× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 10ac209f3c67d0211b312709f9f079a27376dfa6beb758c41f1f0754ee34f987
File name: QC.exe
Detection ratio: 49 / 58
Analysis date: 2017-03-08 18:25:50 UTC ( 1 year, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.MSILPerseus.36429 20170308
AegisLab Troj.W32.Deshacop!c 20170308
AhnLab-V3 Trojan/Win32.Ransom.R183906 20170308
ALYac Gen:Variant.MSILPerseus.36429 20170308
Antiy-AVL Trojan[Ransom]/MSIL.Geograph 20170308
Arcabit Trojan.MSILPerseus.D8E4D 20170308
Avast Win32:Malware-gen 20170308
AVG MSIL10.AESW 20170308
Avira (no cloud) TR/Deshacop.ghr 20170308
AVware Trojan.Win32.Generic!BT 20170308
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9812 20170308
BitDefender Gen:Variant.MSILPerseus.36429 20170308
Bkav W32.Clodb9d.Trojan.1a13 20170308
CAT-QuickHeal Trojan.Agent 20170308
ClamAV Win.Ransomware.KozyJozy-1 20170308
Comodo UnclassifiedMalware 20170308
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Trojan.CYWD-0984 20170308
DrWeb Trojan.Encoder.4899 20170308
Emsisoft Gen:Variant.MSILPerseus.36429 (B) 20170308
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of MSIL/Filecoder.AC 20170308
F-Secure Gen:Variant.MSILPerseus.36429 20170308
Fortinet MSIL/Filecoder.AC!tr 20170308
GData Gen:Variant.MSILPerseus.36429 20170308
Ikarus Trojan-Downloader.MSIL.Agent 20170308
Jiangmin Trojan.Deshacop.ps 20170308
K7AntiVirus Trojan ( 004d443e1 ) 20170308
K7GW Trojan ( 004d443e1 ) 20170308
Kaspersky Trojan-Ransom.MSIL.Geograph.r 20170308
Malwarebytes Ransom.KozyJozy 20170308
McAfee Artemis!5EA954209907 20170308
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20170308
Microsoft Trojan:Win32/Dynamer!ac 20170308
eScan Gen:Variant.MSILPerseus.36429 20170308
NANO-Antivirus Trojan.Win32.Filecoder.edsbjs 20170308
Panda Trj/GdSda.A 20170308
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20170308
Rising Ransom.Geograph!8.5155 (cloud:TOuFxU1mrLL) 20170308
Sophos AV Mal/Generic-S 20170308
Symantec Ransom.Cryptolocker 20170308
Tencent Msil.Trojan.Geograph.Szvt 20170308
TheHacker Trojan/Filecoder.ac 20170308
VBA32 Hoax.MSIL.Geograph 20170307
VIPRE Trojan.Win32.Generic!BT 20170308
Webroot W32.Trojan.GenKD 20170308
Yandex Trojan.Deshacop! 20170306
Zillya Trojan.Filecoder.Win32.3122 20170308
ZoneAlarm by Check Point Trojan-Ransom.MSIL.Geograph.r 20170308
Alibaba 20170228
CMC 20170308
F-Prot 20170308
Sophos ML 20170203
Kingsoft 20170308
nProtect 20170308
Palo Alto Networks (Known Signatures) 20170308
SUPERAntiSpyware 20170308
Trustlook 20170308
ViRobot 20170308
WhiteArmor 20170303
Zoner 20170308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product QC
Original name QC.exe
Internal name QC.exe
File version 1.0.0.0
Description QC
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-19 09:17:58
Entry Point 0x0002029E
Number of sections 3
.NET details
Module Version ID b9e92149-ef29-4625-a85c-3bff635a5787
TypeLib ID 60aacac4-f9f7-4384-8160-728ced3c5858
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
19456

EntryPoint
0x2029e

OriginalFileName
QC.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
1.0.0.0

TimeStamp
2016:06:19 10:17:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
QC.exe

ProductVersion
1.0.0.0

FileDescription
QC

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
123904

ProductName
QC

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 5ea95420990735da4a14b07f0b0bf58a
SHA1 5c16ab46c1beb9de061b07c3b15f777e2bd8f749
SHA256 10ac209f3c67d0211b312709f9f079a27376dfa6beb758c41f1f0754ee34f987
ssdeep
3072:Xf9Ls7GQwy6ABK57ZzGE6MbsLUUZxxxxxxxxxxx7K7UX:v9o7T9k7OUKxxxxxxxxxxx7

authentihash a1d589d7c8aef2b9d2021689722c42d671039a716ca0be4c46057b4bb21a11dc
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 140.5 KB ( 143872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (72.2%)
Windows screen saver (12.9%)
Win32 Dynamic Link Library (generic) (6.4%)
Win32 Executable (generic) (4.4%)
Generic Win/DOS Executable (1.9%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-06-20 06:54:28 UTC ( 2 years, 3 months ago )
Last submission 2016-06-23 13:16:20 UTC ( 2 years, 3 months ago )
File names 10ac209f3c67d0211b312709f9f079a27376dfa6beb758c41f1f0754ee34f987.bin
QC.exe
2016-07-06_10ac209f3c67d0211b312709f9f079a27376dfa6beb758c41f1f0754ee34f987
x82.docx.exe"; filename*=UTF-8''%d0%ba%d0%b0%d1%80%d1%82%d0%be%d1%87%d0%ba%d0%b0%20%d0%9e%d0%9e%d0%9e%20%d0%a1%d0%ba%d1%80%d0%b8%d1%82.docx.exe
ranjumpware.exe
ranjumpware.exe
ranjumpware.exe
RANJUMPWARE.EXE
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0620.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!