Malware

About “Win32/Agent.QQB” infection

Malware Removal

The Win32/Agent.QQB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Agent.QQB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine Win32/Agent.QQB?



File Info:

name: A4443BC4F7BAF4868B24.mlw
path: /opt/CAPEv2/storage/binaries/695b44856fec84860410433333430f96236d65f86010ca918e6bb0cd208c90c7
crc32: E6CAED0B
md5: a4443bc4f7baf4868b2453307e5697c5
sha1: 49637469227663cff2e5d92ac6db814e0c8ced4f
sha256: 695b44856fec84860410433333430f96236d65f86010ca918e6bb0cd208c90c7
sha512: 5410e526ba519c46795a77f9afdfe79a2b4535f018a8a6e4ddbca804382c2b4bab741b05edd2af3d2eb028ad2ceaae2e77b4c21d85ddcaedd3dbb3a02430fd0b
ssdeep: 3072:lxvp8AYCgVqlztUPlGYUL/BjiM6coZdLbZ2K3slWTgFZtjbDbEd:lxh8p6ztEGTAjc+PZ2K8lbbE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18114AF1176D4C073C79B5274112FEB15A77BA6424B268EC3B3992F786D213E06F3E289
sha3_384: e562d6d94079d1c61bad0e4059671ff7f442d0e70ef333296a0f71a41b46ec6e704d92d42395a0d9cd0db6fd1ed74117
ep_bytes: e8958f0000e916feffff558bec81ec28
timestamp: 2010-05-06 13:47:37


Version Info:

0: [No Data]

Win32/Agent.QQB also known as:

LionicTrojan.Win32.Agent.Y!c
MicroWorld-eScanTrojan.GenericKD.61032501
ClamAVWin.Trojan.Mikey-9958102-0
FireEyeGeneric.mg.a4443bc4f7baf486
ALYacTrojan.GenericKD.61032501
CylanceUnsafe
VIPRETrojan.GenericKD.61032501
SangforInfostealer.Win32.Agent.Vmma
K7AntiVirusTrojan ( 0047f8621 )
AlibabaTrojanPSW:Win32/Turla.0bc77e83
K7GWTrojan ( 0047f8621 )
Cybereasonmalicious.922766
VirITTrojan.Win32.DownLoader12.GJU
CyrenW32/ABPWS.STUT-7056
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Agent.QQB
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-PSW.Win32.Agent.aota
BitDefenderTrojan.GenericKD.61032501
NANO-AntivirusTrojan.Win32.Agent.dhbmgz
AvastWin32:Agent-AUOB [Trj]
TencentMalware.Win32.Gencirc.1202c2e0
Ad-AwareTrojan.GenericKD.61032501
EmsisoftTrojan.GenericKD.61032501 (B)
DrWebTrojan.DownLoader12.4310
ZillyaTrojan.Agent.Win32.527039
TrendMicroTROJ_GEN.R002C0RGP22
McAfee-GW-EditionRDN/Generic PWS.y
Trapminemalicious.moderate.ml.score
SophosMal/Generic-R + Troj/PWS-CHQ
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.Bunny.B
JiangminTrojan/PSW.Agent.nhd
AviraTR/Agent.192512.302
Antiy-AVLTrojan/Generic.ASMalwS.4B
KingsoftWin32.PSWTroj.Agent.ao.(kcloud)
ArcabitTrojan.Generic.D3A34835
ViRobotTrojan.Win32.Z.Agent.202072
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win.Agent.C5215278
McAfeeRDN/Generic PWS.y
MAXmalware (ai score=83)
VBA32TrojanPSW.Agent
MalwarebytesMalware.AI.3551400754
TrendMicro-HouseCallTROJ_GEN.R002C0RGP22
RisingStealer.Agent!8.C2 (CLOUD)
YandexTrojan.Agent!MYw2JbNISBs
IkarusTrojan.Win32.Turla
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaF.34592.muY@aCr2O7n
AVGWin32:Agent-AUOB [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Win32/Agent.QQB?

Win32/Agent.QQB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment