× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0dc7cfecebf0752e6b605702600e07afdbcfcf77c5ac965dc9f87974061362ea
File name: lyQJqWGOSDN.exe
Detection ratio: 9 / 68
Analysis date: 2017-11-11 13:46:27 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171109
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171111
eGambit Unsafe.AI_Score_100% 20171111
Endgame malicious (high confidence) 20171024
Fortinet W32/GenKryptik.AVEL!tr.ransom 20171111
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM20.1.1DB1.Malware.Gen 20171111
SentinelOne (Static ML) static engine - malicious 20171019
Ad-Aware 20171111
AegisLab 20171111
AhnLab-V3 20171111
Alibaba 20170911
ALYac 20171110
Antiy-AVL 20171111
Arcabit 20171110
Avast 20171111
Avast-Mobile 20171111
AVG 20171111
Avira (no cloud) 20171111
AVware 20171111
BitDefender 20171111
Bkav 20171111
CAT-QuickHeal 20171110
ClamAV 20171111
CMC 20171109
Comodo 20171111
Cybereason 20171030
Cyren 20171111
DrWeb 20171111
Emsisoft 20171111
ESET-NOD32 20171111
F-Prot 20171111
F-Secure 20171111
GData 20171111
Ikarus 20171111
Jiangmin 20171110
K7AntiVirus 20171111
K7GW 20171111
Kaspersky 20171111
Kingsoft 20171111
Malwarebytes 20171111
MAX 20171111
McAfee 20171111
McAfee-GW-Edition 20171111
Microsoft 20171111
eScan 20171111
NANO-Antivirus 20171111
nProtect 20171111
Palo Alto Networks (Known Signatures) 20171111
Panda 20171111
Rising 20171111
Sophos AV 20171111
SUPERAntiSpyware 20171111
Symantec 20171110
Symantec Mobile Insight 20171110
Tencent 20171111
TheHacker 20171102
TotalDefense 20171111
TrendMicro 20171111
TrendMicro-HouseCall 20171111
Trustlook 20171111
VBA32 20171110
VIPRE 20171111
ViRobot 20171111
Webroot 20171111
WhiteArmor 20171104
Yandex 20171110
Zillya 20171110
ZoneAlarm by Check Point 20171111
Zoner 20171111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-11 13:40:29
Entry Point 0x0000101E
Number of sections 5
PE sections
PE imports
FindFirstFreeAce
GetCurrentHwProfileA
GetOldestEventLogRecord
AddAccessDeniedObjectAce
GetOpenFileNameW
GetDeviceCaps
CreateMetaFileA
FillRgn
EnumSystemCodePagesW
GetACP
ConvertFiberToThread
GetProfileSectionA
GlobalFindAtomW
GetShortPathNameW
GetVersion
GetCurrentThreadId
GetBinaryTypeW
GetSystemDefaultLangID
GetPrivateProfileSectionNamesW
GetEnvironmentStringsW
SwitchToThread
CopyFileExW
GetNumaNodeProcessorMask
lstrcmpW
GetPrivateProfileStringW
GetCurrentThread
MprAdminMIBEntryCreate
acmDriverAddW
DrawDibGetPalette
VariantChangeType
SHGetFileInfoA
PathFindNextComponentW
FreeContextBuffer
GetUserNameExA
IsCharAlphaW
GetUserObjectInformationW
GetMessageExtraInfo
LoadIconW
GetDlgItemTextW
IsCharLowerW
GetWindowWord
GetMenuItemID
GetPrinterDriverW
GetStandardColorSpaceProfileW
fwprintf
mbtowc
strncmp
memset
CoRegisterClassObject
IsValidURL
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:11:11 14:40:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1104966662

LinkerVersion
12.0

EntryPoint
0x101e

InitializedDataSize
12288

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 1148ce4be2bc1b08f3082ec40a744590
SHA1 ac2c36ccd3dbef32da1f4c8aaa325f5881afcb0a
SHA256 0dc7cfecebf0752e6b605702600e07afdbcfcf77c5ac965dc9f87974061362ea
ssdeep
1536:On6ZnGiqRO3Jwi5jlLSJbHLaNuOv+Ow4848c0qPauxKl:O4GimgOibS7LaN3v+ImKi

authentihash 8638bb3fc286c4dd0e6d955c96c32cd4ba3b57095d1e86a36bda90b6a5677379
imphash 14bc0551341f4da327433e39f99fa3f9
File size 225.5 KB ( 230912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-11 13:46:27 UTC ( 10 months, 2 weeks ago )
Last submission 2017-12-12 09:31:26 UTC ( 9 months, 2 weeks ago )
File names lyQJqWGOSDN.exe
1002-ac2c36ccd3dbef32da1f4c8aaa325f5881afcb0a
vp.exe
1148ce4be2bc1b08f3082ec40a744590.virobj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs