Categories: Trojan

Trojan:Win32/QHosts.BF removal

The Trojan:Win32/QHosts.BF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/QHosts.BF virus can do?

Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
A scripting utility was executed
Uses Windows utilities for basic functionality
Uses Windows utilities to create a scheduled task
The sample wrote data to the system hosts file.
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/QHosts.BF?


File Info:
name: E082B88DF640EE43A4D9.mlwpath: /opt/CAPEv2/storage/binaries/66c229ead49189d369d04c41bd28a045b2b48b73233cd874c18bcd15f476c535crc32: 1AC825D7md5: e082b88df640ee43a4d9ef63a3b0cd40sha1: 57753829fd791eb29c48216710b65dd65f33da9csha256: 66c229ead49189d369d04c41bd28a045b2b48b73233cd874c18bcd15f476c535sha512: 096debbbbdbb2fc8476883de041193254235e8eedc2377c4fbec801e06416d18e0ee41dea6a179a02696f0c8e905a57d4897236c3f89cc857a9bbaa59f10386dssdeep: 3072:+BAp5XhKpN4eOyVTGfhEClj8jTk+0hdWMQ11Gas:VbXE9OiTGfhEClq9bMc1tstype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1E004F812A4418973C0010576CC079E96B4A72DD03E35B7B3BFB55AFBCE69C8A7B2C169sha3_384: 1226045e3ccacd8e6927ae78902a5368530e032589162561b9e2dc2b91e1f653d6f6e015e7459ee62cdab259316c0537ep_bytes: 558bec83c4f0b89c7c4100e86cabfefftimestamp: 1992-06-19 22:22:17
Version Info:
Comments: CompanyName: koasols                                                     FileDescription: 8000009 0.1009 Installation                                 FileVersion: 0.1009              LegalCopyright: koasols                                                                                             Translation: 0x0409 0x04e4

Trojan:Win32/QHosts.BF also known as:

Bkav	W32.AIDetectMalware
DrWeb	Trojan.Hosts.6553
MicroWorld-eScan	Gen:Heur.SMHeist.1
FireEye	Gen:Heur.SMHeist.1
CAT-QuickHeal	BAT/Qhost.AF
McAfee	Generic StartPage.sim
Cylance	unsafe
Sangfor	Trojan.Win32.Bicololo.Vrs4
K7AntiVirus	Trojan ( 003982501 )
Alibaba	TrojanDownloader:Win32/QHosts.2935787c
K7GW	Trojan ( 003982501 )
Cybereason	malicious.df640e
Cyren	W32/Qhost.M.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Bicololo.A
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:Trojan.Win32.Bicololo
BitDefender	Gen:Heur.SMHeist.1
NANO-Antivirus	Trojan.Script.Qhost.cjeaqy
SUPERAntiSpyware	Trojan.Agent/Gen-BIcololo
Avast	BV:Bicololo-CD [Trj]
Tencent	Win32.Trojan.Dropper.Sgil
Emsisoft	Gen:Heur.SMHeist.1 (B)
F-Secure	Malware.VBS/Bicololo.N
VIPRE	Gen:Heur.SMHeist.1
McAfee-GW-Edition	BehavesLike.Win32.ObfuscatedPoly.cm
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.SuspectCRC
GData	Gen:Heur.SMHeist.1
Avira	TR/Dropper.Gen
Xcitium	TrojWare.Win32.Bicololo.AA@51cpp4
Arcabit	Trojan.SMHeist.1
ZoneAlarm	HEUR:Trojan-Downloader.Script.Generic
Microsoft	Trojan:Win32/QHosts.BF
Google	Detected
ALYac	Gen:Heur.SMHeist.1
MAX	malware (ai score=100)
Panda	Trj/CI.A
Yandex	Trojan.Qhosts!W9gEaMTRx4w
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Bicololo.A!tr
AVG	BV:Bicololo-CD [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)