Should I block it?
Yes, 98% block recommendation.
Possible reason:
Multiple malware detections
Relationships
 PE file structure
|
Show functions |
Import table
msvcrt.dll
DllMain
winqmvwk.exe
| MD5: | 76cc008cf55ca8c23ec44b6df425b7ca |
| SHA1: | c9b21cd938174f74801d74a458cff96b0e4b7f64 |
| SHA256: | f8c3feca61bbb2a8991245071412c0149b0e1d148bde90b2c058f0d2e4733b2f |
Warning 42 antivirus scanners has detected malware.
Overview
winqmvwk.exe is malware that executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges) typically within the context of its parent
gsvr.exe (by GIGABYTE UNITED INC). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked.
Details
| File name: | winqmvwk.exe |
| Typical file path: | C:\windows\temp\winqmvwk.exe |
| Size: | 12.67 KB (12,970 bytes) |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | Yes |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\WINDOWS\TEMP\winarfoo.exe'
- Firewall exception for 'C:\WINDOWS\TEMP\winqmvwk.exe'
Malware detections
Based on 40+ industry antivirus scanners, 42 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Agnitum |
5.5.1.3 |
Trojan.Agent!t1MhnnZMztg |
| AhnLab V3 Internet Security |
2013.03.04 |
Trojan/Win32.CSon |
| Avira AntiVir |
7.11.63.114 |
TR/Proxy.Pramro.F.3 |
| avast! |
6.0.1289.0 |
Win32:Sality-GR |
| AVG |
2014.0.3629 |
BackDoor.Generic16.ATPI |
| BitDefender |
7.2 |
Trojan.Agent.AYVR |
| CAT Quick Heal |
4.13.12.00 |
Backdoor.Mazben.iy.cw3 |
| Clam AntiVirus |
0.97.3.0 |
Win.Trojan.Pramro-3 |
| Commtouch |
5.4.1.7 |
W32/Heuristic-170!Eldorado |
| Comodo Internet Security |
15445 |
Backdoor.Win32.Agent.lec |
| Dr.Web |
8.13.4.20 |
Trojan.NtRootKit.6725 |
| Emsisoft Anti-Malware |
None |
Trojan.Win32.Agent (A) |
| ESET NOD32 |
7.8072 |
Win32/Agent.HLU |
| Fortinet |
5.0.43.0 |
W32/Mazben.IY!tr |
| F-Prot |
v6.4.6.5.141 |
W32/Heuristic-170!Eldorado |
| F-Secure |
11.0.19020.35 |
Trojan.Agent.AYVR |
| G Data |
13.4.22 |
Trojan.Agent.AYVR |
| Ikarus |
T3.1.4.0.0 |
Virus.Win32.Sality |
| Jiangmin |
16.0.100 |
Backdoor.Generic.vgh |
| K7 AntiVirus |
9.161.8284 |
Proxy-Program |
| Kaspersky |
9.0.0.837 |
Backdoor.Win32.Mazben.iy |
| Kingsoft |
2013.1.8.219 |
Win32.Hack.Undef.(kcloud) |
| Malwarebytes |
1.62.0.140 |
Trojan.Agent |
| McAfee |
5.400.1158 |
Generic.oa |
| McAfee Gateway Anti-Malware |
v2012.1-dat |
Generic.oa |
| Microsoft Security Essentials |
1.9203.0 |
TrojanProxy:Win32/Pramro.F |
| NANO AntiVirus |
0.22.8.50837 |
Trojan.Win32.Mazben.belkki |
| Norman |
7.00.22 |
Pramro.C |
| nProtect |
2013-03-03.01 |
Trojan-Downloader/W32.Small_Packed.12970.P |
| Panda Antivirus |
10.0.3.5 |
Trj/Mailbot.GH |
| PC Tools |
9.0.0.2 |
Trojan.Pramro |
| Rising Antivirus |
24.51.02.04 |
Trojan.Proxy.Win32.Promro.a |
| Sophos |
4.86.0 |
Mal/TinyDL-T |
| SUPERAntiSpyware |
5.6.0.1008 |
Trojan.Agent/Gen-FraudPack |
| Symantec |
20121.3.0.76 |
Trojan.Pramro |
| The Hacker |
None |
Posible_Worm32 |
| Total Defense |
37.0.10317 |
Win32/Maazben!generic |
| Trend Micro |
9.740.0.1012 |
TROJ_PRAMRO.JEM |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_PRAMRO.JEM |
| Vba32 AntiVirus |
3.12.20.2 |
Malware-Cryptor.Zhelatin.Net |
| VIPRE Antivirus |
15846 |
Trojan.Win32.Generic!BT |
| ViRobot |
2011.4.7.4223 |
Backdoor.Win32.A.Mazben.12970.H[UPX] |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00589979% | |
| Kernel CPU: | 0.00099831% | |
| User CPU: | 0.00490148% | |
| Kernel CPU time: | 1,563 ms/min | |
| Context switches: | 1/sec | |
| Memory |
| Private memory: | 1.45 MB | |
| Private (maximum): | 3.31 MB | |
| Private (minimum): | 3.27 MB | |
| Non-paged memory: | 1.45 MB | |
| Virtual memory: | 26.55 MB | |
| Virtual memory (peak): | 27.55 MB | |
| Working set: | 3.3 MB | |
| Working set (peak): | 3.31 MB | |
| Resource allocations |
| Threads: | 5 | |
| Handles: | 86 | |
| GUI GDI count: | 4 | |
| GUI USER count: | 1 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 32-bit |
| Command lines: |
- C:\windows\temp\winarfoo.exe
- C:\windows\temp\winqmvwk.exe
|
| Owner: | SYSTEM |
| Parent process: | gsvr.exe (by GIGABYTE UNITED INC) |
Distribution by Windows OS
| OS version | distribution |
| Microsoft Windows XP |
100.00% |
|
Distribution by country
Indonesia installs about 100.00% of winqmvwk.exe.
