× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19aa339bf8a530bf91b566ca365c66351fc9b850d68834ce661796ea3cea4745
File name: xiroukiqa.exe
Detection ratio: 5 / 57
Analysis date: 2015-06-22 12:39:41 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.ED11 20150622
Kaspersky UDS:DangerousObject.Multi.Generic 20150622
McAfee-GW-Edition BehavesLike.Win32.Almanahe.gh 20150622
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150618
Tencent Trojan.Win32.YY.Gen.5 20150622
Ad-Aware 20150622
AegisLab 20150622
Yandex 20150621
AhnLab-V3 20150621
Alibaba 20150621
ALYac 20150622
Antiy-AVL 20150622
Arcabit 20150622
Avast 20150622
AVG 20150622
Avira (no cloud) 20150622
AVware 20150622
Baidu-International 20150622
BitDefender 20150622
ByteHero 20150622
CAT-QuickHeal 20150622
ClamAV 20150622
CMC 20150622
Comodo 20150622
Cyren 20150622
DrWeb 20150622
Emsisoft 20150622
ESET-NOD32 20150622
F-Prot 20150622
F-Secure 20150622
Fortinet 20150622
GData 20150622
Ikarus 20150622
Jiangmin 20150620
K7AntiVirus 20150622
K7GW 20150622
Kingsoft 20150622
Malwarebytes 20150622
McAfee 20150622
Microsoft 20150622
eScan 20150622
NANO-Antivirus 20150622
nProtect 20150619
Panda 20150622
Qihoo-360 20150622
Sophos AV 20150622
SUPERAntiSpyware 20150621
Symantec 20150622
TheHacker 20150622
TotalDefense 20150622
TrendMicro 20150622
TrendMicro-HouseCall 20150622
VBA32 20150620
VIPRE 20150622
ViRobot 20150622
Zillya 20150621
Zoner 20150622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Linear mathematical analysis©. All rights reserved.

Publisher Enigma GmbH
Product Linear mathematical analysis
File version 2.14
Description Mathematical Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-18 10:05:43
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
GetTokenInformation
CryptReleaseContext
OpenProcessToken
CryptAcquireContextA
DeregisterEventSource
CryptGenRandom
RegisterEventSourceA
IsWellKnownSid
ReportEventA
GetDeviceCaps
GetObjectA
GetCurrentObject
LineTo
SetMapMode
DeleteDC
CreateFontIndirectW
GetTextExtentPoint32W
MoveToEx
CreatePen
GetStockObject
StretchBlt
GetTextMetricsA
SelectObject
BitBlt
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
SetEvent
GetDriveTypeA
FindFirstFileW
HeapAlloc
GetVolumePathNameA
GetFileAttributesW
GetExitCodeProcess
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
SetFilePointer
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
QueryDosDeviceA
InterlockedExchange
WriteFile
MoveFileA
WaitForSingleObject
GetSystemTimeAsFileTime
GetThreadTimes
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
QueryDosDeviceW
SetLastError
GetSystemTime
DeviceIoControl
FindNextVolumeA
GetModuleFileNameW
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
FindNextVolumeW
RaiseException
EnumSystemLocalesA
GetVolumeInformationW
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
GetVolumeNameForVolumeMountPointA
InterlockedExchangeAdd
CreateThread
VirtualLock
DeleteCriticalSection
SetUnhandledExceptionFilter
ExitThread
SetHandleInformation
SetEnvironmentVariableA
GlobalMemoryStatus
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
SetHandleCount
FindVolumeClose
FreeLibrary
QueryPerformanceCounter
GetTickCount
SetVolumeMountPointA
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetACP
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
CompareStringW
GetFileSizeEx
GetFileInformationByHandle
FindNextFileW
GetEnvironmentStringsA
ResetEvent
GetProcessWorkingSetSize
FindNextFileA
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
FindFirstVolumeA
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
DefineDosDeviceA
FindFirstVolumeW
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
HeapReAlloc
GetProcessTimes
SetProcessShutdownParameters
GetEnvironmentStringsW
lstrlenW
GetShortPathNameA
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
OpenMutexA
QueryPerformanceFrequency
TlsFree
GetModuleHandleA
VirtualUnlock
ReadFile
FindFirstFileA
GetSystemDirectoryA
GetVolumeInformationA
DeleteVolumeMountPointA
GetModuleHandleW
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
TerminateProcess
GetFileAttributesExA
FindResourceA
VirtualAlloc
CompareStringA
SetupRenameErrorA
SetupUninstallOEMInfA
SHGetFileInfoA
SHBrowseForFolderW
DragAcceptFiles
Shell_NotifyIconW
SHGetFolderPathA
SHGetSpecialFolderPathA
SHChangeNotify
DragQueryFileA
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetMalloc
CommandLineToArgvW
DragFinish
CreateDesktopA
OpenInputDesktop
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Linear mathematical analysis . 2010

UninitializedDataSize
0

LinkerVersion
1.72

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
2.14.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
9216

EntryPoint
0x1000

MIMEType
application/octet-stream

LegalCopyright
Linear mathematical analysis . All rights reserved.

FileVersion
2.14

TimeStamp
2015:06:18 11:05:43+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
1.0.0.0

FileDescription
Mathematical Software

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Enigma GmbH

CodeSize
459776

ProductName
Linear mathematical analysis

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 6b2858d4452d97992ab78fd228c3970d
SHA1 cf3f094d1b4694859ea9a72989393174b0a92331
SHA256 19aa339bf8a530bf91b566ca365c66351fc9b850d68834ce661796ea3cea4745
ssdeep
6144:O7vszTiI08Wjv3PAnlcwUWhwDLqoQHKVTpEjhm2kdqODTHXPonXP9vow:ymWI0n3NwLhwHqo9cjagODTHXPo1Qw

authentihash db0bfb680a3135e9421e424f2f60bb8a2d9bd5fae2c0e13d7003b0094bb4703f
imphash 4ad9693d073681a6d3f065607d2ce44c
File size 459.0 KB ( 470016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.7%)
Win16/32 Executable Delphi generic (5.4%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-22 11:14:52 UTC ( 2 years, 5 months ago )
Last submission 2015-08-06 07:14:51 UTC ( 2 years, 3 months ago )
File names xiroukiqa.exe.2392.dr
xiroukiqa.exe
xiroukiqa.exe.2316.dr
6b2858d4452d97992ab78fd228c3970d
xiroukiqa.exe.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs