Categories: Malware

Win32:Downloader-TQR [Trj] (file analysis)

The Win32:Downloader-TQR [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32:Downloader-TQR [Trj] virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Removes Security and Maintenance icon from Start menu, Taskbar and notifications
Authenticode signature is invalid
Attempts to disable UAC
Attempts to modify or disable Security Center warnings
Attempts to modify UAC prompt behavior
Attempts to modify user notification settings

How to determine Win32:Downloader-TQR [Trj]?


File Info:
name: 581D44F0E03E3F25476C.mlwpath: /opt/CAPEv2/storage/binaries/a75b3b37d47cbd3501752de32b25852ae3fa386d425969d7e30d4193dd8d8091crc32: 460259C2md5: 581d44f0e03e3f25476c8f764e9591b0sha1: 1809e6d7635441a0dc55fcbf93805fb2bae4523bsha256: a75b3b37d47cbd3501752de32b25852ae3fa386d425969d7e30d4193dd8d8091sha512: 2b03c6469c37a7208630335a5795d9c3e1717ab5388a233e28e3e28ab69b9674ae4cf9dce2c6639ee31220a0648abb1928f410465bde8124edc2ad0257c89cb8ssdeep: 6144:kbX1MGA2sfS0ZNEc3jeeB1jch4gLQv2Xg1Ex22sovlCztzlAt9erPWnizk6mi6xe:IBkfnNjOLoxghsK6thfLWi8Ktype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1268423FA69490097D8F88D7373E163357BB2A7D1228C5791A7C1FD86C4F02A5A80562Fsha3_384: c60af0e0c74918005fbd5a33e82d742d443c6df80ff3cee2d016a93932406401575abebd3d8abc5471a17cff6ad7cbb4ep_bytes: e8060000000a141e28320090909085c0timestamp: 2013-06-13 07:00:20
Version Info:
0: [No Data]

Win32:Downloader-TQR [Trj] also known as:

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Gen:Heur.VIZ.9
ClamAV	Win.Ransomware.Urausy-9754059-0
CAT-QuickHeal	FraudTool.Security
McAfee	Ransom-FCCI!581D44F0E03E
Cylance	Unsafe
Zillya	Trojan.Blocker.Win32.7878
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Ransomware ( 0040f4da1 )
Alibaba	VirTool:Win32/CeeInject.e720c65c
K7GW	Ransomware ( 0040f4da1 )
Cybereason	malicious.0e03e3
VirIT	Trojan.Win32.Generic.AWSG
Cyren	W32/FakeAlert.ZN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.BDKP
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Heur.VIZ.9
NANO-Antivirus	Trojan.Win32.Blocker.crrsog
SUPERAntiSpyware	Trojan.Agent/Gen-Blocker
Avast	Win32:Downloader-TQR [Trj]
Tencent	Malware.Win32.Gencirc.10c8f8d6
Ad-Aware	Gen:Heur.VIZ.9
TACHYON	Trojan/W32.Blocker.394752.D
Emsisoft	Gen:Heur.VIZ.9 (B)
Comodo	TrojWare.Win32.Winwebsec.D@51z9lk
DrWeb	Trojan.Fakealert.37412
VIPRE	Gen:Heur.VIZ.9
TrendMicro	TROJ_FAKEAV.SM02
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.fc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.581d44f0e03e3f25
Sophos	ML/PE-A + Troj/Agent-ACMK
SentinelOne	Static AI – Suspicious PE
GData	Gen:Heur.VIZ.9
Jiangmin	Trojan/Blocker.evk
Avira	HEUR/AGEN.1205261
Antiy-AVL	Trojan/Generic.ASMalwS.60F
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Arcabit	Trojan.VIZ.9
Microsoft	Rogue:Win32/Winwebsec
Google	Detected
AhnLab-V3	Trojan/Win32.Blocker.R80546
Acronis	suspicious
VBA32	BScope.Trojan.FakeAV.1713
ALYac	Gen:Heur.VIZ.9
MAX	malware (ai score=100)
Malwarebytes	Trojan.FakeAlert.ED
TrendMicro-HouseCall	TROJ_FAKEAV.SM02
Rising	Trojan.Agent!1.6A2A (CLASSIC)
Ikarus	Trojan-Ransom.Foreign
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Ransom.BD!tr
BitDefenderTheta	AI:Packer.B25C4C971E
AVG	Win32:Downloader-TQR [Trj]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_90% (W)