Malware

Win32/Packed.VMProtect.WQ malicious file

Malware Removal

The Win32/Packed.VMProtect.WQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.VMProtect.WQ virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/Packed.VMProtect.WQ?



File Info:

name: 1A02E5634791D95C0C8C.mlw
path: /opt/CAPEv2/storage/binaries/5b17155deb3ce3abeb469b9719fa76da105e14aa66ac9683e9670b7d53cc0b68
crc32: 921A782B
md5: 1a02e5634791d95c0c8c0b54e1b1920c
sha1: 18e4abcb80859e5ba0bf6c44a6b9ae64102fc8b1
sha256: 5b17155deb3ce3abeb469b9719fa76da105e14aa66ac9683e9670b7d53cc0b68
sha512: c0ff815daa064c84e063cc3a61d0968665de6d3bea42b67823c23e0ef69f2b6fcd91b824f524f14087f5d42caf015ef8b36c70151cb9bba72a387b84fbc1fea3
ssdeep: 196608:OXt+zeKVsXvskhKsJJyfJ5D2LO2ESHixKcroFe0g4m1Asffw:OXtDKVuvszHJ5D2KcBcsFejL15o
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T181A63323416511DFE2F2D93E6737AED431F6439B6B06783831EA9CD322266F16243993
sha3_384: afd861b08faee6c06c9afe43ec48de6a339d742506d0f95acafa20686473b701c12af4e94673b8ef97136989b62a95f5
ep_bytes: 687019c4eee8ba6ff8ff81c1151d611e
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Win32/Packed.VMProtect.WQ also known as:

LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.1a02e5634791d95c
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
K7GWTrojan ( 0056e6981 )
K7AntiVirusTrojan ( 0056e6981 )
BitDefenderThetaGen:NN.ZexaF.34182.@NW@aecq6Ec
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.VMProtect.WQ
APEXMalicious
Paloaltogeneric.ml
AvastWin32:Trojan-gen
SophosMal/VMProtBad-A
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
IkarusTrojan.Win32.VMProtect
AviraTR/Crypt.XPACK.Gen
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Tnega!ml
GDataWin32.Trojan.Agent.4TINQV
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R424135
McAfeeArtemis!1A02E5634791
MalwarebytesMalware.AI.1999271584
TrendMicro-HouseCallTROJ_GEN.R002H0CB622
RisingTrojan.NanoBot!8.80F2 (CLOUD)
YandexTrojan.VMProtect!XjUpMU30r20
SentinelOneStatic AI – Malicious PE
FortinetW32/PossibleThreat
AVGWin32:Trojan-gen
Cybereasonmalicious.b80859

How to remove Win32/Packed.VMProtect.WQ?

Win32/Packed.VMProtect.WQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment