Seeing the Win32/Agent.UNQ malware detection usually means that your computer is in big danger. This malware can correctly be identified as ransomware – sort of malware which ciphers your files and forces you to pay for their decryption. Removing it requires some unusual steps that must be done as soon as possible.
Win32/Agent.UNQ detection is a virus detection you can spectate in your computer. It usually appears after the preliminary actions on your PC – opening the untrustworthy email messages, clicking the advertisement in the Web or mounting the program from suspicious resources. From the second it shows up, you have a short time to take action before it begins its harmful action. And be sure – it is better not to wait for these harmful effects.
What is Win32/Agent.UNQ virus?
Win32/Agent.UNQ Summary
Summarizingly, Win32/Agent.UNQ ransomware activities in the infected computer are next:
- Behavioural detection: Executable code extraction – unpacking;
- Sample contains Overlay data;
- Reads data out of its own binary image;
- CAPE extracted potentially suspicious content;
- Drops a binary and executes it;
- Unconventionial language used in binary resources: Russian;
- Authenticode signature is invalid;
- Collects information to fingerprint the system;
- Yara rule detections observed from a process memory dump/dropped files/CAPE;
- Ciphering the documents kept on the victim’s drive — so the victim cannot open these documents;
- Blocking the launching of .exe files of anti-malware apps
- Blocking the launching of installation files of anti-malware apps
Ransomware has been a major problem for the last 4 years. It is hard to realize a more dangerous malware for both individual users and organizations. The algorithms used in Win32/Agent.UNQ (typically, RHA-1028 or AES-256) are not hackable – with minor exclusions. To hack it with a brute force, you need more time than our galaxy currently exists, and possibly will exist. But that malware does not do all these horrible things without delay – it may require up to several hours to cipher all of your documents. Hence, seeing the Win32/Agent.UNQ detection is a clear signal that you must begin the clearing process.
Where did I get the Win32/Agent.UNQ?
Standard methods of Win32/Agent.UNQ spreading are usual for all other ransomware variants. Those are one-day landing websites where users are offered to download and install the free app, so-called bait e-mails and hacktools. Bait emails are a quite new strategy in malware spreading – you receive the email that simulates some routine notifications about shipments or bank service conditions shifts. Within the e-mail, there is a malicious MS Office file, or a web link which opens the exploit landing page.
Malicious email message. This one tricks you to open the phishing website.
Preventing it looks pretty easy, but still requires a lot of recognition. Malware can hide in various spots, and it is better to stop it even before it goes into your PC than to depend on an anti-malware program. Common cybersecurity awareness is just an important item in the modern-day world, even if your interaction with a computer remains on YouTube videos. That can save you a lot of money and time which you would spend while looking for a fixing guide.
Win32/Agent.UNQ malware technical details
File Info:
name: 81E036257178A0272A24.mlwpath: /opt/CAPEv2/storage/binaries/ca918450cce82b3f6cd67f97fceab550aa46cd02873c21ee7d4a728d257df9aacrc32: 51028CF7md5: 81e036257178a0272a244fa310d92a7fsha1: 99e46faa853a637db8e17c8f80049fc5bdc1e5ddsha256: ca918450cce82b3f6cd67f97fceab550aa46cd02873c21ee7d4a728d257df9aasha512: 2eb0ccfbe4bee224c38c16bc456697871e501ace41ab93c6906748cbf7a1ea4e8393fad5d44892bf3247f395c939dabfeb874faa511f6b32296dc84144dfc471ssdeep: 3072:+zDJHh2QdP8cIltNnTbNf1TTU0cl4UdbI3Cdic1h6qFs3DXwUSxgMX:gNwmoNnTd1vqTI3H6h60wDAK6type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T148149C327501CA9DFD2B4DB25D9F808893541F23064F01BBB477A4A59AE56B33EA73C2sha3_384: a24c4a01cfe74aa767547ea891d1383199bca3629601ae1cb18c2cbbc3191ef3aa736aa6094e1e2a72162373acac58bfep_bytes: 558bec5155c745fc16000000c745fc16timestamp: 2013-03-28 16:14:20Version Info:
0: [No Data]
Win32/Agent.UNQ also known as:
| Bkav | W32.AIDetectMalware |
| tehtris | Generic.Malware |
| MicroWorld-eScan | Trojan.Ransom.Cerber.1 |
| ClamAV | Win.Trojan.Redirect-6055402-0 |
| FireEye | Generic.mg.81e036257178a027 |
| CAT-QuickHeal | Trojan.Mauvaise.SL1 |
| McAfee | PWS-Zbot-FATG!81E036257178 |
| Cylance | unsafe |
| Zillya | Trojan.ShipUp.Win32.5043 |
| Sangfor | Trojan.Win32.Save.a |
| K7AntiVirus | Trojan ( 0042f5741 ) |
| K7GW | Trojan ( 0042f5741 ) |
| Cybereason | malicious.57178a |
| Baidu | Win32.Trojan.Agent.eq |
| Cyren | W32/Kryptik.JTX.gen!Eldorado |
| Symantec | Packed.Generic.459 |
| Elastic | malicious (high confidence) |
| ESET-NOD32 | Win32/Agent.UNQ |
| APEX | Malicious |
| Cynet | Malicious (score: 100) |
| Kaspersky | Trojan.Win32.ShipUp.bpm |
| BitDefender | Trojan.Ransom.Cerber.1 |
| NANO-Antivirus | Trojan.Win32.ShipUp.brneld |
| Avast | Win32:Gepys-E [Trj] |
| Tencent | Trojan.Win32.Shipup.za |
| Ad-Aware | Trojan.Ransom.Cerber.1 |
| Emsisoft | Trojan.Ransom.Cerber.1 (B) |
| F-Secure | Trojan.TR/Patched.Ren.Gen |
| DrWeb | Trojan.Redirect.140 |
| VIPRE | Trojan.Ransom.Cerber.1 |
| TrendMicro | TROJ_KRYPTK.SMAD |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.dh |
| Trapmine | malicious.high.ml.score |
| Sophos | Mal/ZAccess-CG |
| SentinelOne | Static AI – Malicious PE |
| GData | Win32.Trojan.PSE.1M6AOOR |
| Jiangmin | Trojan/ShipUp.iz |
| Avira | TR/Patched.Ren.Gen |
| MAX | malware (ai score=84) |
| Antiy-AVL | Trojan/Win32.ShipUp |
| Xcitium | TrojWare.Win32.Kryptik.AYQE@4wlbfl |
| Arcabit | Trojan.Ransom.Cerber.1 |
| Microsoft | Trojan:Win32/Zbot.RB!MTB |
| Detected | |
| AhnLab-V3 | Trojan/Win.ShipUp.R575800 |
| BitDefenderTheta | Gen:NN.ZexaF.36196.miX@aq55uZlc |
| ALYac | Trojan.Ransom.Cerber.1 |
| VBA32 | BScope.Trojan.ShipUp |
| Malwarebytes | Trojan.ShipUp |
| Panda | Trj/Hexas.HEU |
| TrendMicro-HouseCall | TROJ_KRYPTK.SMAD |
| Rising | Trojan.Kryptik!1.AB8B (CLASSIC) |
| Ikarus | Trojan.Win32.ShipUp |
| MaxSecure | Trojan.Malware.300983.susgen |
| Fortinet | W32/Kryptik.AXRD!tr |
| AVG | Win32:Gepys-E [Trj] |
| DeepInstinct | MALICIOUS |
| CrowdStrike | win/malicious_confidence_100% (D) |
Leave a Comment