What is Trojan-PSW.Win32.Agent.tnqs infection?
In this short article you will locate about the interpretation of Trojan-PSW.Win32.Agent.tnqs and also its negative influence on your computer. Such ransomware are a form of malware that is elaborated by on the internet scams to demand paying the ransom by a victim.
Most of the instances, Trojan-PSW.Win32.Agent.tnqs virus will instruct its victims to start funds transfer for the objective of counteracting the modifications that the Trojan infection has actually presented to the sufferer’s tool.
Trojan-PSW.Win32.Agent.tnqs Summary
These modifications can be as follows:
- Executable code extraction;
- Injection (inter-process);
- Injection (Process Hollowing);
- Possible date expiration check, exits too soon after checking local time;
- Creates RWX memory;
- A process attempted to delay the analysis task.;
- Attempts to connect to a dead IP:Port (23 unique times);
- At least one IP Address, Domain, or File Name was found in a crypto call;
- A named pipe was used for inter-process communication;
- Starts servers listening on 0.0.0.0:0;
- Expresses interest in specific running processes;
- Reads data out of its own binary image;
- A process created a hidden window;
- Drops a binary and executes it;
- HTTP traffic contains suspicious features which may be indicative of malware related traffic;
- Performs some HTTP requests;
- Looks up the external IP address;
- Executed a very long command line or script command which may be indicative of chained commands or obfuscation;
- A scripting utility was executed;
- Uses Windows utilities for basic functionality;
- Detects Sandboxie through the presence of a library;
- Detects Avast Antivirus through the presence of a library;
- Executed a process and injected code into it, probably while unpacking;
- Checks for the presence of known windows from debuggers and forensic tools;
- Attempts to execute a binary from a dead or sinkholed URL;
- Steals private information from local Internet browsers;
- Network activity contains more than one unique useragent.;
- Installs itself for autorun at Windows startup;
- Exhibits possible ransomware file modification behavior;
- Creates a hidden or system file;
- Checks the version of Bios, possibly for anti-virtualization;
- Detects VirtualBox through the presence of a registry key;
- Detects VMware through the presence of a registry key;
- Attempts to modify proxy settings;
- Attempts to disable Windows Defender;
- Attempts to create or modify system certificates;
- Collects information to fingerprint the system;
- Anomalous binary characteristics;
- Uses suspicious command line tools or Windows utilities;
- Ciphering the papers found on the target’s hard drive — so the sufferer can no longer make use of the information;
- Preventing routine accessibility to the target’s workstation;
Related domains:
| z.whorecord.xyz | Ransom_HPGANDCRAB.SMONT2 |
| a.tomx.xyz | Ransom_HPGANDCRAB.SMONT2 |
| a.goatgame.co | Ransom_HPGANDCRAB.SMONT2 |
| sornx.xyz | Ransom_HPGANDCRAB.SMONT2 |
| cdn.discordapp.com | Ransom_HPGANDCRAB.SMONT2 |
| ocsp.digicert.com | Ransom_HPGANDCRAB.SMONT2 |
| the-flash-man.com | Ransom_HPGANDCRAB.SMONT2 |
| ipinfo.io | Ransom_HPGANDCRAB.SMONT2 |
| privacytoolz123foryou.xyz | Ransom_HPGANDCRAB.SMONT2 |
| i.spesgrt.com | Ransom_HPGANDCRAB.SMONT2 |
| aa.goatgamea.com | Ransom_HPGANDCRAB.SMONT2 |
| 553835e4-8579-4eef-9487-08e116066fe4.s3.amazonaws.com | Ransom_HPGANDCRAB.SMONT2 |
| bewidog.cz | Ransom_HPGANDCRAB.SMONT2 |
| apps.identrust.com | Ransom_HPGANDCRAB.SMONT2 |
| telegram.org | Ransom_HPGANDCRAB.SMONT2 |
| twitter.com | Ransom_HPGANDCRAB.SMONT2 |
| yandex.ru | Ransom_HPGANDCRAB.SMONT2 |
| telete.in | Ransom_HPGANDCRAB.SMONT2 |
| crl.identrust.com | Ransom_HPGANDCRAB.SMONT2 |
| eduarroma.tumblr.com | Ransom_HPGANDCRAB.SMONT2 |
| cleaner-partners.biz | Ransom_HPGANDCRAB.SMONT2 |
| ocsp.comodoca.com | Ransom_HPGANDCRAB.SMONT2 |
| ocsp.usertrust.com | Ransom_HPGANDCRAB.SMONT2 |
| ocsp.sectigo.com | Ransom_HPGANDCRAB.SMONT2 |
| iplis.ru | Ransom_HPGANDCRAB.SMONT2 |
| iplogger.org | Ransom_HPGANDCRAB.SMONT2 |
| kipriauka.tumblr.com | Ransom_HPGANDCRAB.SMONT2 |
| connectini.net | Ransom_HPGANDCRAB.SMONT2 |
| g.symcd.com | Ransom_HPGANDCRAB.SMONT2 |
| ss.symcd.com | Ransom_HPGANDCRAB.SMONT2 |
| nybhfe02.top | Ransom_HPGANDCRAB.SMONT2 |
| proxycheck.io | Ransom_HPGANDCRAB.SMONT2 |
| hypercustom.top | Ransom_HPGANDCRAB.SMONT2 |
Trojan-PSW.Win32.Agent.tnqs
The most regular networks through which Trojan-PSW.Win32.Agent.tnqs Ransomware are injected are:
- By means of phishing e-mails;
- As an effect of user winding up on a source that organizes a malicious software program;
As quickly as the Trojan is effectively infused, it will either cipher the information on the victim’s PC or prevent the gadget from working in a proper fashion – while also putting a ransom money note that states the need for the victims to impact the settlement for the function of decrypting the files or bring back the data system back to the first problem. In a lot of circumstances, the ransom note will certainly come up when the client restarts the PC after the system has currently been harmed.
Trojan-PSW.Win32.Agent.tnqs circulation channels.
In various edges of the globe, Trojan-PSW.Win32.Agent.tnqs expands by leaps and also bounds. However, the ransom money notes and also tricks of obtaining the ransom money amount might differ relying on certain local (regional) setups. The ransom money notes and also techniques of obtaining the ransom quantity might vary depending on specific neighborhood (local) settings.
For instance:
Faulty notifies about unlicensed software application.
In specific areas, the Trojans frequently wrongfully report having actually spotted some unlicensed applications made it possible for on the target’s gadget. The sharp after that requires the individual to pay the ransom.
Faulty statements regarding illegal web content.
In countries where software application piracy is less popular, this approach is not as efficient for the cyber fraudulences. Additionally, the Trojan-PSW.Win32.Agent.tnqs popup alert may incorrectly assert to be deriving from a law enforcement establishment and will report having situated child porn or other illegal data on the gadget.
Trojan-PSW.Win32.Agent.tnqs popup alert may wrongly assert to be acquiring from a legislation enforcement institution and will report having located child porn or other illegal data on the device. The alert will in a similar way contain a need for the customer to pay the ransom money.
Technical details
File Info:
crc32: 8B4258B9md5: 6845d02328fb5e5e5944acd141d2b088name: 6845D02328FB5E5E5944ACD141D2B088.mlwsha1: 5d04f7bbd56dd67612d79a6fbcfddb1888cd1c8esha256: 45c04168fe1e27939f2e08c178279d8c1aca5eba4ed8f6a717eb70b966cc5617sha512: 4e81fd2117635ecefb2943953e805cbe2416c98b75c40d421dd7f13e3f014d7941bea24820b9359cd5c1fcb18043c8ca688e5bd171ee029b651157d39d02eb4bssdeep: 49152:9gBjHAC8QDo0NcMpwz+Qern2gMA9q9GABB3rI+vylIeRt9ipgJ:yhHA2caIzdernXJq9FJeRypgJtype: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archiveVersion Info:
0: [No Data]
Trojan-PSW.Win32.Agent.tnqs also known as:
| GridinSoft | Trojan.Ransom.Gen |
| Bkav | W32.AIDetect.malware2 |
| Lionic | Trojan.Win32.Agent.i!c |
| Elastic | malicious (high confidence) |
| DrWeb | Trojan.Siggen14.58048 |
| Cynet | Malicious (score: 100) |
| CAT-QuickHeal | Trojan.Win32 |
| ALYac | Dropped:Trojan.GenericKD.46876098 |
| Cylance | Unsafe |
| Sangfor | Infostealer.Win32.Agent.tnqs |
| Alibaba | TrojanDownloader:Win32/Miner.4aaa924c |
| Cybereason | malicious.bd56dd |
| Cyren | W32/MSIL_Kryptik.EHH.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | multiple detections |
| APEX | Malicious |
| Avast | Win64:Trojan-gen |
| ClamAV | Win.Dropper.Pswtool-9857535-0 |
| Kaspersky | Trojan-PSW.Win32.Agent.tnqs |
| BitDefender | Dropped:Trojan.GenericKD.46876098 |
| NANO-Antivirus | Trojan.Win64.Download.izkmfm |
| MicroWorld-eScan | Dropped:Trojan.GenericKD.46876098 |
| Sophos | Mal/Generic-S |
| BitDefenderTheta | Gen:NN.ZemsilF.34110.am0@aq6M1jm |
| TrendMicro | Ransom_HPGANDCRAB.SMONT2 |
| McAfee-GW-Edition | BehavesLike.Win32.BadFile.vc |
| FireEye | Generic.mg.6845d02328fb5e5e |
| Emsisoft | Dropped:Trojan.GenericKD.46876098 (B) |
| SentinelOne | Static AI – Malicious PE |
| Webroot | W32.Trojan.Gen |
| Avira | HEUR/AGEN.1144141 |
| eGambit | Unsafe.AI_Score_99% |
| Antiy-AVL | Trojan/Generic.ASMalwS.3454962 |
| Kingsoft | Win32.Troj.Generic_a.a.(kcloud) |
| Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
| Gridinsoft | Trojan.Win32.Dropper.ko!s5 |
| GData | Dropped:Trojan.GenericKD.46876098 |
| AhnLab-V3 | Ransomware/Win.Hpgandcrab.C4612753 |
| McAfee | Artemis!6845D02328FB |
| MAX | malware (ai score=84) |
| VBA32 | TScope.Trojan.MSIL |
| Malwarebytes | Trojan.Downloader |
| Panda | Trj/CI.A |
| TrendMicro-HouseCall | Ransom_HPGANDCRAB.SMONT2 |
| Rising | Dropper.Agent/NSIS!1.D805 (CLASSIC:gjVFJO3a0/MRKpk5+DudGg) |
| Ikarus | Trojan-Downloader.Win64.Agent |
| Fortinet | W64/Agent.LI!tr.dldr |
| AVG | Win64:Trojan-gen |
| Paloalto | generic.ml |
How to remove Trojan-PSW.Win32.Agent.tnqs virus?
Unwanted application has ofter come with other viruses and spyware. This threats can steal account credentials, or crypt your documents for ransom.
Reasons why I would recommend GridinSoft1
Run the setup file.
Press “Install” button.
Once installed, Anti-Malware will automatically run.
Wait for the Anti-Malware scan to complete.
Click on “Clean Now”.
Are Your Protected?
If the guide doesn’t help you to remove Trojan-PSW.Win32.Agent.tnqs you can always ask me in the comments for getting help.
Leave a Comment