How to remove fqwdq.com
fqwdq.com
The module fqwdq.com has been detected as Hijack.Explorer
File Details
| MD5: | 36fd5e09c417c767a952b4609d73a54b |
| Size: | 40 KB |
| First Published: | 2017-07-11 07:05:01 (8 years ago) |
| Latest Published: | 2024-10-22 23:00:53 (9 months ago) |
| Status: | Hijack.Explorer (on last analysis) | |
| Analysis Date: | 2024-10-22 23:00:53 (9 months ago) |
Common Places:
| %sysdrive%\windows |
| %windir% |
| %profile% |
| %sysdrive%\$recycle.bin\s-1-5-21-1543148478-3070291033-727663389-1000\$r5e9n1m\admin\defaultbox\drive\c |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
File Names:
| svchost.com |
| fqwdq.com |
| qwdqsq.com |
| fqdfw.com |
| cwadwa.com |
| trzC1BB.tmp |
| svchost.com.quarantined |
| svchost(39).com |
Geography:
| United States | 22.0% | |
| Russia | 10.1% | |
| Iran | 8.4% | |
| Ukraine | 7.2% | |
| Netherlands | 6.1% | |
| Italy | 5.8% | |
| Kazakhstan | 3.2% | |
| Turkey | 2.6% | |
| Vietnam | 2.3% | |
| Germany | 2.3% | |
| Brazil | 2.3% | |
| Moldova | 2.0% | |
| India | 2.0% | |
| Hong Kong | 2.0% | |
| Taiwan | 1.7% | |
| Poland | 1.4% | |
| China | 1.4% | |
| Switzerland | 1.2% | |
| Malaysia | 1.2% | |
| Argentina | 1.2% | |
| Croatia | 1.2% | |
| Thailand | 0.9% | |
| Mexico | 0.9% | |
| Hungary | 0.9% | |
| Canada | 0.6% | |
| Egypt | 0.6% | |
| South Korea | 0.6% | |
| Peru | 0.6% | |
| Czech Republic | 0.6% | |
| Australia | 0.6% | |
| Spain | 0.6% | |
| France | 0.6% | |
| Oman | 0.6% | |
| Finland | 0.6% | |
| Algeria | 0.6% | |
| Kuwait | 0.6% | |
| United Kingdom | 0.6% | |
| Seychelles | 0.6% | |
| Philippines | 0.3% | |
| Dominican Republic | 0.3% | |
| Chile | 0.3% | |
| Georgia | 0.3% | |
| Indonesia | 0.3% |
OS Version:
| Windows 7 | 55.4% | |
| Windows 10 | 36.5% | |
| Windows Server 2008 R2 | 2.6% | |
| Windows Server 2012 R2 | 2.6% | |
| Windows 8.1 | 1.4% | |
| Windows XP | 0.9% | |
| Windows Server 2016 | 0.6% |
Analysis
| Subsystem: | Windows GUI |
| PE Type: | pe |
| OS Bitness: | 32 |
| Image Base: | 0x00400000 |
| Entry Address: | 0x000080e4 |
PE Sections:
| Name | Size of data | MD5 |
| CODE | 29696 | ca3464d4f08c9010e7ffa2fe3e890344 |
| DATA | 1024 | 7ffc3168a7f3103634abdf3a768ed128 |
| BSS | 0 | 00000000000000000000000000000000 |
| .idata | 2560 | 6e7a45521bfca94f1e506361f70e7261 |
| .tls | 0 | 00000000000000000000000000000000 |
| .rdata | 512 | 7e6c0f4f4435abc870eb550d5072bad6 |
| .reloc | 1536 | 16968c66d220638496d6b095f21de777 |
| .rsrc | 5120 | 0bda792e1a4385a8c5dce49ce9bdec9e |
More information:
Download GridinSoft
Anti-Malware - Removal tool for fqwdq.com
