× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 16c5fa60941cb337b5c5adbb808a7659e7f411da334d63c5bbe9506e81678a7d
File name: YoepHGds.exe
Detection ratio: 9 / 66
Analysis date: 2017-12-29 10:08:24 UTC ( 1 year ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20171227
Cylance Unsafe 20171229
Endgame malicious (high confidence) 20171130
Sophos ML heuristic 20170914
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dh 20171229
Palo Alto Networks (Known Signatures) generic.ml 20171229
Qihoo-360 HEUR/QVM10.1.2AC5.Malware.Gen 20171229
Rising Malware.Obscure/Heur!1.A89E (CLASSIC) 20171229
Webroot W32.Trojan.Gen 20171229
Ad-Aware 20171225
AegisLab 20171229
AhnLab-V3 20171229
Alibaba 20171229
ALYac 20171229
Antiy-AVL 20171229
Arcabit 20171229
Avast 20171229
Avast-Mobile 20171229
AVG 20171229
Avira (no cloud) 20171229
AVware 20171229
BitDefender 20171229
Bkav 20171229
CAT-QuickHeal 20171228
ClamAV 20171229
CMC 20171229
Comodo 20171228
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cyren 20171229
DrWeb 20171229
eGambit 20171229
Emsisoft 20171229
ESET-NOD32 20171229
F-Prot 20171229
F-Secure 20171229
Fortinet 20171229
GData 20171229
Ikarus 20171229
Jiangmin 20171229
K7AntiVirus 20171229
K7GW 20171229
Kaspersky 20171229
Kingsoft 20171229
Malwarebytes 20171229
MAX 20171229
McAfee 20171229
Microsoft 20171229
eScan 20171229
NANO-Antivirus 20171229
nProtect 20171229
Panda 20171228
SentinelOne (Static ML) 20171224
Sophos AV 20171229
SUPERAntiSpyware 20171229
Symantec 20171228
Symantec Mobile Insight 20171228
Tencent 20171229
TheHacker 20171229
TrendMicro-HouseCall 20171229
Trustlook 20171229
VBA32 20171228
VIPRE 20171229
ViRobot 20171229
WhiteArmor 20171226
Yandex 20171225
Zillya 20171228
ZoneAlarm by Check Point 20171229
Zoner 20171229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

File version 1.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-29 07:38:09
Entry Point 0x0000BAB0
Number of sections 5
PE sections
PE imports
CloseHandle
FreeEnvironmentStringsW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
GetStartupInfoA
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
LeaveCriticalSection
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
AddAtomA
SetHandleCount
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
AddAtomW
GetLocaleInfoW
SetStdHandle
LCMapStringW
SetFilePointer
RaiseException
InitializeCriticalSection
GetCPInfo
GetStringTypeA
GetModuleHandleA
GetExitCodeThread
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
ReadFile
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
TlsFree
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
IsValidCodePage
HeapCreate
GlobalAlloc
VirtualFree
InterlockedDecrement
Sleep
SetLastError
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
WriteConsoleW
InterlockedIncrement
DragQueryFileW
UpdateWindow
LoadBitmapW
PrivateExtractIconsW
GetRawInputDeviceList
LoadMenuW
PeekMessageW
GetRegisteredRawInputDevices
DispatchMessageA
GetNextDlgGroupItem
LookupIconIdFromDirectoryEx
LoadCursorFromFileW
LoadKeyboardLayoutA
GetDlgCtrlID
GetRawInputDeviceInfoW
TranslateMessage
LoadStringW
RegisterRawInputDevices
LoadCursorA
LoadImageW
LoadIconA
TranslateAcceleratorA
GetDialogBaseUnits
LoadIconW
LoadAcceleratorsW
LoadMenuIndirectW
OpenClipboard
Number of PE resources by type
RT_ICON 2
JHG 1
JEKEHAZOZEDECEYO 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
RT_VERSION 1
HE 1
Number of PE resources by language
NEUTRAL 6
ENGLISH UK 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
880640

EntryPoint
0xbab0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2017:12:29 08:38:09+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017

MachineType
Intel 386 or later, and compatibles

CodeSize
133120

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 329b0cbb6325d5dc9dabe098a17f8963
SHA1 85de745bfb944067b543c206475c616aab8339d4
SHA256 16c5fa60941cb337b5c5adbb808a7659e7f411da334d63c5bbe9506e81678a7d
ssdeep
3072:AdkRUW9cC2fg+ESEJGOnTCtm4MwVy3XxxR5HJTA45HZsCrYl7NatcDeY6:AdKtog+EP0OnTCbRVExdtffqatw

authentihash 843847604dd3eb5f6262b071e39511a3c332223215f25fab19e8b341ab2342f8
imphash e789bd95d177ed3c50c53e35d3ba7deb
File size 230.0 KB ( 235520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-29 09:57:17 UTC ( 1 year ago )
Last submission 2018-05-25 18:03:37 UTC ( 7 months, 4 weeks ago )
File names YoepHGds.exe
YoepHGds
YoepHGds.exe
<SAMPLE.EXE>
1024-85de745bfb944067b543c206475c616aab8339d4
<SAMPLE.EXE>
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Created processes
Code injections in the following processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications