Worm:Win32/Nuqel.G (file analysis)

The Worm:Win32/Nuqel.G is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Worm:Win32/Nuqel.G virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Worm:Win32/Nuqel.G?


File Info:
name: 5A1F1D9ACC10347B1DEE.mlw
path: /opt/CAPEv2/storage/binaries/661a59a6536959eb3cb0989fb889e603c2b2b9e68bbf1762b61c4ab6c83c5be1
crc32: 4EC4F961
md5: 5a1f1d9acc10347b1dee48db027a1061
sha1: 92ad1de6e9b3a4118764dbfcdf4a468ce6049357
sha256: 661a59a6536959eb3cb0989fb889e603c2b2b9e68bbf1762b61c4ab6c83c5be1
sha512: 9bd489f73d64939c77232a4e5327e55a3da0e29895861a37416d572c6b88895b58a86b5d29fa0d0a6b4b31ec70c09cf1770f097602bd862aac6b9953a9fa8b6b
ssdeep: 12288:XePBR7iHn438Hwerea2vEEsElWTFs+mX7nqbxPOBH0cwaMc0FD:XePTiHqLecvHF1+mzqGH0nTcA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FF158D50B206E076E46E41B1556E9AFA16DCBD700B1495C3B3C83FBF257B2D27A32A07
sha3_384: cc77651a7e7646bebf887c5c857120b20b966a73cb14d5e3995bfa875143eba90c2f8442e993d5ed4d025beb9f4ab87b
ep_bytes: e80d050000e91cfdffff8b0081386373
timestamp: 2021-09-14 01:22:52

Version Info:
CompanyName: 中国铁道科学研究院 通信信号研究所
FileDescription: FZy-CTC Trace 程序
FileVersion: 2.2.75.21071
InternalName: FZy-CTC Trace
LegalCopyright: 版权所有 (C) 2017
OriginalFilename: FzyCTCTrace.EXE
ProductName: FZy-CTC Trace 应用程序
ProductVersion: 2.2.75.21071
Translation: 0x0804 0x04b0

Worm:Win32/Nuqel.G also known as:

Lionic	Trojan.Win32.KillAV.4!c
Elastic	malicious (high confidence)
DrWeb	Win32.HLLW.Autoruner.1268
MicroWorld-eScan	Worm.Generic.66037
FireEye	Generic.mg.5a1f1d9acc10347b
CAT-QuickHeal	Worm.NuqelIH.S14066683
McAfee	Artemis!5A1F1D9ACC10
Cylance	Unsafe
Zillya	Trojan.KillAV.Win32.11971
Alibaba	Worm:Win32/KillAV.e645e45c
K7GW	Trojan ( 0007d0a31 )
Cybereason	malicious.acc103
BitDefenderTheta	AI:Packer.87E4A3271D
Cyren	W32/A-d0fa9f28!Eldorado
Symantec	W32.Imaut.A
ESET-NOD32	Win32/Hakaglan.G
TrendMicro-HouseCall	WORM_SOHANAD.EJ
ClamAV	Win.Malware.Generic-9882240-0
Kaspersky	Trojan.Win32.KillAV.ayh
BitDefender	Worm.Generic.66037
NANO-Antivirus	Trojan.Script.Sohanad.mfho
Avast	Win32:Evo-gen [Susp]
Sophos	W32/SillyFDC-AE
F-Secure	Trojan.TR/Dldr.Sequan
Baidu	Win32.Worm.Sohanad.am
TrendMicro	WORM_SOHANAD.EJ
McAfee-GW-Edition	BehavesLike.Win32.Dropper.ch
Emsisoft	Worm.Generic.66037 (B)
Ikarus	Worm.Win32.Sohanad
Avira	WORM/Sohanad.AS
Gridinsoft	Ransom.Win32.Sabsik.sa
Microsoft	Worm:Win32/Nuqel.G
ZoneAlarm	Trojan.Win32.KillAV.ayh
GData	AIT:Trojan.Nymeria.2383
AhnLab-V3	Malware/Win.Generic.C4952813
VBA32	Trojan.Autoit.F
Malwarebytes	Malware.AI.1875180847
APEX	Malicious
Rising	Worm.VobfusEx!1.99DF (CLOUD)
Yandex	Trojan.KillAV!xLBKLNLJh58
MAX	malware (ai score=88)
Fortinet	W32/Hakaglan.G!worm
AVG	Win32:Evo-gen [Susp]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Worm:Win32/Nuqel.G?

Worm:Win32/Nuqel.G removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X