrainian
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Checks for the presence of known windows from debuggers and forensic tools
Installs itself for autorun at Windows startup
Attempts to identify installed AV products by installation directory
Checks the CPU name from registry, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Anomalous binary characteristics

Related domains:

iplogger.org

leatherbond.top

ip-api.com

How to determine Trojan-Spy.Win32.Stealer.vqj?


File Info:
crc32: 9A1F1288md5: a911862b8e009e674d018aaff16a326bname: A911862B8E009E674D018AAFF16A326B.mlwsha1: 03537444d8d5fee6c3a86cd5ee86a33cba1deecasha256: add432dca76d9ae5e7883d7fccba10211cbf0a6b2f694af0edc37a679739f375sha512: 903e7d5299d2c84f0a2cf2eeec77f48f0aaf0f0bb4947cddddca1667c0721b2ccb38c36573c125ef37f5bb33b9ab6003030fe2606db647d39c8bbab3ee090b02ssdeep: 12288:in+xcJsrMvbdgQipycBRkVOT4UnqGQA6ca96PhKN/zT/dqy5/QdAG9Li4NpPThD:o8cJsrMvZgQAPBRB4Unqa6ca96PhgzMtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
InternalSurname: debaukd.ekzeProduct: 1.7.7FileVersions: 1.0.5.6LegalCo: Copyri (C) 2019, permudationz

Trojan-Spy.Win32.Stealer.vqj also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop16.3346
MicroWorld-eScan	Trojan.GenericKD.35899386
FireEye	Generic.mg.a911862b8e009e67
Qihoo-360	Generic/HEUR/QVM11.1.38E6.Malware.Gen
ALYac	Trojan.GenericKD.35899386
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.35899386
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.4d8d5f
Cyren	W32/Kryptik.CVF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	Trojan-Spy.Win32.Stealer.vqj
Alibaba	TrojanSpy:Win32/Stealer.bfb9f8bc
AegisLab	Trojan.Win32.Malicious.4!c
Rising	Backdoor.Agent!8.C5D (TFE:5:IhzqwXEXQUL)
Ad-Aware	Trojan.GenericKD.35899386
Emsisoft	Trojan.GenericKD.35899386 (B)
F-Secure	Trojan.TR/Crypt.Agent.lltug
McAfee-GW-Edition	BehavesLike.Win32.Trojan.hc
Sophos	Mal/Generic-S
Ikarus	Trojan.SuspectCRC
Jiangmin	Trojan.Agent.dbjb
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.Agent.lltug
Antiy-AVL	Trojan/Win32.Kryptik
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Zenpack.MT!MTB
Gridinsoft	Trojan.Win32.Kryptik.oa
Arcabit	Trojan.Generic.D223C7FA
ZoneAlarm	Trojan-Spy.Win32.Stealer.vqj
GData	Trojan.GenericKD.35899386
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.R361128
Acronis	suspicious
McAfee	GenericRXAA-AA!A911862B8E00
MAX	malware (ai score=85)
VBA32	Trojan.Agent
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Kryptik.HILM
TrendMicro-HouseCall	TROJ_GEN.R002H0CLS20
Tencent	Win32.Trojan-spy.Stealer.Llgr
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_85%
Fortinet	W32/Kryptik.HGHW!tr
AVG	Win32:DropperX-gen [Drp]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (D)