Adware

Win32/Adware.Qjwmonkey.M removal

Malware Removal

The Win32/Adware.Qjwmonkey.M is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Adware.Qjwmonkey.M virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Attempted to write directly to a physical drive
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Win32/Adware.Qjwmonkey.M?



File Info:

name: 9CA4E0AB53A6FA2BEB58.mlw
path: /opt/CAPEv2/storage/binaries/f1886f18fbe9c5c6bdaa911d903d1772153ed0c4f0145a7f842754d7dfd86845
crc32: 80D8DD3F
md5: 9ca4e0ab53a6fa2beb58e6e76d3ff2e1
sha1: 49e3ca19c0b873cd0a6674cb3e3265fa8ca9521f
sha256: f1886f18fbe9c5c6bdaa911d903d1772153ed0c4f0145a7f842754d7dfd86845
sha512: 40c415f6bf556e5aff8cbea3e92484bd5b9a80f438e62ad654f64d4c22006fde727ee238e961fd0c615b04633b1d220b6dfe74934cc16aab674c4aa7da303689
ssdeep: 12288:MC6wyk1nvfBP0FQoOd/566f81qjbravk7o3xLWAB8TMfo+aqwFtaif8dHOqPNspS:MC6wp1vfhboOb66Uyavk8hdo+g8BOONv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17EE42231EAE94801F21BCD377911C6B224A8FC44D3D5920A67DCBF27ABBA714513876E
sha3_384: fece1c15995a2510830c2ba586a3070a46b2cc0c373fd03cf8bff1552082ad51b34d0b63b0368fe7499c746c0c71bb8f
ep_bytes: 60be00d050008dbe0040efffc787a461
timestamp: 2021-11-11 11:21:42


Version Info:

FileDescription: _
FileVersion: 6.0.0.1111
InternalName: SEM智能下载器.exe
LegalCopyright: Copyright (C) 2021
OriginalFilename: SEM智能下载器.exe
ProductName: SEM智能下载器.exe
Translation: 0x0804 0x04b0

Win32/Adware.Qjwmonkey.M also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38576818
FireEyeGeneric.mg.9ca4e0ab53a6fa2b
CAT-QuickHealPUA.QjwmonkeyRI.S24673361
ALYacTrojan.GenericKD.38576818
CylanceUnsafe
ZillyaAdware.Qjwmonkey.Win32.985
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 00589a401 )
K7GWAdware ( 00589a401 )
CrowdStrikewin/grayware_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34182.OmMfaao805oj
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Adware.Qjwmonkey.M
ClamAVWin.Adware.Qjwmonkey-9917133-0
Kasperskynot-a-virus:HEUR:AdWare.Win32.ExtInstaller.gen
BitDefenderTrojan.GenericKD.38576818
AvastWin32:AdwareX-gen [Adw]
RisingAdware.Downloader!1.DB04 (CLASSIC)
SophosGeneric PUA EJ (PUA)
McAfee-GW-EditionBehavesLike.Win32.CoinMiner.jc
EmsisoftTrojan.GenericKD.38576818 (B)
SentinelOneStatic AI – Malicious PE
JiangminAdWare.Qjwmonkey.br
AviraADWARE/Qjwmonkey.Gen
Antiy-AVLTrojan/Generic.ASMalwS.34EE1F4
MicrosoftPUAAdvertising:Win32/Qjwmonkey
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.ExtInstaller.gen
GDataTrojan.GenericKD.38576818
CynetMalicious (score: 100)
AhnLab-V3Adware/Win.Razy.R467466
McAfeeGenericRXAA-AA!9CA4E0AB53A6
MAXmalware (ai score=86)
VBA32BScope.Adware.Qjwmonkey
MalwarebytesAdware.Qjwmonkey
TencentPua:Adware.Win32.Downloader.16000011
YandexPUA.ExtInstaller!B2rq8EtiKx8
MaxSecureTrojan.Malware.121218.susgen
FortinetAdware/Qjwmonkey.M
AVGWin32:AdwareX-gen [Adw]
PandaTrj/Genetic.gen

How to remove Win32/Adware.Qjwmonkey.M?

Win32/Adware.Qjwmonkey.M removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment