Virus

Virus:Win32/Viking.KQ removal

Malware Removal

The Virus:Win32/Viking.KQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Virus:Win32/Viking.KQ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Manipulates data from or to the Recycle Bin
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Attempts to modify desktop wallpaper
  • Behavioural detection: Injection (inter-process)
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Virus:Win32/Viking.KQ?


File Info:

name: 5963DD02C1035B38352E.mlw
path: /opt/CAPEv2/storage/binaries/4f96d9c1a2f84c258a224fe1920ecea9a99309b621c10f5483203bc9d5eccf2a
crc32: F9C4D3F0
md5: 5963dd02c1035b38352e2e4300be409b
sha1: 2f689f83af441eed010f585bcff6786877aa5853
sha256: 4f96d9c1a2f84c258a224fe1920ecea9a99309b621c10f5483203bc9d5eccf2a
sha512: 6384b5d2a55a780ec73f46cdc3028fdeb5cd5d4fa016fdbdd92ff16abcc94edc363ff704d032e83729aa94ff7d2b4151dfd6664dff16d72cbd769ab6a8f7b610
ssdeep: 3072:ZKSkQOueDKHPamHd6xr2NvGz7yJ8nD9UR9whwtvTRMBP3npj4+gLS84UoV37Egv:EQOuVaQd/vWE8RUNKBP3npj4/0hv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10E142851B7E6B072F0B26AB05DB995A12C3BBE601F3484DFB19D4A4E5B732C14838763
sha3_384: a7f13cc978d047a3492269cbba61b5a4fad3026512841eb56d0105a82aa8023351e3e91816ad13f07d6337974a7b41f9
ep_bytes: 558bec83c4f0b8a40c4100e81c34ffff
timestamp: 1992-06-19 22:22:17

Version Info:

CompanyName:
FileDescription:
FileVersion: 1.0.0.0
InternalName:
LegalCopyright:
LegalTrademarks:
OriginalFilename:
ProductName:
ProductVersion: 1.0.0.0
Comments:
Translation: 0x0804 0x03a8

Virus:Win32/Viking.KQ also known as:

BkavW32.LockedB.PE
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop6.20999
MicroWorld-eScanTrojan.Crypt.Delf.AF
FireEyeGeneric.mg.5963dd02c1035b38
CAT-QuickHealW32.Viking.gen
McAfeeW32/HLLP.w.gen
CylanceUnsafe
ZillyaWorm.Viking.Win32.2
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.2c1035
BitDefenderThetaGen:NN.ZelphiF.34294.mG3@a0RCSdcb
CyrenW32/Worm.RQLK-7436
SymantecW32.Looked.P
ESET-NOD32Win32/Viking.CF
TrendMicro-HouseCallPE_LOOKED.GEN
ClamAVWin.Trojan.Philis-159
KasperskyWorm.Win32.Viking.bi
BitDefenderTrojan.Crypt.Delf.AF
NANO-AntivirusTrojan.Win32.Viking.ccwyb
SUPERAntiSpywareTrojan.Agent/Gen-Viking
AvastWin32:Viking-AN [Wrm]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareTrojan.Crypt.Delf.AF
SophosML/PE-A + W32/Looked-AR
ComodoWin32.Viking.CF~clean@20gc
BaiduWin32.Worm.Viking.a
VIPREVirus.Win32.Viking.kq (v)
TrendMicroPE_LOOKED.GEN
McAfee-GW-EditionBehavesLike.Win32.HLLPPhilis.dh
EmsisoftTrojan.Crypt.Delf.AF (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.Crypt.Delf.AF
JiangminWorm/Viking.ik
MaxSecureWorm.W32.Viking.bb
AviraW32/Viking.Gen
MAXmalware (ai score=84)
Antiy-AVLTrojan/Generic.ASBOL.D30
ViRobotWorm.Win32.Viking.74740
MicrosoftVirus:Win32/Viking.KQ
CynetMalicious (score: 100)
AhnLab-V3Win32/Viking.Gen
Acronissuspicious
ALYacTrojan.Crypt.Delf.AF
VBA32BScope.Trojan.Click
MalwarebytesMalware.AI.39541933
APEXMalicious
RisingWorm.Viking.ei (CLASSIC)
YandexTrojan.GenAsa!1i2/IxMo9hY
FortinetW32/Viking.HL!worm
AVGWin32:Viking-AN [Wrm]
PandaW32/Viking.BN
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Virus:Win32/Viking.KQ?

Virus:Win32/Viking.KQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment