Malware

Win32/Rozena.BQN (file analysis)

Malware Removal

The Win32/Rozena.BQN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Rozena.BQN virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Rozena.BQN?



File Info:

name: C0FE670C62B9E4B19CCC.mlw
path: /opt/CAPEv2/storage/binaries/b9a0daee101fc51b5fa7ea6c1f9b1ad9e228c26dc9c5611c4bbd5faa38c90889
crc32: 43A1ED0E
md5: c0fe670c62b9e4b19cccabcda1608977
sha1: b74f0bca5e0e38b7662045eb2bb2375c2ada4fdc
sha256: b9a0daee101fc51b5fa7ea6c1f9b1ad9e228c26dc9c5611c4bbd5faa38c90889
sha512: 40bda3137507b619ba645f9a9e282d7917129fd5e7e97412efafc2ecf09871c38d3666d65a0faf906903bcc08be8f24ae53ffa9226b5ac5bd00d3060c46cbfb8
ssdeep: 49152:pjE3JekBeZmcv5Xz1lhuvL2nE0ha1mmH/2tncTv5Xz1lhuvLsv5Xz1lhuvL2nE0Q:dE3uXwXxX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A886E0318C525E71FB0C25B489DD2DF22D1E2B43A350D9D7B64CF4B2A3852D19BFA1A8
sha3_384: a247cdbd5649bc68615411c38082bcbf04cef15d337f4b18992bd10d694dc31f32aa50dca4c13cda3c40264d88790b74
ep_bytes: e856020000e97afeffff558becff7508
timestamp: 2022-10-28 17:25:26


Version Info:

CompanyName: Simon Tatham
ProductName: PuTTY suite
FileDescription: PuTTY SSH key generation utility
InternalName: PuTTYgen
OriginalFilename: PuTTYgen
FileVersion: Release 0.78 (with embedded help)
ProductVersion: Release 0.78
LegalCopyright: Copyright © 1997-2022 Simon Tatham.
Translation: 0x0809 0x04b0

Win32/Rozena.BQN also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.68189636
FireEyeGeneric.mg.c0fe670c62b9e4b1
McAfeeMalHeur-FAG!C0FE670C62B9
Cylanceunsafe
ZillyaTrojan.Patched.Win32.156209
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Swrort.8677c3a6
K7GWTrojan ( 005a0e8f1 )
K7AntiVirusTrojan ( 005a0e8f1 )
BitDefenderThetaGen:NN.ZexaF.36318.@J3@amiqADgi
CyrenW32/Patched.GK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Rozena.BQN.gen
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKD.68189636
AvastWin32:Evo-gen [Trj]
EmsisoftTrojan.GenericKD.68189636 (B)
F-SecureTrojan.TR/Rozena.jftxy
VIPRETrojan.GenericKD.68189636
TrendMicroBackdoor.Win32.SWRORT.YXDGTZ
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
Trapminemalicious.high.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.68189636
JiangminTrojan.Shelma.ntp
AviraTR/Rozena.jftxy
ArcabitTrojan.Generic.D4107DC4
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Swrort.A
GoogleDetected
VBA32BScope.Trojan.Swrort
ALYacTrojan.GenericKD.68189636
MAXmalware (ai score=86)
MalwarebytesFloxif.Virus.FileInfector.DDS
PandaTrj/Chgt.AD
TrendMicro-HouseCallBackdoor.Win32.SWRORT.YXDGTZ
RisingTrojan.Generic@AI.100 (RDML:ujueNoWgk0wz+07hYCnr8g)
IkarusTrojan.Win32.Swrort
FortinetW32/Patched.IX!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Win32/Rozena.BQN?

Win32/Rozena.BQN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment