Worm.Qakbot (file analysis)

The Worm.Qakbot is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm.Qakbot virus can do?

Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Worm.Qakbot?


File Info:
name: 09E07F4146BD24683BF0.mlw
path: /opt/CAPEv2/storage/binaries/205160abca94d71dbd73044600acbe8d411e3b119099527ee24c3d43e7a74061
crc32: D299B48F
md5: 09e07f4146bd24683bf079938f8666e4
sha1: 3253b9e1e5ad5e13db85c9ee3ba604710b56260a
sha256: 205160abca94d71dbd73044600acbe8d411e3b119099527ee24c3d43e7a74061
sha512: 216d4555b5737402c58dcbf01185b375d299e41b3711803bb2b82063e13bcf457f1b6431789084c57552a5fb8c1977c9559d977728d5437667bacc005245aa28
ssdeep: 3072:5cQz6R5eAuOOX7SMpNjxN4yjNEWt0kaIRY:OQz6R5TuJSMjFqW77
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14864F7E3E5A18690F0A113B7247776A6C47A3E2B1372E853AB97F84F63337D1101A745
sha3_384: 4bac634f5512da3cdae7de24dd7d34e431f641ccb83b88172fc94cde31542c2dfee1d6814e37fd0664a026e5f2090485
timestamp: 2009-12-04 13:35:59

Version Info:
CompanyName: SOFTWIN S
FileDescription: BitDefen
FileVersion: 106.42.73
InternalName: фжзрюкшэщ
LegalCopyright: 2528-6
OriginalFilename: nedwp
ProductName: люзанх
ProductVersion: 106.4
Translation: 0x0409 0x04b0

Worm.Qakbot also known as:

Bkav	W32.AIDetect.malware1
Lionic	Virus.Win32.Nimnul.lVlw
DrWeb	VBS.Dropper.5
FireEye	Generic.mg.09e07f4146bd2468
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	TrojanDropper:Win32/Generic.ed29c717
Cybereason	malicious.1e5ad5
VirIT	Trojan.Win32.Generic.BAMD
Cyren	W32/Trojan.GOK.gen!Eldorado
TrendMicro-HouseCall	Mal_Zbot-16
ClamAV	Win.Spyware.Zbot-1282
Rising	Trojan.Agent!1.B63F (CLOUD)
Comodo	Heur.Corrupt.PE@1z141z3
Baidu	Win32.Trojan.Ramnit.f
TrendMicro	Mal_Zbot-16
McAfee-GW-Edition	PWS-Zbot.gen.pq
Sophos	Mal/Generic-S
GData	Win32.Trojan.Agent.E6SOC8
Jiangmin	Trojan.Agent.qkt
Gridinsoft	Ransom.Win32.Zbot.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	PWS-Zbot.gen.pq
Malwarebytes	Worm.Qakbot
APEX	Malicious
Tencent	Virus.Win32.Ramnit.efg
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.8386276.susgen
Fortinet	W32/Mal_Zbot.16
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Worm.Qakbot?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Worm.Qakbot (file analysis)

Gridinsoft Anti-Malware

How to determine Worm.Qakbot?

File Info:

Version Info:

Worm.Qakbot also known as:

How to remove Worm.Qakbot?

About the author

Paul Valéry

Leave a Comment X

Gridinsoft Anti-Malware

How to determine Worm.Qakbot?

File Info:

Version Info:

Worm.Qakbot also known as:

How to remove Worm.Qakbot?

You may also like

About the author

Paul Valéry

Leave a Comment X