Malware

Win32/Injector.EQWQ removal guide

Malware Removal

The Win32/Injector.EQWQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.EQWQ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Lithuanian (Classic)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Avast Antivirus through the presence of a library
  • Anomalous binary characteristics

How to determine Win32/Injector.EQWQ?



File Info:

name: 5FC59642949D8C93F429.mlw
path: /opt/CAPEv2/storage/binaries/af5729b4f823dc18f7ef7a8d52b98eb6cb2f3dad6a7a54be265f8191e3396657
crc32: 5C3DCC9F
md5: 5fc59642949d8c93f429edbde6c870b8
sha1: 50e185eb8620bfd18969c48559b8b70b2e229f80
sha256: af5729b4f823dc18f7ef7a8d52b98eb6cb2f3dad6a7a54be265f8191e3396657
sha512: ffef7669335b584be6bcdbad80d7ff5af015c162b02145d4c69beeb27a4554f72cae15fbe1ef1f29509396ed70acd64b70fd26c42bbe78c38745c41df3cd74d1
ssdeep: 12288:AH37kRE3qeGxLNKhXK6SzOKq7beOgIgBvNyjOAqk:AQRE3qbLNKKDzOKqlM1yxqk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C1B4D023A6BC2109F1B31BB14D3690B519367CA25878DD4F2281AE5D1D72B43ADB873F
sha3_384: 86f06e0faab80eb53ce2c6b5d23fa0c83bdee11dbdb4862b07eca91065187f96f11644111afbb202cf119dd296b2b42c
ep_bytes: 6860274000e8eeffffff000000000000
timestamp: 2022-01-12 15:28:24


Version Info:

Translation: 0x0409 0x04b0
CompanyName: xxx
ProductName: DShowSample
FileVersion: 1.00
ProductVersion: 1.00
InternalName: tratka
OriginalFilename: tratka.exe

Win32/Injector.EQWQ also known as:

LionicTrojan.Win32.Stealer.l!c
Elasticmalicious (high confidence)
McAfeeArtemis!5FC59642949D
SangforSpyware.Win32.Stealer.ky
CrowdStrikewin/malicious_confidence_90% (W)
K7GWTrojan ( 0058cfd01 )
K7AntiVirusTrojan ( 0058cfd01 )
ESET-NOD32a variant of Win32/Injector.EQWQ
APEXMalicious
KasperskyTrojan-Spy.Win32.Stealer.aysl
RisingSpyware.Stealer!8.3090 (CLOUD)
DrWebTrojan.VbCrypt.250
AviraTR/Injector.inrkx
GDataWin32.Trojan-Stealer.Cordimik.9SN5TH
CynetMalicious (score: 100)
VBA32Malware-Cryptor.VB.gen.1
SentinelOneStatic AI – Suspicious PE
FortinetW32/EQWQ!tr
BitDefenderThetaGen:NN.ZevbaF.34160.Em3@aW4kWjgO
AVGWin32:RATX-gen [Trj]
AvastWin32:RATX-gen [Trj]

How to remove Win32/Injector.EQWQ?

Win32/Injector.EQWQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment