Trojan

Win32/TrojanDropper.Agent.QLW information

Malware Removal

The Win32/TrojanDropper.Agent.QLW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDropper.Agent.QLW virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/TrojanDropper.Agent.QLW?



File Info:

name: D1EB43504A9774EFFCE3.mlw
path: /opt/CAPEv2/storage/binaries/d5feefe7ee73ac4658dbda464e862d120f8916a80e569c900d97d353980df5a2
crc32: 12A73BE8
md5: d1eb43504a9774effce38f540d7ed1ff
sha1: b4e8c20d73fe2aa3cc2a4e612e0a68fce71110d2
sha256: d5feefe7ee73ac4658dbda464e862d120f8916a80e569c900d97d353980df5a2
sha512: 8992cc19f5fc59e25e014b6a7326e1cfb370a9222fa3069a61988089e920bf6ea42fba69fde7321c79e7c2ea5a3723e6609073d27cc4a70f1ea5732cdd43c2dd
ssdeep: 6144:DiYLmrsYCwJSeTBTaPRYsoEsnTmvWzcUWIjBOz1yvSakjDOZ3NpOSJ:DhLmrsYCwQeTlaas0KO1TozUvSakjiR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A0A49D11AE8DC179C81D1438C89A47AC1628BD107BA48BE3B71A3F5FEE327D19E3415E
sha3_384: 7391d66ee4ff4de56b2c92263e76bc30823b22732b127ab8efc0818231adc603c18b20b20182cf4549dfdced02007d05
ep_bytes: e8cd520000e978feffffcccc8b4c2404
timestamp: 2012-10-17 11:46:17


Version Info:

FileDescription: Microsoft 基础类应用程序
FileVersion: 2.2.14.117
InternalName: WinApp.exe
LegalCopyright: 版权所有 (C) 2010
OriginalFilename: WinApp.exe
ProductName: WinApp 应用程序
ProductVersion: 2.2.14.117
Translation: 0x0804 0x04b0

Win32/TrojanDropper.Agent.QLW also known as:

LionicTrojan.Win32.Zegost.m!c
DrWebBackDoor.Zegost.782
MicroWorld-eScanTrojan.GenericKD.38153838
FireEyeGeneric.mg.d1eb43504a9774ef
McAfeeRDN/Generic Dropper
CylanceUnsafe
SangforTrojan.Win32.Agent.QLW
K7AntiVirusTrojan ( 0055e3df1 )
K7GWTrojan ( 0055e3df1 )
Cybereasonmalicious.d73fe2
BitDefenderThetaGen:NN.ZexaF.34084.Cu0@aSGhfakj
ESET-NOD32a variant of Win32/TrojanDropper.Agent.QLW
TrendMicro-HouseCallTROJ_GEN.R002C0PL121
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Zegost.mtsxp
BitDefenderTrojan.GenericKD.38153838
NANO-AntivirusTrojan.Win32.Zegost.dfaoqp
AvastWin32:Malware-gen
TencentWin32.Backdoor.Zegost.Wsad
Ad-AwareTrojan.GenericKD.38153838
SophosTroj/Mdrop-FTI
ComodoMalware@#19eauu5kiy2d3
ZillyaDropper.Agent.Win32.178248
TrendMicroTROJ_GEN.R002C0PL121
McAfee-GW-EditionBehavesLike.Win32.Generic.gh
EmsisoftTrojan.GenericKD.38153838 (B)
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.38153838
JiangminTrojan.PSW.Bjlog.cv
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1134002
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.FF280E
KingsoftWin32.Heur.KVM007.a.(kcloud)
ArcabitTrojan.Generic.D2462E6E
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Dropper.C4799068
VBA32BScope.Trojan.Ymacco
ALYacTrojan.GenericKD.38153838
APEXMalicious
RisingMalware.FakeDOC/ICON!1.9C3B (CLASSIC)
YandexTrojan.DR.Agent!jDS6tbyBlCw
IkarusTrojan-Dropper.Win32.Agent
MaxSecureTrojan.Malware.131261248.susgen
FortinetW32/Dropper!tr
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/TrojanDropper.Agent.QLW?

Win32/TrojanDropper.Agent.QLW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment