home

anqgqg.exe

Obtain

Castle pig trick - www.Obtain.com

The executable anqgqg.exe, “Plus colony fallen outline underline badly hell” has been detected as malware by 37 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Anqgqg’.
Publisher:
Castle pig trick - www.Obtain.com

Product:
Obtain

Description:
Plus colony fallen outline underline badly hell

Version:
2.0.0.2

MD5:
06cf98dd9f24b641b87148951678a97a

SHA-1:
4868e7c9f9680cc352bccd1dc6d32f7ef4ca87d2

SHA-256:
a828641492508dd8aa310b2ec8ca871e895908c7ff38929c783e27526e6a21ca

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
4/18/2024 12:28:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2253481
666

Agnitum Outpost
Worm.Ngrbot
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2015.04.02

Avira AntiVirus
TR/Crypt.Xpack.171603
3.6.1.96

avast!
Win32:Malware-gen
150320-0

AVG
Crypt4
2016.0.3144

Baidu Antivirus
Worm.Win32.Ngrbot
4.0.3.1549

Bitdefender
Trojan.GenericKD.2253481
1.0.20.495

Bkav FE
W32.TaskmanKgomowE.Trojan
1.3.0.6379

Comodo Security
Backdoor.Win32.Androm.GLT
21556

Dr.Web
BackDoor.NewFiz.27
9.0.1.099

Emsisoft Anti-Malware
Trojan.GenericKD.2253481
8.15.04.09.08

ESET NOD32
Win32/Kryptik.DDFN (variant)
9.11385

Fortinet FortiGate
W32/Kryptik.DDFN!tr
4/9/2015

F-Prot
W32/S-0b92b060
v6.4.7.1.166

F-Secure
Trojan.GenericKD.2253481
11.2015-09-04_5

G Data
Trojan.GenericKD.2253481
15.4.25

IKARUS anti.virus
Trojan.Win32.Crypt
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.202.15462

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2283

Malwarebytes
Trojan.Agent.DED
v2015.03.27.08

McAfee
RDN/Sdbot.worm!ce
5600.6800

Microsoft Security Essentials
Worm:Win32/Dorkbot
1.1.11502.0

MicroWorld eScan
Trojan.GenericKD.2253481
16.0.0.297

NANO AntiVirus
Trojan.Win32.Foreign.dpsbcb
0.30.8.659

Norman
Kryptik.CFAG
11.20150327

nProtect
Trojan.GenericKD.2253481
15.04.02.01

Panda Antivirus
Trj/Chgt.O
15.04.09.08

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
Worm.Dorkbot.r4
4.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.4.9.16

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
9945

Trend Micro House Call
TROJ_FORUCON.BMC
7.2.99

Trend Micro
TROJ_FORUCON.BMC
10.465.09

VIPRE Antivirus
Worm.Win32.Dorkbot
38990

ViRobot
Trojan.Win32.Agent.274432.W[h]
2014.3.20.0

File size:
256 KB (262,144 bytes)

Product version:
2.0

Copyright:
Copyright (C) Obtain 2003-2013

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\identities\anqgqg.exe

File PE Metadata
Compilation timestamp:
3/27/2015 11:27:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:o6zc/M/8AOR1kU/gOHwI0/mkUxuMmilEM7:bzc/9DKI0kxbEM7

Entry address:
0x2552

Entry point:
E8, 8B, 58, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 28, 33, C0, 53, 8B, 5D, 0C, 56, 8B, 75, 10, 57, 8B, 7D, 08, 88, 45, F8, 88, 45, F9, 88, 45, FA, 88, 45, FB, 88, 45, FC, 88, 45, FD, 88, 45, FE, 88, 45, FF, 39, 05, 2C, 0B, 44, 00, 74, 0E, FF, 35, EC, 26, 44, 00, E8, F3, 52, 00, 00, 59, EB, 05, B8, 78, 7E, 40, 00, 8B, 4D, 14, BA, A6, 00, 00, 00, 3B, CA, 0F, 8F, 74, 01, 00, 00, 0F, 84, 5B, 01, 00, 00, 83, F9, 19, 0F, 8F, F8, 00, 00, 00, 0F, 84, E9, 00, 00, 00, 8B, D1, 6A, 02, 59, 2B, D1, 0F...
 
[+]

Code size:
68 KB (69,632 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Anqgqg

Command:
C:\Documents and Settings\{user}\Application data\identities\anqgqg.exe


Remove anqgqg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.