× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d9d11bc34ac7a4f3a247c8b7562a2b535993e4f829d78b9155baba8f5e54bb3
File name: YUMI-2.0.2.6.exe
Detection ratio: 0 / 65
Analysis date: 2018-11-06 14:44:56 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20181106
AegisLab 20181106
AhnLab-V3 20181106
Alibaba 20180921
Antiy-AVL 20181106
Arcabit 20181106
Avast 20181106
Avast-Mobile 20181106
AVG 20181106
Avira (no cloud) 20181106
Babable 20180918
Baidu 20181106
BitDefender 20181106
Bkav 20181106
CAT-QuickHeal 20181105
ClamAV 20181106
CMC 20181106
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181106
Cyren 20181106
DrWeb 20181106
eGambit 20181106
Emsisoft 20181106
Endgame 20180730
ESET-NOD32 20181106
F-Prot 20181106
Fortinet 20181106
GData 20181106
Sophos ML 20180717
Jiangmin 20181106
K7AntiVirus 20181106
K7GW 20181106
Kaspersky 20181106
Kingsoft 20181106
Malwarebytes 20181106
MAX 20181106
McAfee 20181106
McAfee-GW-Edition 20181106
Microsoft 20181106
eScan 20181106
NANO-Antivirus 20181106
Palo Alto Networks (Known Signatures) 20181106
Panda 20181106
Qihoo-360 20181106
Rising 20181106
SentinelOne (Static ML) 20181011
Sophos AV 20181106
SUPERAntiSpyware 20181031
Symantec 20181106
Symantec Mobile Insight 20181105
TACHYON 20181106
Tencent 20181106
TheHacker 20181104
TotalDefense 20181106
TrendMicro 20181106
TrendMicro-HouseCall 20181106
Trustlook 20181106
VBA32 20181106
VIPRE 20181106
ViRobot 20181106
Webroot 20181106
Yandex 20181102
Zillya 20181105
ZoneAlarm by Check Point 20181106
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©2016 Lance Pendrivelinux.com

File version 2.0.2.6
Description YUMI
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-11 07:11:55
Entry Point 0x000030DE
Number of sections 5
PE sections
Overlays
MD5 dd92d5eedededfc7c19e27c1a0a16955
File type data
Offset 151040
Size 1240520
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
LoadLibraryA
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
SetFileAttributesA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 7
RT_DIALOG 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
1024

LinkerVersion
6.0

ImageVersion
6.0

FileVersionNumber
2.0.2.6

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
YUMI

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
120320

EntryPoint
0x30de

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.2.6

License
GPL Version 2

TimeStamp
2015:12:11 08:11:55+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2016 Lance Pendrivelinux.com

MachineType
Intel 386 or later, and compatibles

CompanyName
pendrivelinux.com

CodeSize
23552

FileSubtype
0

ProductVersionNumber
2.0.2.6

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 a13e5874107a54d68b0412c030106de0
SHA1 08e3302d716d3728c621ac2afbab5aafb3b83b37
SHA256 0d9d11bc34ac7a4f3a247c8b7562a2b535993e4f829d78b9155baba8f5e54bb3
ssdeep
24576:OEicVlWHFWZrNIL4qCw+34+wFVvEt7tT6vnCj8aWhUE5KU6nVyViuqVKBGvlM5EM:OEicVluFWZN9No+wVMt7tT6KjLr4KU8s

authentihash a96073951c044bfedc621d809ae64a30fd5ecc03c5b861ce9f5000c4021a2ecd
imphash 5e27740d9754d3decf77cb65d4f31c5f
File size 1.3 MB ( 1391560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2016-07-07 18:24:04 UTC ( 2 years, 8 months ago )
Last submission 2018-11-06 14:44:56 UTC ( 4 months, 2 weeks ago )
File names YUMI-2.0.2.6 (1).exe
YUMI-2.0.2.6.exe
YUMI_2.0.2.6.exe
YUMI v2.0.2.6.exe
yumi-2.0.2.6 (1).exe
YUMI-2.0.2.6.exe
YUMI-2.0.2.6.exe
unconfirmed 286689.crdownload
unconfirmed 560605.crdownload
YUMI-2.0.2.6-By_Viejos.exe
YUMI-2.0.2.6___z_pendrivelinux_com.exe
YUMI-2.0.2.6ascasca.exe
YUMI-2.0.2.6(1).exe
YUMI-2.0.2.6_untested.exe
YUMI-2.EXE
yumi-2.0.2.6.exe
YUMI.exe
08e3302d716d3728c621ac2afbab5aafb3b83b37
YUMI-2.0.2.6.exe
YUMI-2.0.2.6.exe
yumi.exe
output.102656278.txt
unconfirmed 604150.crdownload
YUMI-2.0.2.6.exe
YUMI-2.0.2.6.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
UDP communications