Trojan

TrojanDownloader:Win32/Banload.AQI malicious file

Malware Removal

The TrojanDownloader:Win32/Banload.AQI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Banload.AQI virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Unconventionial language used in binary resources: Portuguese (Brazilian)
  • Executed a process and injected code into it, probably while unpacking

Related domains:

mourarl2012.sdserver2.com

How to determine TrojanDownloader:Win32/Banload.AQI?



File Info:

crc32: 87F1A4D4
md5: 5c707635d20523c87535fe2f0d5950a4
name: 5C707635D20523C87535FE2F0D5950A4.mlw
sha1: cc40c9839ebc96656db0f54bb042998a99a526ce
sha256: 7212c9bf02c14608f05fa50f8cd7ba7aa05f8236dc34a7ea893428b6ad9ec36d
sha512: 0aab14ca4de4cc1b955f8aee996a43d510421b42b327900e911d09a3482cc7b75e1d41fa69f9eb5c71944505b5bdef805842496250d6e2ff969132ba5bc6e183
ssdeep: 12288:DOoUtM6py/CoLQwqMIiGZ/fBIH+sgNZd:DQC6M/CokwqMIiwBIH
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2012
InternalName: ?
FileVersion: 1, 2, 0, 300
CompanyName: Nrsft
Comments: Scs
ProductVersion: 1, 2, 0, 3
OriginalFilename: ?.EXE
Translation: 0x0409 0x04b0

TrojanDownloader:Win32/Banload.AQI also known as:

CynetMalicious (score: 85)
FireEyeGeneric.mg.5c707635d20523c8
McAfeeArtemis!5C707635D205
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 7000000f1 )
BitDefenderGen:Variant.Zusy.Elzob.24565
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.5d2052
CyrenW32/Graftor.BC.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Delf-TBE [Trj]
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojan:Win32/DelfInject.ali2000015
NANO-AntivirusTrojan.Win32.Delphi.eyxzia
AegisLabTrojan.Win32.Generic.l78q
MicroWorld-eScanGen:Variant.Zusy.Elzob.24565
RisingTrojan.Generic@ML.100 (RDMK:ubMV7MvjeAlf4qH3x2hk2A)
Ad-AwareGen:Variant.Zusy.Elzob.24565
SophosTroj/Agent-YPI
ComodoMalware@#23qzbpn6kwzva
F-SecureDropper.DR/Delphi.Gen
TrendMicroTROJ_GEN.R002C0DL920
McAfee-GW-EditionBehavesLike.Win32.Infected.gh
EmsisoftGen:Variant.Zusy.Elzob.24565 (B)
JiangminTrojan/Generic.aokms
WebrootW32.Malware.Gen
AviraDR/Delphi.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan/Win32.Unknown
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojanDownloader:Win32/Banload.AQI
ArcabitTrojan.Zusy.Elzob.D5FF5
SUPERAntiSpywareTrojan.Agent/Gen-MalPE
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Zusy.Elzob.24565
AhnLab-V3Trojan/Win32.Inject.R43045
BitDefenderThetaAI:Packer.21ECB2CB21
ALYacGen:Variant.Zusy.Elzob.24565
VBA32Trojan.Buzus
MalwarebytesMalware.AI.934962932
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Injector.YJA
TrendMicro-HouseCallTROJ_GEN.R002C0DL920
TencentWin32.Trojan.Graftor.Sxye
YandexTrojan.GenAsa!M/gQd8OHZ9A
IkarusTrojan.Win32.Rbot
FortinetW32/Injector.WQD!tr
AVGWin32:Delf-TBE [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.e6d

How to remove TrojanDownloader:Win32/Banload.AQI?

TrojanDownloader:Win32/Banload.AQI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment