Trojan

How to remove “Trojan.Win32.Copak.qbab”?

Malware Removal

The Trojan.Win32.Copak.qbab is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Copak.qbab virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Creates a copy of itself

How to determine Trojan.Win32.Copak.qbab?



File Info:

name: 81E65B0563B4794DBA1B.mlw
path: /opt/CAPEv2/storage/binaries/fbad22ad78671e40435f40e514cb78e561bfd35b2010b33a3738cadbb748840c
crc32: ED0D28AA
md5: 81e65b0563b4794dba1b0523813c396a
sha1: 98262730e18f394ae536afb0afdc3c10c0797e30
sha256: fbad22ad78671e40435f40e514cb78e561bfd35b2010b33a3738cadbb748840c
sha512: 78c07af638868ba6457a70df926694fb951f839e7106409f988e67980c6019a3432e507a3d42621869834e85ad6a9799d1f15ed5f9f0ae9270dd7a2bf9e84c6b
ssdeep: 3072:c8oESqifzHfUJNt2XnZFJzDLAXWzdos2YtAGXvuqRrLAXWC:cpTyt2X9X6Ud58kvuqx61
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T13224AEFB1A4CB9C8C5721335F3C68E1A42059612E8449C7FE445674BAAFAF75783C8A3
sha3_384: 987506b30cea1b22f4cf8bc2a0348035b440cddef001cea82f264da8adf974595cd619bfeb2c892617d79cf7e9339d94
ep_bytes: bbd9b6f75929ce68d885400001d66800
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Trojan.Win32.Copak.qbab also known as:

LionicTrojan.Win32.Copak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.865537
FireEyeGeneric.mg.81e65b0563b4794d
McAfeeGlupteba-FTSD!81E65B0563B4
CylanceUnsafe
ZillyaTrojan.Injector.Win32.1416663
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 00577ea11 )
AlibabaTrojan:Win32/Glupteba.4e25efc5
K7GWTrojan ( 00577ea11 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34182.ouZ@aeSC5Sd
CyrenW32/Zbot.W.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.DZQA
TrendMicro-HouseCallTSPY_EMOTET.SMZD177
Paloaltogeneric.ml
ClamAVWin.Packed.Razy-9933372-0
KasperskyTrojan.Win32.Copak.qbab
BitDefenderGen:Variant.Razy.865537
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
APEXMalicious
TencentTrojan.Win32.Copak.wd
EmsisoftGen:Variant.Razy.865537 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.Siggen14.7487
TrendMicroTSPY_EMOTET.SMZD177
McAfee-GW-EditionBehavesLike.Win32.Glupteba.dc
SophosML/PE-A + Troj/Agent-BGOS
IkarusTrojan.Win32.Glupteba
AviraTR/Dropper.Gen
MAXmalware (ai score=81)
Antiy-AVLTrojan/Win32.Injector
MicrosoftTrojan:Win32/Glupteba.DB!MTB
ViRobotTrojan.Win32.Z.Razy.229377.AF
ZoneAlarmTrojan.Win32.Copak.qbab
GDataGen:Variant.Razy.865537
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R293305
VBA32BScope.Trojan.Wacatac
ALYacGen:Variant.Razy.865537
MalwarebytesTrojan.Crypt
AvastWin32:Trojan-gen
RisingTrojan.Kryptik!1.D284 (CLOUD)
YandexTrojan.Injector!dg67DsoiaEg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Copak.AGMG!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.563b47

How to remove Trojan.Win32.Copak.qbab?

Trojan.Win32.Copak.qbab removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment