Categories: Trojan

What is “Win32/TrojanDropper.Agent.PQT”?

The Win32/TrojanDropper.Agent.PQT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/TrojanDropper.Agent.PQT virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Creates RWX memory
Dynamic (imported) function loading detected
Enumerates running processes
Expresses interest in specific running processes
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Code injection with CreateRemoteThread in a remote process
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Network activity detected but not expressed in API logs

Related domains:

wpad.local-net

crl.verisign.com

How to determine Win32/TrojanDropper.Agent.PQT?


File Info:
name: 21C53058D0DDF8CED29F.mlwpath: /opt/CAPEv2/storage/binaries/7abd1ff7db338cb37fe042e535a1883bae5c23010e2e64146700a25dc6efd820crc32: D6143AF4md5: 21c53058d0ddf8ced29ff4b5397fbaa0sha1: 2bafe2fd1a1ad6b3ba0b1919b78dc17c08fe17dcsha256: 7abd1ff7db338cb37fe042e535a1883bae5c23010e2e64146700a25dc6efd820sha512: a8616be911d512bd2cc19dfd0ef18a35f9bc68c34cac07f7e9a2f3b8d9b1b10e5273e1fd8d5cf6ea9503143aea7bc35d5779103ac0a93b04421a4449a3ec741fssdeep: 3072:pDU8w4FwmchS6VLwmmQ4a2tjhfBUJi85aD+MAyqt395xm51rsE6RjR/AHpWiUk7d:pDU8wOwmchlVLoQ6jhfyaDyXLC5pdUkxtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A55439213280C072E356173589A5D6F04A6D7D3917A5A98FFAE83E794F712D39A3320Fsha3_384: 20158db072a3b565c24bc9443fb0ee7769e3174a26daa7b09a19fafaec336278fdf96c7ad4c747898531662b3fd95637ep_bytes: e83f520000e979feffff3b0db4e14200timestamp: 2015-11-05 02:44:18
Version Info:
FileDescription: WinElevateFileVersion: 3, 0, 0, 0InternalName: WinElevateLegalCopyright: Copyright (C) 2015, all rights reserved.OriginalFilename: WinElevate.exeProductName: WinElevateProductVersion: 3, 0, 0, 0Translation: 0x0809 0x04b0

Win32/TrojanDropper.Agent.PQT also known as:

Lionic	Trojan.Win32.UACSkip.3!c
Elastic	malicious (high confidence)
McAfee	RDN/Generic Exploit
Cylance	Unsafe
K7AntiVirus	Trojan ( 00333de31 )
Alibaba	Exploit:Win32/UACSkip.0bd00390
K7GW	Trojan ( 00333de31 )
Cybereason	malicious.8d0ddf
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.PQT
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Kaspersky	UDS:Exploit.Win32.UACSkip.gen
BitDefender	Gen:Trojan.ExplorerHijack.ru1@aKbhT6mi
ViRobot	Trojan.Win32.Z.Uacskip.291568
MicroWorld-eScan	Gen:Trojan.ExplorerHijack.ru1@aKbhT6mi
Avast	FileRepMalware
Ad-Aware	Gen:Trojan.ExplorerHijack.ru1@aKbhT6mi
Sophos	Generic ML PUA (PUA)
DrWeb	Trojan.KillProc.51735
Zillya	Dropper.Agent.Win32.380836
TrendMicro	TROJ_GEN.R03BC0PKN21
McAfee-GW-Edition	RDN/Generic Exploit
FireEye	Generic.mg.21c53058d0ddf8ce
Emsisoft	Gen:Trojan.ExplorerHijack.ru1@aKbhT6mi (B)
GData	Gen:Trojan.ExplorerHijack.ru1@aKbhT6mi
Jiangmin	Exploit.UACSkip.ez
Avira	TR/Drop.Agent.shque
Antiy-AVL	Trojan/Generic.ASMalwS.1EE06E7
Gridinsoft	Ransom.Win32.Wacatac.sa
Arcabit	Trojan.ExplorerHijack.EE0AF6
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	Trojan/Win32.Scar.C156340
VBA32	BScope.Exploit.UACSkip
ALYac	Gen:Trojan.ExplorerHijack.ru1@aKbhT6mi
MAX	malware (ai score=86)
TrendMicro-HouseCall	TROJ_GEN.R03BC0PKN21
Yandex	Trojan.DR.Agent!7++eK9B8rQ4
MaxSecure	Trojan.Malware.9872425.susgen
Fortinet	W32/Generic.AC.42C532
BitDefenderTheta	Gen:NN.ZedlaF.34294.cu8@a4YRFLci
AVG	FileRepMalware
CrowdStrike	win/malicious_confidence_100% (W)