× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02e3b576d5874d695df3bd8033718a8c88dcd99379d0bbd4424a790901e1fe1b
File name: 409793
Detection ratio: 1 / 57
Analysis date: 2015-10-08 00:12:14 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Kingsoft Win32.Troj.Generic.(kcloud) 20151008
Ad-Aware 20151008
AegisLab 20151007
Yandex 20151004
AhnLab-V3 20151007
Alibaba 20150927
ALYac 20151008
Antiy-AVL 20151008
Arcabit 20151008
Avast 20151008
AVG 20151008
Avira (no cloud) 20151008
AVware 20151007
Baidu-International 20151007
BitDefender 20151008
Bkav 20151007
ByteHero 20151008
CAT-QuickHeal 20151007
ClamAV 20151007
CMC 20151005
Comodo 20151008
Cyren 20151007
DrWeb 20151008
Emsisoft 20151008
ESET-NOD32 20151007
F-Prot 20151007
F-Secure 20151007
Fortinet 20151007
GData 20151007
Ikarus 20151007
Jiangmin 20151005
K7AntiVirus 20151007
K7GW 20151007
Kaspersky 20151007
Malwarebytes 20151007
McAfee 20151007
McAfee-GW-Edition 20151007
Microsoft 20151007
eScan 20151007
NANO-Antivirus 20151007
nProtect 20151007
Panda 20151007
Qihoo-360 20151008
Rising 20151007
Sophos AV 20151007
SUPERAntiSpyware 20151007
Symantec 20151006
Tencent 20151008
TheHacker 20151006
TotalDefense 20151007
TrendMicro 20151008
TrendMicro-HouseCall 20151008
VBA32 20151007
VIPRE 20151008
ViRobot 20151007
Zillya 20151007
Zoner 20151007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, EXECryptor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-08 21:25:02
Entry Point 0x000030BE
Number of sections 5
PE sections
Overlays
MD5 dee2bc1286d94e06621d355a4fd06d7f
File type data
Offset 41472
Size 3165500
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 6
RT_ICON 4
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:02:08 22:25:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
22528

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

FileTypeExtension
exe

InitializedDataSize
119808

SubsystemVersion
4.0

EntryPoint
0x30be

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
1024

File identification
MD5 36e07c48c44d7ed7e5ee3408bed93952
SHA1 99abf867b95ed63c948d98fef5e397fcd57c20ab
SHA256 02e3b576d5874d695df3bd8033718a8c88dcd99379d0bbd4424a790901e1fe1b
ssdeep
49152:Jos6ZwamKeLrgQNeo/B6hsfOJTaLAHaoxSEoMhmwGary6U+gDOPKCPi:JyZMKaLASfyvH1MimwQ+gDOPKCK

authentihash c0bc1f3d938a9e7e27dbbbe4544276bcdd9ea83495477e703c574349c472164a
imphash 7fa974366048f9c551ef45714595665e
File size 3.1 MB ( 3206972 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.7%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (2.9%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
execryptor peexe overlay nsis

VirusTotal metadata
First submission 2009-05-27 19:52:51 UTC ( 9 years, 9 months ago )
Last submission 2016-04-13 21:14:41 UTC ( 2 years, 11 months ago )
File names qafilefix_setup.exe
02E3B576D5874D695DF3BD8033718A8C88DCD99379D0BBD4424A790901E1FE1B
dGBL2cYdF.odt
qafilefix_setup.exe
qafilefix_setup.exe
1382874902-qafilefix_setup.exe
VirusShare_36e07c48c44d7ed7e5ee3408bed93952
409793
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!