× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 006c4a55d6a345e23246cb124f4fad46278aea7c28de45c7362ce582e1ab0a29
File name: qdg.exe
Detection ratio: 28 / 46
Analysis date: 2013-04-27 00:06:30 UTC ( 11 months, 4 weeks ago )
Antivirus Result Update
AVG Generic_r.CEH 20130427
Agnitum FraudTool.CProtection!TWzpS6HrN6g 20130426
AhnLab-V3 Trojan/Win32.CProtection 20130426
AntiVir TR/Obfuscate.ACP.125 20130426
Avast Win32:Ransom-AHO [Trj] 20130427
BitDefender Trojan.Generic.8989286 20130427
Comodo TrojWare.Win32.Trojan.Agent.Gen 20130427
ESET-NOD32 Win32/Adware.XPAntiSpyware.AE 20130426
Emsisoft VirTool.Win32.Obfuscator.AMN (A) 20130427
F-Secure Trojan.Generic.8989286 20130427
Fortinet W32/Kryptik.WEX!tr 20130427
GData Trojan.Generic.8989286 20130427
Ikarus Trojan.Win32.Loktrom 20130426
Kaspersky Trojan-FakeAV.Win32.CProtection.qpd 20130427
Malwarebytes Trojan.Zbot.RS 20130426
McAfee PWS-Zbot-FANF!68D9F9C6741C 20130427
McAfee-GW-Edition PWS-Zbot-FANF!68D9F9C6741C 20130426
MicroWorld-eScan Trojan.Generic.8989286 20130427
Microsoft Rogue:Win32/FakeRean 20130427
Norman Kryptik.BDQI 20130426
PCTools HeurEngine.MaliciousPacker 20130426
Panda Trj/Genetic.gen 20130426
Sophos Troj/FakeAV-GNK 20130426
Symantec Packed.Generic.408 20130427
TrendMicro TROJ_FAKEAV.SMCY 20130426
TrendMicro-HouseCall TROJ_GEN.RC1H1DO 20130427
VIPRE Trojan.Win32.Generic!BT 20130427
nProtect Trojan.Generic.8989286 20130426
Antiy-AVL 20130426
ByteHero 20130425
CAT-QuickHeal 20130426
ClamAV 20130427
Commtouch 20130427
DrWeb 20130427
F-Prot 20130427
Jiangmin 20130426
K7AntiVirus 20130426
K7GW 20130426
Kingsoft 20130422
NANO-Antivirus 20130426
SUPERAntiSpyware 20130427
TheHacker 20130426
TotalDefense 20130426
VBA32 20130425
ViRobot 20130426
eSafe 20130423
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-22 19:23:12
Entry Point 0x0000409F
Number of sections 9
PE sections
PE imports
lstrcatA
PathMakePrettyW
PathIsFileSpecA
UrlGetPartA
StrCmpIW
StrChrIA
StrToIntW
UrlIsOpaqueA
GetForegroundWindow
GetClassLongW
IsDlgButtonChecked
IsCharUpperW
GetMessagePos
GetCaretPos
PE exports
Number of PE resources by type
MUI 4
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:12:22 20:23:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
71680

LinkerVersion
25.17

FileAccessDate
2013:04:27 01:06:36+01:00

EntryPoint
0x409f

InitializedDataSize
168448

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2013:04:27 01:06:36+01:00

UninitializedDataSize
0

File identification
MD5 68d9f9c6741ccf4ed9f77ee0275acda9
SHA1 ca6360c12c5753b597b170884395c82a25eb185f
SHA256 006c4a55d6a345e23246cb124f4fad46278aea7c28de45c7362ce582e1ab0a29
ssdeep
6144:ExEmGCRmc4Gx9vULSgTPaHCHhGh4Mw1OH29lOTvlsJ9c:ExCXc4SMLnPqCQ4VgXZGc

File size 235.5 KB ( 241152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (38.0%)
Generic Win/DOS Executable (11.7%)
DOS Executable Generic (11.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-24 10:29:20 UTC ( 12 months ago )
Last submission 2013-04-27 00:06:30 UTC ( 11 months, 4 weeks ago )
File names security_cleaner.exe
68d9f9c6741ccf4ed9f77ee0275acda9_kaf
qdg.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!