× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f5be64bc9be27c4a9cab972f5a5879337cb8cfd155a84e62399ed34e8d5a1dc
File name: 6213Lq3p.exe
Detection ratio: 8 / 67
Analysis date: 2017-10-24 10:37:52 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9989 20171024
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
Cylance Unsafe 20171024
Endgame malicious (moderate confidence) 20171016
Fortinet W32/Kryptik.FYAA!tr 20171024
Sophos ML heuristic 20170914
McAfee Ransomware-GHR!7BBC46655683 20171024
Rising Malware.Heuristic!ET#92% (RDM+:cmRtazp9/TSVMuxAkbk+xJemOEDk) 20171024
Ad-Aware 20171024
AegisLab 20171024
AhnLab-V3 20171023
ALYac 20171024
Antiy-AVL 20171024
Arcabit 20171024
Avast 20171024
Avast-Mobile 20171024
AVG 20171024
Avira (no cloud) 20171024
AVware 20171024
BitDefender 20171024
Bkav 20171023
CAT-QuickHeal 20171020
ClamAV 20171024
CMC 20171023
Comodo 20171024
Cyren 20171024
DrWeb 20171024
eGambit 20171024
Emsisoft 20171024
ESET-NOD32 20171024
F-Prot 20171024
F-Secure 20171024
GData 20171024
Ikarus 20171024
Jiangmin 20171024
K7AntiVirus 20171024
K7GW 20171024
Kaspersky 20171024
Kingsoft 20171024
Malwarebytes 20171024
MAX 20171024
McAfee-GW-Edition 20171024
Microsoft 20171024
eScan 20171024
NANO-Antivirus 20171024
nProtect 20171024
Palo Alto Networks (Known Signatures) 20171024
Panda 20171023
Qihoo-360 20171024
SentinelOne (Static ML) 20171019
Sophos AV 20171024
SUPERAntiSpyware 20171024
Symantec 20171024
Symantec Mobile Insight 20171011
Tencent 20171024
TheHacker 20171024
TotalDefense 20171023
TrendMicro 20171024
TrendMicro-HouseCall 20171024
Trustlook 20171024
VBA32 20171024
VIPRE 20171024
ViRobot 20171024
Webroot 20171024
WhiteArmor 20171016
Yandex 20171023
Zillya 20171023
ZoneAlarm by Check Point 20171024
Zoner 20171024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) NVIDIA Corporation. All rights reserved.

Product NVIDIA nView Control Panel, Version 136.53
Original name keystone.exe
Internal name KEYSTONE
File version 6.14.10.13653
Description NVIDIA nView Control Panel, Version 136.53
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-30 00:00:03
Entry Point 0x00003701
Number of sections 6
PE sections
PE imports
LsaClearAuditLog
RegCloseKey
CryptExportKey
GetUserDefaultUILanguage
GetLastError
InitializeCriticalSection
EnterCriticalSection
ReleaseMutex
GetModuleFileNameW
SystemTimeToFileTime
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
DebugBreak
OutputDebugStringA
LoadLibraryA
RtlUnwind
GetFileAttributesW
DeleteCriticalSection
LoadLibraryExA
SizeofResource
LockResource
lstrlenW
LoadLibraryExW
GetStartupInfoW
GetProcAddress
InterlockedCompareExchange
QueryPerformanceFrequency
CreateThread
LoadLibraryW
GetModuleHandleA
GetExitCodeThread
GetCurrentThreadId
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
CreateMutexW
MulDiv
GetModuleHandleW
FreeResource
LocalFree
GetModuleFileNameA
CreateEventW
SetCurrentDirectoryW
LoadResource
FindResourceW
TlsGetValue
Sleep
CloseHandle
ExitProcess
GetVersion
SetLastError
LeaveCriticalSection
SHUpdateRecycleBinIcon
FreeIconList
CommandLineToArgvW
DragQueryPoint
SHCreateShellItem
RedrawWindow
GetForegroundWindow
SetWindowRgn
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
EndPaint
WindowFromPoint
GetMessageTime
DispatchMessageW
GetCursorPos
ReleaseDC
GetMenu
GetClientRect
DrawTextW
CallNextHookEx
LoadImageW
ClientToScreen
LoadAcceleratorsW
PtInRect
GetParent
ShowWindow
InsertMenuItemW
TranslateMessage
GetMenuItemRect
LoadStringW
DrawMenuBar
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
SetTimer
CreateWindowExW
GetWindowLongW
DestroyWindow
RegisterWindowMessageW
BeginPaint
DefWindowProcW
KillTimer
TrackMouseEvent
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
CreatePopupMenu
GetClassLongW
SetWindowTextW
CreateMenu
GetDlgItem
ScreenToClient
TrackPopupMenu
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
FindWindowExW
GetDC
InsertMenuW
SetForegroundWindow
WindowFromDC
SetLayeredWindowAttributes
EndDialog
FindWindowW
LoadMenuW
RemoveMenu
MessageBoxW
SendMessageW
RegisterClassExW
SetMenu
MoveWindow
DialogBoxParamW
GetSysColor
DestroyIcon
SystemParametersInfoW
CallWindowProcW
GetClassNameW
ModifyMenuW
EnableWindow
SetCursor
UnhookWindowsHookEx
TranslateAcceleratorW
mmDrvInstall
PlaySoundW
mmioClose
AddPortW
ClosePrinter
AddPrinterA
CoSuspendClassObjects
CoUninitialize
CoInitialize
OleInitialize
Number of PE resources by type
RT_STRING 61
RT_ICON 7
RT_DIALOG 2
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 73
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:03:30 01:00:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
86016

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x3701

InitializedDataSize
646144

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
13312

Compressed bundles
File identification
MD5 7bbc46655683df7a0e842c0adff987a3
SHA1 c631280d0ae50e708891fa72d73997bdf5f35bf6
SHA256 0f5be64bc9be27c4a9cab972f5a5879337cb8cfd155a84e62399ed34e8d5a1dc
ssdeep
12288:qzXV0ho7qxUQwogyqKdnX0dQu2+rdVA77t2:h6cUQwogyqonXYd25

authentihash 78587cb764bdc0fba772e7e97a9a750f9890097725417eee55994424df0af32c
imphash de4f98920803d533eb2da37a8f4f1283
File size 696.5 KB ( 713216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (61.8%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (8.9%)
Win16/32 Executable Delphi generic (4.1%)
OS/2 Executable (generic) (4.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-24 10:37:52 UTC ( 1 year, 2 months ago )
Last submission 2018-07-21 06:28:57 UTC ( 6 months ago )
File names keystone.exe
Lockyasasin.exe
K23400jw.exe
0f5be64bc9be27c4a9cab972f5a5879337cb8cfd155a84e62399ed34e8d5a1dc
KEYSTONE
Locky.exe
8HFZJ4BL.EXE
K23400jw.exe
6213Lq3p.exe
Lockyasasin.Virrey
SAMPLES XXXX (8)
7bbc46655683df7a0e842c0adff987a3.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications