Categories: Malware

About “Win32/Agent.NQT” infection

The Win32/Agent.NQT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Agent.NQT virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
At least one process apparently crashed during execution
Dynamic (imported) function loading detected
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32/Agent.NQT?


File Info:
name: 91B43924BB9D5725AA29.mlwpath: /opt/CAPEv2/storage/binaries/d2d27cbcec7bbe9507aca896a4e30116f40c56dd14a0f9bc42cd3bfcfd7b775acrc32: C4C42253md5: 91b43924bb9d5725aa2950d1afd6f472sha1: 6e467053c36ea8a49639a4e5943ba1f9422c9858sha256: d2d27cbcec7bbe9507aca896a4e30116f40c56dd14a0f9bc42cd3bfcfd7b775asha512: e5d8a9e069681f698ce3ad406a7c67c131df95649a7c6e0c0a87f2b2bd2257f4d0c815397f4093178a13cf22795d0d2cf96f5c6002e9d6a27ecb9e01b7ec9e48ssdeep: 49152:1m5hQs04nOSem7VjKtnbVkSlNsuuNw6tLMm5:1ml0SOStj2kSlNe5NBtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T147D55C10E301512ADDB724F90A9D726EA11CEFB0072410D792C97BFE9E7AAE13D3525Bsha3_384: 1897688fbec9fa0865064201aa7c20a7cb6a2fb8f24b9906d3bfc8908b6c8491565e3502efd85081909255725b39596eep_bytes: 8bff558bece8963c0100e8110000005dtimestamp: 2013-08-24 04:16:20
Version Info:
Comments: U盘病毒     功能:模仿已有的U盘病毒    感染移动存贮器的一级目录 CompanyName: U盘病毒应用程序  测试使用请务非法传播FileDescription: U盘病毒   只做测试使用 http:/www.郭华.comFileVersion: 1, 0, 0, 0InternalName: NetCorpseLegalCopyright: 版权所有 JACK  只做测试  2009-1-22 http:/www.郭华.comLegalTrademarks: OriginalFilename: hacker.exePrivateBuild: ProductName: U盘病毒应用程序 http:/www.郭华.comProductVersion: 1, 0, 0, 0SpecialBuild: Translation: 0x0804 0x04b0

Win32/Agent.NQT also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ulise.150999
FireEye	Generic.mg.91b43924bb9d5725
CAT-QuickHeal	Trojan.Mauvaise.SL1
ALYac	Gen:Variant.Ulise.150999
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004cdaa31 )
BitDefender	Gen:Variant.Ulise.150999
K7GW	Trojan ( 004cdaa31 )
Cybereason	malicious.4bb9d5
BitDefenderTheta	Gen:NN.ZexaF.34742.Rw0@aq2qSBaj
VirIT	Trojan.Win32.Siggen6.TPA
Cyren	W32/Agent.CGS.gen!Eldorado
ESET-NOD32	Win32/Agent.NQT
Baidu	Win32.Worm.Agent.fi
TrendMicro-HouseCall	Worm.Win32.MALEX.SMNH
Kaspersky	Trojan-Dropper.Win32.Daws.edea
NANO-Antivirus	Trojan.Win32.Daws.erexrx
Rising	Trojan.Win32.FakeFolder.ch (CLASSIC)
Ad-Aware	Gen:Variant.Ulise.150999
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.TrojanDropper.Daws.M@83sej7
DrWeb	Trojan.Siggen6.13234
Zillya	Worm.Agent.Win32.25838
TrendMicro	Worm.Win32.MALEX.SMNH
McAfee-GW-Edition	GenericR-DPF!91B43924BB9D
Emsisoft	Gen:Variant.Ulise.150999 (B)
APEX	Malicious
Jiangmin	Trojan/Generic.bahuh
Avira	HEUR/AGEN.1243024
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Ulise.150999
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win32.Malex.R173297
McAfee	GenericR-DPF!91B43924BB9D
MAX	malware (ai score=80)
VBA32	TrojanDropper.Daws
Malwarebytes	Trojan.Malex
Panda	Generic Malware
Tencent	Trojan.Win32.FakeFolder.t
Yandex	Trojan.GenAsa!yHiL46hs8WM
Ikarus	Trojan.Win32.FlyStudio
Fortinet	W32/Agent.NQT!tr
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_90% (W)