Malware

Win32/Packed.QSetup.AG suspicious removal instruction

Malware Removal

The Win32/Packed.QSetup.AG suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.QSetup.AG suspicious virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Hebrew
  • The binary contains an unknown PE section name indicative of packing
  • Uses Windows utilities to enumerate running processes
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Packed.QSetup.AG suspicious?



File Info:

name: B06C58A43622CAAC78D2.mlw
path: /opt/CAPEv2/storage/binaries/0a4cc5f3cf75fd8226d4772e92183c3908230053aef6f3b2e14017e776d6d477
crc32: 150F608A
md5: b06c58a43622caac78d244e528e510b9
sha1: 326fc696be62651bfc35192c0434affeadbb7160
sha256: 0a4cc5f3cf75fd8226d4772e92183c3908230053aef6f3b2e14017e776d6d477
sha512: c70c23dfea579338cfc7b6df8d31cba7336d2d6cf389c859bc980794b08ce99a848c0491b134f2b937108b518700562492994c3b358f3fb14c179ed672db827f
ssdeep: 24576:uWmAFubSKdt9McpygCf/ZGXReUNhEnu+CJM4XbGDBcWwtGgSjICw8UleAejo:+2KdRpybnUXEUN2nu+hGGmLGlSFoo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A7852376F5C0D53BC1710A788D96E3E5A57DBF252E28684F71E42F0D4F3A092226D28B
sha3_384: b0887e3de5d2ab6ead96e7cac3779c590224e2a0cf660e41bf139559f7cc3bfe82166083f7404ee04cac2f2e77164902
ep_bytes: 558bec83c4f0b848574200e8e8fffdff
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: Cuba Computation Harvest Moldova Logging Social 
CompanyName: Dropped Throughout Boxing  Qqo.
FileDescription: Vendor Privileges Programmers Pixel Utils 
FileVersion: 4.0.5.3
InternalName: 
LegalCopyright: Copyright (C) Trade Sense Microphone  Vcp.
LegalTrademarks: Approve Covered Knee 
ProductName: Landscapes Giving Paul Volleyball Harbor Cup 
ProductVersion: 4.0.5.3
Translation: 0x0409 0x04e4

Win32/Packed.QSetup.AG suspicious also known as:

BkavW32.Common.9A979D30
LionicTrojan.Win32.QSetup.4!c
MicroWorld-eScanTrojan.GenericKD.66255790
SkyhighArtemis!Trojan
McAfeeArtemis!B06C58A43622
MalwarebytesGeneric.Malware.AI.DDS
SangforTrojan.Win32.Packed.Viqw
K7AntiVirusTrojan ( 0059fd4c1 )
AlibabaPacked:Win32/QSetup.c436f592
K7GWTrojan ( 0059fd4c1 )
ArcabitTrojan.Generic.D3F2FBAE
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Packed.QSetup.AG suspicious
CynetMalicious (score: 99)
APEXMalicious
ClamAVWin.Dropper.QuasarRAT-9996026-0
BitDefenderTrojan.GenericKD.66255790
AvastWin32:Trojan-gen
TencentWin32.Trojan.FalseSign.Zchl
EmsisoftTrojan.GenericKD.66255790 (B)
F-SecureHeuristic.HEUR/AGEN.1336681
VIPRETrojan.GenericKD.66255790
SophosMal/Generic-S
IkarusPUA.QSetup
JiangminBackdoor.Agent.mfl
VaristW32/ABRisk.IOWU-1793
AviraHEUR/AGEN.1336681
MicrosoftProgram:Win32/Wacapew.C!ml
GDataTrojan.GenericKD.66255790
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R548834
MAXmalware (ai score=85)
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H09K423
RisingTrojan.Generic@AI.100 (RDML:ZQi87o6yduHca2cWf9lDxg)
YandexTrojan.QSetup!t6Wi0jX+Dg4
MaxSecureTrojan.Malware.196310904.susgen
FortinetPossibleThreat.MU
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Win32/Packed.QSetup.AG suspicious?

Win32/Packed.QSetup.AG suspicious removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment