× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0fe6495bd5c4c80e0de45ab2c4eab9a37181e74cdfac7d8a3bbb8b4909899035
File name: Taqmex.exe
Detection ratio: 8 / 56
Analysis date: 2017-01-19 03:06:16 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Dropper.paess 20170118
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20170118
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
DrWeb Trojan.PWS.Papras.2166 20170119
ESET-NOD32 Win32/PSW.Papras.EJ 20170119
Sophos ML trojan.win32.skeeyah.a!rfn 20170111
Kaspersky Backdoor.Win32.Vawtrak.kg 20170119
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170119
Ad-Aware 20170119
AegisLab 20170119
AhnLab-V3 20170118
Alibaba 20170119
ALYac 20170119
Antiy-AVL 20170119
Arcabit 20170119
Avast 20170119
AVG 20170119
AVware 20170119
BitDefender 20170119
CAT-QuickHeal 20170118
ClamAV 20170118
CMC 20170118
Comodo 20170118
Cyren 20170119
Emsisoft 20170119
F-Prot 20170119
F-Secure 20170119
Fortinet 20170119
GData 20170119
Ikarus 20170118
Jiangmin 20170119
K7AntiVirus 20170118
K7GW 20170119
Kingsoft 20170119
Malwarebytes 20170118
McAfee 20170119
McAfee-GW-Edition 20170118
Microsoft 20170119
eScan 20170119
NANO-Antivirus 20170119
nProtect 20170119
Panda 20170118
Rising 20170119
Sophos AV 20170119
SUPERAntiSpyware 20170119
Symantec 20170118
Tencent 20170119
TheHacker 20170117
TotalDefense 20170118
TrendMicro 20170119
TrendMicro-HouseCall 20170119
Trustlook 20170119
VBA32 20170118
VIPRE 20170119
ViRobot 20170119
WhiteArmor 20170117
Yandex 20170118
Zillya 20170117
Zoner 20170118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©. All rights reserved. Glorylogic

Product Approximatelthere Exif
Original name Approximatelthere Exif.exe
Description Bgcolor Fdhp Prevalent Obsolete Modality
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-18 14:44:57
Entry Point 0x0000DDA2
Number of sections 4
PE sections
PE imports
GetTokenInformation
CloseServiceHandle
RegCloseKey
OpenProcessToken
CreateServiceA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
OpenSCManagerA
InitCommonControlsEx
GetSaveFileNameA
CommDlgExtendedError
GetEnhMetaFileA
DeleteEnhMetaFile
SetMapMode
TextOutA
CreateFontIndirectA
GetTextMetricsA
PlayMetaFile
GetObjectA
DeleteDC
SetBkMode
SetMetaFileBitsEx
EndDoc
StartPage
GetDeviceCaps
SetAbortProc
GetStockObject
SetTextAlign
CreateCompatibleDC
EndPage
AbortDoc
GetEnhMetaFilePixelFormat
SetPolyFillMode
GetWinMetaFileBits
SelectObject
CopyMetaFileA
DeleteObject
DeleteMetaFile
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InterlockedDecrement
FormatMessageA
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetProcAddress
GetProcessHeap
CompareStringW
lstrcpyA
CompareStringA
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
CreateIoCompletionPort
GetCurrentDirectoryA
HeapSize
GetCommandLineA
OpenMutexA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
NetShareGetInfo
CreateErrorInfo
SysAllocString
glVertex3f
glFlush
glShadeModel
glEnable
glClearColor
glLightfv
glClear
glEnd
glVertex2i
glBegin
glVertex2d
glColor3f
CallNtPowerInformation
EnumDesktopsA
EndPaint
UpdateWindow
BeginPaint
PostQuitMessage
DefWindowProcA
FindWindowA
SetWindowPos
GetSystemMetrics
SetScrollRange
GetWindowRect
EnableWindow
GetSysColor
GetDC
SystemParametersInfoA
SetWindowTextA
LoadStringA
GetWindowPlacement
SendMessageA
SetForegroundWindow
GetClientRect
CreateDialogParamA
SetScrollPos
GetWindowLongA
CreateWindowExA
GetDesktopWindow
wsprintfA
SetScrollInfo
ReleaseDC
ScrollWindow
GetUpdateRect
DestroyWindow
WSAStartup
bind
WSASocketA
htons
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoInternetParseUrl
Number of PE resources by type
RT_ICON 6
RCDATA 5
BIN 3
Struct(240) 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.9.6.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
221696

EntryPoint
0xdda2

OriginalFileName
Approximatelthere Exif.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2017:01:18 15:44:57+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.9.6.4

FileDescription
Bgcolor Fdhp Prevalent Obsolete Modality

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright . All rights reserved. Glorylogic

MachineType
Intel 386 or later, and compatibles

CompanyName
Glorylogic

CodeSize
133632

ProductName
Approximatelthere Exif

ProductVersionNumber
5.9.6.4

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b7e172b37c559bc8b1d660ce89838857
SHA1 61e0124092c854b549623bef140ac770bfa509e3
SHA256 0fe6495bd5c4c80e0de45ab2c4eab9a37181e74cdfac7d8a3bbb8b4909899035
ssdeep
6144:a855pFTFYZ46qeqs62NcVzMJZ47Gv70+yZT2zq/3ODAUG:a855JYe5eqs62N35AnqI3ODAUG

authentihash 43c9192c5b0be1c85cbbd6653af102244f755ccb072e8b0d24c12b22c999f20f
imphash 118c19d07951125166199d0457bf8f88
File size 348.0 KB ( 356352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-18 15:41:02 UTC ( 2 years, 3 months ago )
Last submission 2017-05-10 15:26:40 UTC ( 1 year, 11 months ago )
File names Taqmex.exe
DamJagh.exe
B7E172B37C559BC8B1D660CE89838857.bin
Approximatelthere Exif.exe
LawTugx.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
UDP communications