home

AQElite.exe

The executable AQElite.exe has been detected as malware by 35 anti-virus scanners. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.
Version:
1.0.0.0

MD5:
55a7aef7b548b7c121644813ec7678c4

SHA-1:
7bd331c2f084c49b7729dd8c34ce9d23460e9367

SHA-256:
ce7506720593ce114eb975a6fd3ad3567d9e0894d483dcdf1d51707d7a0373b2

Scanner detections:
35 / 68

Status:
Malware

Explanation:
The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:
4/1/2025 8:16:18 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.MSIL.Krypt.3
-39

Agnitum Outpost
TrojanSpy.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Petun
17.03.15

Avira AntiVirus
TR/Spy.Gen
7.11.143.248

avast!
MSIL:KeyLogger-BN [Trj]
2014.9-170315

AVG
ILAgent
2018.0.2439

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.17315

Bitdefender
Gen:Heur.MSIL.Krypt.3
1.0.20.370

Comodo Security
Worm.Win32.KeyLogger.AutoRun.AE
18115

Dr.Web
Trojan.Siggen3.14508
9.0.1.074

Emsisoft Anti-Malware
Gen:Heur.MSIL.Krypt
8.17.03.15.10

ESET NOD32
MSIL/Spy.Agent.BP (variant)
11.9687

Fortinet FortiGate
MSIL/KeyLogger.BA!tr
3/15/2017

F-Prot
W32/MSIL_Troj.F.gen
v6.4.7.1.166

F-Secure
Gen:Heur.MSIL.Krypt.3
11.2017-15-03_4

G Data
Gen:Heur.MSIL.Krypt
17.3.24

IKARUS anti.virus
Virus.PSW.ILSpy
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.176.11784

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1312

Malwarebytes
Trojan.Keylogger.MSIL
v2017.03.15.10

McAfee
Trojan-FCTX!55A7AEF7B548
5600.6095

Microsoft Security Essentials
PWS:MSIL/Petun.A
1.10501

MicroWorld eScan
Gen:Heur.MSIL.Krypt.3
18.0.0.222

NANO AntiVirus
Trojan.Win32.Siggen3.bgoxui
0.28.0.59288

Norman
KeyLogger.KBA
11.20170315

nProtect
Trojan/W32.Agent.43008.PK
14.04.16.01

Panda Antivirus
Generic Malware
17.03.15.10

Qihoo 360 Security
Win32/Trojan.e6d
1.0.0.1015

Quick Heal
TrojanPWS.Petun.A3
3.17.12.00

Rising Antivirus
PE:Trojan.MSIL.KeyLogger!1.647D
23.00.65.17313

Sophos
Mal/MSIL-BI
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Petun
8534

Trend Micro House Call
TROJ_SPNR.11CA13
7.2.74

Trend Micro
TROJ_SPNR.11CA13
10.465.15

VIPRE Antivirus
Trojan-PWS.MSIL.Petun.a
28308

File size:
42 KB (43,008 bytes)

Product version:
1.0.0.0

Original file name:
AQElite.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\aqelite.exe

File PE Metadata
Compilation timestamp:
1/20/2013 12:49:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xBE9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6441

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

Remove AQElite.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.