Malware

Win32:AutoRun-CQP [Wrm] malicious file

Malware Removal

The Win32:AutoRun-CQP [Wrm] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:AutoRun-CQP [Wrm] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32:AutoRun-CQP [Wrm]?



File Info:

name: 4004173D1FF14C03518F.mlw
path: /opt/CAPEv2/storage/binaries/c3c8868fa8f2e71778e2eaf7cdd821e02fdca0504505d0d30eed0beca0c65933
crc32: 4503A776
md5: 4004173d1ff14c03518ffe2e5bcc383a
sha1: e8d7a86a6975125e9b63d48b794a1271af76042a
sha256: c3c8868fa8f2e71778e2eaf7cdd821e02fdca0504505d0d30eed0beca0c65933
sha512: 466b49def9826a26371eb0a1e87b610467deec7cff662c15463ef6f11b6e8162c41230c4229b5bf6906cfc8808c343d81ba5250b3b5f6985651c89ca9844c2de
ssdeep: 3072:Yd+Jqj2r0yqjdQGn5V8XyusBAFMih89dQwLhBc/xr:Vi9jdQGn/qyrAFjynLc/5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E914B539A241E73EE425C7F92C9A83A0406DAD3611D5A41BFBC25B1A35F09F7D3607A3
sha3_384: b8f34a65de0394c4248615062efe61e71fb27bdddcdce07f544a1a9ece114247eb7b33f7905b2de4d281c231a116b4eb
ep_bytes: 68504a4000e8f0ffffff000040000000
timestamp: 2012-02-13 22:02:39


Version Info:

Translation: 0x0409 0x04b0
ProductName: ZlFJyXH
FileVersion: 1.00
ProductVersion: 1.00
InternalName: vYocbMrz
OriginalFilename: vYocbMrz.exe

Win32:AutoRun-CQP [Wrm] also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
DrWebTrojan.VbCrypt.81
MicroWorld-eScanGen:Variant.Application.Symmi.11352
FireEyeGeneric.mg.4004173d1ff14c03
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.dm
McAfeeVBObfus.eu
Cylanceunsafe
ZillyaWorm.Vobfus.Win32.1516843
SangforSuspicious.Win32.Save.vb
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaMalware:Win32/km_2ff7.None
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BitDefenderThetaGen:NN.ZevbaF.36802.mm0@aC7Uieli
VirITTrojan.Win32.SHeur4.QHB
SymantecW32.Changeup
Elasticmalicious (high confidence)
ESET-NOD32Win32/AutoRun.VB.ASG
APEXMalicious
TrendMicro-HouseCallWORM_VOBFUS.SMAB
AvastWin32:AutoRun-CQP [Wrm]
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.dfle
BitDefenderGen:Variant.Application.Symmi.11352
NANO-AntivirusTrojan.Win32.Jorik.cmtiui
TencentWorm.Win32.Vobfus.kaa
EmsisoftGen:Variant.Application.Symmi.11352 (B)
F-SecureTrojan.TR/Jorik.ejmj
BaiduWin32.Trojan.Jorik.e
VIPREGen:Variant.Application.Symmi.11352
TrendMicroWORM_VOBFUS.SMAB
Trapminemalicious.high.ml.score
SophosMal/VBCheMan-B
IkarusWorm.Vobfus
GoogleDetected
AviraTR/Jorik.ejmj
VaristW32/Vobfus.AI.gen!Eldorado
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.996
MicrosoftWorm:Win32/Vobfus!pz
XcitiumTrojWare.Win32.VB.AVA@4paxk7
ArcabitTrojan.Application.Symmi.D2C58
ViRobotWorm.Win32.A.WBNA.208896.L
ZoneAlarmWorm.Win32.Vobfus.dfle
GDataGen:Variant.Application.Symmi.11352
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.WBNA.R20724
Acronissuspicious
ALYacGen:Variant.Application.Symmi.11352
TACHYONWorm/W32.Vobfus.208896.C
VBA32BScope.Trojan.VB.Diple.01583
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
RisingWorm.VobfusEx!1.99DB (CLASSIC)
YandexTrojan.GenAsa!uxqnusyVOGs
MAXmalware (ai score=72)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBObfus.CM!tr
AVGWin32:AutoRun-CQP [Wrm]
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Vobfus.4c944093

How to remove Win32:AutoRun-CQP [Wrm]?

Win32:AutoRun-CQP [Wrm] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment