Malware

Win32/FlyStudio.OQO removal tips

Malware Removal

The Win32/FlyStudio.OQO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/FlyStudio.OQO virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Behavior consistent with a dropper attempting to download the next stage.
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Win32/FlyStudio.OQO?


File Info:

name: 04F9F9265EBF716FB8D1.mlw
path: /opt/CAPEv2/storage/binaries/14096f9b01306019cb0f790402eab8be314a1332b6d9cdb0ccf35c56aed175b7
crc32: DC058218
md5: 04f9f9265ebf716fb8d155ea311d7e39
sha1: a1d6b62a2e24d683cdd579a52cf1c862dc379bb0
sha256: 14096f9b01306019cb0f790402eab8be314a1332b6d9cdb0ccf35c56aed175b7
sha512: b7cd2ca42c0209d7525838324c6b01d783d6c7b4fe3eb5fcf25123f7f30f29fdb31812d6899338075527dfa4fda027707d96624786c0580cf3fb484d04636736
ssdeep: 24576:tgbQ9+3D+NwPhe/z2d1PzKJT+cxaBhZuGlMdFbURZPNxgVkuu2ZUZpYQTtu:2M0z+NwJZd5cT+eoZuGlMfbiZ7wvQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10645AE33B644F8CAE364207CF1B057603DF96A566C6C80DBAE915E293C7295B2E4770E
sha3_384: fac7f0da0cf7d7d7a5e271dd095764df7ed056c6d13ba5639f0bd40de3b7389a10150ff0fae5c750dc1cf4cdbc9dfb2e
ep_bytes: f9eb0a2a3291832f935c8e027b60f873
timestamp: 2022-05-06 12:25:03

Version Info:

FileVersion: 10.8.4.10
FileDescription: piccee
ProductName: piccee
ProductVersion: 10.8.4.10
CompanyName: piccee
LegalCopyright: piccee
Comments: piccee
Translation: 0x0804 0x04b0

Win32/FlyStudio.OQO also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.39639359
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0040f54a1 )
AlibabaBackdoor:Win32/Poison.ec665ac6
K7GWTrojan ( 0040f54a1 )
Cybereasonmalicious.a2e24d
BitDefenderThetaGen:NN.ZexaF.34666.mv1@am9Xu4eb
CyrenW32/A-8128ee96!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/FlyStudio.OQO
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Tiggre-9845940-0
KasperskyBackdoor.Win32.Poison.kbqa
BitDefenderTrojan.GenericKD.39639359
NANO-AntivirusVirus.Win32.Agent.dvixmz
AvastWin32:Pasta [Cryp]
RisingTrojan.MalCert!1.D834 (CLOUD)
Ad-AwareTrojan.GenericKD.39639359
EmsisoftTrojan.GenericKD.39639359 (B)
ComodoPacked.Win32.Cryptcf.A@4pwi81
DrWebTrojan.Rootkit.22125
McAfee-GW-EditionBehavesLike.Win32.Flyagent.tc
FireEyeGeneric.mg.04f9f9265ebf716f
SophosMal/Generic-S + W32/Pidgeon-A
IkarusTrojan-GameThief.Win32.OnLineGames
GDataWin32.Trojan-Spy.KrBanker.SX6W07
JiangminTrojan.Generic.dkxdk
Antiy-AVLTrojan[Banker]/Win32.BlackMoon.a
KingsoftWin32.Hack.Poison.kb.(kcloud)
ZoneAlarmBackdoor.Win32.Poison.kbqa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
McAfeeFlyagent.d
MAXmalware (ai score=87)
VBA32BScope.Backdoor.Pasur
MalwarebytesTrojan.MalPack.FlyStudio
ZonerProbably Heur.ExeHeaderL
TrendMicro-HouseCallTROJ_GEN.R002C0PEB22
TencentWin32.Backdoor.Poison.Hfl
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.BELF!tr
AVGWin32:Pasta [Cryp]
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Win32/FlyStudio.OQO?

Win32/FlyStudio.OQO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment