× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 103a9e26e8d69cbbde4e871dd6cb1b0ee863a8265746aa7d77cd1106025c2d7c
File name: qqwed.exe
Detection ratio: 7 / 54
Analysis date: 2017-01-25 11:30:09 UTC ( 2 years ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170125
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9992 20170125
Comodo Heur.Packed.Unknown 20170125
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Sophos ML generic.a 20170111
Qihoo-360 HEUR/QVM20.1.BD9D.Malware.Gen 20170125
Symantec ML.Attribute.HighConfidence 20170125
Ad-Aware 20170125
AhnLab-V3 20170125
Alibaba 20170122
ALYac 20170125
Antiy-AVL 20170125
Arcabit 20170125
Avast 20170125
AVG 20170125
Avira (no cloud) 20170125
AVware 20170125
BitDefender 20170125
CAT-QuickHeal 20170125
ClamAV 20170125
CMC 20170125
Cyren 20170125
DrWeb 20170125
Emsisoft 20170125
ESET-NOD32 20170125
F-Prot 20170125
F-Secure 20170125
Fortinet 20170125
GData 20170125
Ikarus 20170124
Jiangmin 20170125
K7AntiVirus 20170125
K7GW 20170125
Kaspersky 20170125
Kingsoft 20170125
Malwarebytes 20170125
McAfee 20170125
McAfee-GW-Edition 20170124
Microsoft 20170125
eScan 20170125
NANO-Antivirus 20170125
nProtect 20170125
Panda 20170124
Rising 20170125
Sophos AV 20170125
SUPERAntiSpyware 20170125
Tencent 20170125
TheHacker 20170125
TotalDefense 20170125
TrendMicro 20170125
Trustlook 20170125
VBA32 20170124
VIPRE 20170125
ViRobot 20170125
WhiteArmor 20170123
Yandex 20170124
Zillya 20170125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Ghbsg Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name COMUID.DLL
Internal name COMUID.DLL
File version 2001.12.10530.17415 (winblue_r4.141028-1500)
Description COM+ Explorer UI
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-25 08:52:48
Entry Point 0x0000DD70
Number of sections 13
PE sections
PE imports
RemoveClusterResourceNode
CallNamedPipeW
CreateJobObjectW
ReadConsoleInputW
LoadLibraryA
SetConsoleOutputCP
EnumTimeFormatsW
BuildCommDCBAndTimeoutsW
EnumCalendarInfoW
SetDefaultCommConfigA
GetCommandLineA
FlushInstructionCache
MoveFileW
GetComputerNameW
EnumResourceNamesW
CompareStringW
CreateDirectoryExW
GetSystemTimes
GetModuleHandleW
AddVectoredExceptionHandler
DnsHostnameToComputerNameW
SetComputerNameExA
FindFirstVolumeMountPointW
PostQueuedCompletionStatus
EnumLanguageGroupLocalesA
GetProcessVersion
GetNumberFormatW
EnumUILanguagesW
MprAdminMIBEntrySet
MprConfigInterfaceTransportAdd
VarR4FromDec
wvsprintfW
ShowWindow
FindWindowW
strcoll
iswprint
feof
qsort
_snwprintf
is_wctype
atof
PdhCollectQueryData
PdhGetCounterInfoW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2001.12.10530.17415

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
COM+ Explorer UI

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
113664

EntryPoint
0xdd70

OriginalFileName
COMUID.DLL

MIMEType
application/octet-stream

LegalCopyright
Ghbsg Corporation. All rights reserved.

FileVersion
2001.12.10530.17415 (winblue_r4.141028-1500)

TimeStamp
2017:01:25 09:52:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
COMUID.DLL

ProductVersion
6.3.9601.17415

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ghbsg Corporation

CodeSize
53248

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.9600.17415

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
PCAP parents
File identification
MD5 6233778c733daa00ce5b9b25aae0a3cb
SHA1 1bfd0ac86f1bf52a5e8814dafb4a9bc4d3628384
SHA256 103a9e26e8d69cbbde4e871dd6cb1b0ee863a8265746aa7d77cd1106025c2d7c
ssdeep
3072:yOSGW60oZithpryFsCHxD+66rTqRePydZlpo4rthwEoJfwnlu:yOfW64tPr+0P++u62tab

authentihash a43f55951a7720ec587767c2ec88c215de2dd1a624240be11fbd7abbcb9e5ee1
imphash 30bfdcbc94be82c2c3c0553cfa62aa50
File size 147.9 KB ( 151416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-25 10:30:08 UTC ( 2 years ago )
Last submission 2018-10-04 21:23:26 UTC ( 4 months, 2 weeks ago )
File names bidaraz.gif
Dridex.exe
Dridex.exe
123.exe
`12.exe
bumerangomvlob
Dridex.exe
qqwed.exe
COMUID.DLL
bumerangomvlob.png
bumerangomvlob.dat
bumerangomvlob.exe
103a9e26e8d69cbbde4e871dd6cb1b0ee863a8265746aa7d77cd1106025c2d7c.exe
6233778c733daa00ce5b9b25aae0a3cb.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!