Trojan.Win32.Qshell.pef information

Malware Removal

The Trojan.Win32.Qshell.pef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win32.Qshell.pef virus can do?

  • Executable code extraction
  • Creates RWX memory
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 127.0.0.1:32767, 127.0.0.1:32768
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Looks up the external IP address
  • Queries information on disks, possibly for anti-virtualization
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

Related domains:

api.ipify.org
time-a.nist.gov
time-a-g.nist.gov
time.nist.gov

How to determine Trojan.Win32.Qshell.pef?


File Info:

crc32: A80E0935
md5: 0e182fa82cebb7c71134d22645d7181c
name: 0E182FA82CEBB7C71134D22645D7181C.mlw
sha1: 620ce9d1e80005fa11747ed2223e79c710774c87
sha256: 53a06e86b64819a4b21977584c5ee1591c0299d45ebdaad1306b852c64ec5f89
sha512: 1d3cf14c638beff88eb06fcffbc22a1e7cfcbca3dd7c21d960f82a5f40f65a3469519cd35ac6960e1d9ef959208132ed362bd25ae612832baeced75ce003145a
ssdeep: 12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvWc:pjOMtd1a/yl3KOjB
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright xa9 1997-2017 Simon Tatham.
InternalName: PSFTP
FileVersion: Release 0.68
CompanyName: Simon Tatham
ProductName: PuTTY suite
ProductVersion: Release 0.68
FileDescription: Command-line interactive SFTP client
OriginalFilename: PSFTP
Translation: 0x0809 0x04b0

Trojan.Win32.Qshell.pef also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 005746321 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Banker1.36839
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Qshell
ALYacTrojan.Mint.Zamg.O
CylanceUnsafe
ZillyaTrojan.Qshell.Win32.5
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Dridex.8aae5b4b
K7GWTrojan ( 005746321 )
Cybereasonmalicious.82cebb
CyrenW32/Trojan.SNHH-0017
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HHYV
APEXMalicious
AvastWin32:PWSX-gen [Trj]
KasperskyHEUR:Trojan.Win32.Qshell.pef
BitDefenderTrojan.Mint.Zamg.O
NANO-AntivirusTrojan.Win32.Qshell.idhocd
MicroWorld-eScanTrojan.Mint.Zamg.O
TencentMalware.Win32.Gencirc.10ceac0b
Ad-AwareTrojan.Mint.Zamg.O
SophosMal/Generic-R + Mal/EncPk-APV
ComodoMalware@#1e30w2nq8vmoi
BitDefenderThetaGen:NN.ZexaF.34170.Jy1@aeoJo!hi
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.hh
FireEyeGeneric.mg.0e182fa82cebb7c7
EmsisoftTrojan.Mint.Zamg.O (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Qshell.id
AviraTR/Crypt.Agent.mfbto
Antiy-AVLTrojan/Win32.Kryptik
KingsoftWin32.Heur.KVMH008.a.(kcloud)
MicrosoftTrojan:Win32/Dridex.NA!MTB
GridinsoftTrojan.Win32.Kryptik.oa!s1
ArcabitTrojan.Mint.Zamg.O
ZoneAlarmHEUR:Trojan.Win32.Qshell.pef
GDataTrojan.Mint.Zamg.O
TACHYONBackdoor/W32.Androm.579594
AhnLab-V3Trojan/Win.Dridex.R432381
Acronissuspicious
McAfeeGenericRXPM-KH!0E182FA82CEB
MAXmalware (ai score=88)
VBA32BScope.Trojan.Jorik
MalwarebytesTrojan.MalPack.VAK
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R06CC0DIJ21
RisingTrojan.Generic@ML.100 (RDML:L0WEhjKO5u1x5cRjbyJAow)
YandexTrojan.Qshell!f4LpkobODOY
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.1728101.susgen
FortinetW32/Kryptik.HIJR!tr
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml

How to remove Trojan.Win32.Qshell.pef?

Trojan.Win32.Qshell.pef removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment