Trojan

Win32/TrojanDropper.Exeaqtor.A removal tips

Malware Removal

The Win32/TrojanDropper.Exeaqtor.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDropper.Exeaqtor.A virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

Related domains:

wpad.local-net
www.oracle.com

How to determine Win32/TrojanDropper.Exeaqtor.A?



File Info:

name: 3576207DE9344D757A34.mlw
path: /opt/CAPEv2/storage/binaries/c2d8d268522a24134d0a5c9ecb99fdb5efa99ee8f11ec79d8305bf0f650774aa
crc32: F31A7AA7
md5: 3576207de9344d757a34a149fb034906
sha1: b4909a43e25c07f5e58be001fd33b28b64299087
sha256: c2d8d268522a24134d0a5c9ecb99fdb5efa99ee8f11ec79d8305bf0f650774aa
sha512: efebddfda3484e2a24262349f7923c30f4fb095c252de92550809a0d94baaf5495811f2b6c63409a9ce14bbf7b318693bdd911d1c674f2bb3d7967d96fb9c95d
ssdeep: 12288:ANnuRKOGpWe81beWVd/DbLHnnmhW/CsIql9E27fsKRa:AJuRKOGpWdRjdrIWqKjE27y
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1DCE40143F68E53EEE716CAB175B257761620EF274A119E27FBD9FE2E117242CA0102C4
sha3_384: 649aa2e1b23c401db531fc6c5c025e413b1f3321087f0d5d5a51d4d7c05dd2a917060b27cd8b365aa01fa51211a5f8bb
ep_bytes: 83ec1cc7042401000000ff15c0314200
timestamp: 2018-10-24 10:47:12


Version Info:

CompanyName: QUA Research & Development
FileDescription: Obfuscated Executable File
FileVersion: 8.0.192.4
Full Version: 1.8.0_192-ea-b04
InternalName: exeaqtor
LegalCopyright: Copyright ? 2018
OriginalFilename: exeaqtor.exe
ProductName: Exeaqtor 8
ProductVersion: 8.0.192.4
Translation: 0x0000 0x04b0

Win32/TrojanDropper.Exeaqtor.A also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Ursu.4!c
MicroWorld-eScanGen:Variant.Graftor.959114
FireEyeGeneric.mg.3576207de9344d75
McAfeeRDN/Generic Dropper
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGen:Variant.Graftor.959114
K7GWTrojan ( 0053f7721 )
K7AntiVirusTrojan ( 0053f7721 )
BitDefenderThetaGen:NN.ZexaF.34294.RK0@ai9Kadji
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDropper.Exeaqtor.A
Paloaltogeneric.ml
ClamAVWin.Malware.Ursu-6742664-0
AlibabaTrojanDropper:Win32/Exeaqtor.61c7617b
Ad-AwareGen:Variant.Graftor.959114
SophosMal/Generic-S
ComodoTrojWare.Win32.TrojanDropper.Exeaqtor.A@7x3prl
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0PH621
McAfee-GW-EditionRDN/Generic Dropper
EmsisoftGen:Variant.Graftor.959114 (B)
IkarusTrojan.Inject
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1123618
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.28C3D99
ArcabitTrojan.Graftor.DEA28A
SUPERAntiSpywareBackdoor.Bot/Variant
GDataGen:Variant.Graftor.959114
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.C2777779
VBA32BScope.Trojan.Tiggre
ALYacGen:Variant.Graftor.959114
MalwarebytesBackdoor.Bot
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0PH621
TencentWin32.Trojan.Ursu.Ljkg
YandexTrojan.GenAsa!5yEBXzUUS1A
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Exeaqtor.A!tr
AVGWin32:DropperX-gen [Drp]
AvastWin32:DropperX-gen [Drp]

How to remove Win32/TrojanDropper.Exeaqtor.A?

Win32/TrojanDropper.Exeaqtor.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment