Categories: Trojan

Trojan.Win32.Qshell.pef information

The Trojan.Win32.Qshell.pef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Qshell.pef virus can do?

Executable code extraction
Creates RWX memory
At least one IP Address, Domain, or File Name was found in a crypto call
Starts servers listening on 127.0.0.1:32767, 127.0.0.1:32768
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Looks up the external IP address
Queries information on disks, possibly for anti-virtualization
Sniffs keystrokes
Installs itself for autorun at Windows startup
Anomalous binary characteristics

Related domains:

api.ipify.org

time-a.nist.gov

time-a-g.nist.gov

time.nist.gov

How to determine Trojan.Win32.Qshell.pef?


File Info:
crc32: A80E0935md5: 0e182fa82cebb7c71134d22645d7181cname: 0E182FA82CEBB7C71134D22645D7181C.mlwsha1: 620ce9d1e80005fa11747ed2223e79c710774c87sha256: 53a06e86b64819a4b21977584c5ee1591c0299d45ebdaad1306b852c64ec5f89sha512: 1d3cf14c638beff88eb06fcffbc22a1e7cfcbca3dd7c21d960f82a5f40f65a3469519cd35ac6960e1d9ef959208132ed362bd25ae612832baeced75ce003145assdeep: 12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvWc:pjOMtd1a/yl3KOjBtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright xa9 1997-2017 Simon Tatham.InternalName: PSFTPFileVersion: Release 0.68CompanyName: Simon TathamProductName: PuTTY suiteProductVersion: Release 0.68FileDescription: Command-line interactive SFTP clientOriginalFilename: PSFTPTranslation: 0x0809 0x04b0

Trojan.Win32.Qshell.pef also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 005746321 )
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Banker1.36839
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Qshell
ALYac	Trojan.Mint.Zamg.O
Cylance	Unsafe
Zillya	Trojan.Qshell.Win32.5
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/Dridex.8aae5b4b
K7GW	Trojan ( 005746321 )
Cybereason	malicious.82cebb
Cyren	W32/Trojan.SNHH-0017
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HHYV
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Qshell.pef
BitDefender	Trojan.Mint.Zamg.O
NANO-Antivirus	Trojan.Win32.Qshell.idhocd
MicroWorld-eScan	Trojan.Mint.Zamg.O
Tencent	Malware.Win32.Gencirc.10ceac0b
Ad-Aware	Trojan.Mint.Zamg.O
Sophos	Mal/Generic-R + Mal/EncPk-APV
Comodo	Malware@#1e30w2nq8vmoi
BitDefenderTheta	Gen:NN.ZexaF.34170.Jy1@aeoJo!hi
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.hh
FireEye	Generic.mg.0e182fa82cebb7c7
Emsisoft	Trojan.Mint.Zamg.O (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Qshell.id
Avira	TR/Crypt.Agent.mfbto
Antiy-AVL	Trojan/Win32.Kryptik
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)
Microsoft	Trojan:Win32/Dridex.NA!MTB
Gridinsoft	Trojan.Win32.Kryptik.oa!s1
Arcabit	Trojan.Mint.Zamg.O
ZoneAlarm	HEUR:Trojan.Win32.Qshell.pef
GData	Trojan.Mint.Zamg.O
TACHYON	Backdoor/W32.Androm.579594
AhnLab-V3	Trojan/Win.Dridex.R432381
Acronis	suspicious
McAfee	GenericRXPM-KH!0E182FA82CEB
MAX	malware (ai score=88)
VBA32	BScope.Trojan.Jorik
Malwarebytes	Trojan.MalPack.VAK
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R06CC0DIJ21
Rising	Trojan.Generic@ML.100 (RDML:L0WEhjKO5u1x5cRjbyJAow)
Yandex	Trojan.Qshell!f4LpkobODOY
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W32/Kryptik.HIJR!tr
AVG	Win32:PWSX-gen [Trj]
Paloalto	generic.ml