× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d002272794d91c5c2d3a8c7610b030b379307d0499fbc88310125d1bd245024
File name: pscgmwhrcyygkjjpneq.exe
Detection ratio: 20 / 47
Analysis date: 2014-01-01 21:49:46 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Yandex Trojan.Simda!Qtsn71DYnMI 20140101
AntiVir TR/Rogue.1476310 20140101
Antiy-AVL Backdoor/Win32.Simda.gen 20140101
Avast Win32:Malware-gen 20140101
Baidu-International Backdoor.Win32.Simda.Aaz 20131213
Commtouch W32/Trojan.JONQ-2543 20140101
Comodo TrojWare.Win32.Simda.~B 20140101
DrWeb Trojan.Rodricter.115 20140101
ESET-NOD32 Win32/Simda.B 20140101
F-Prot W32/Trojan3.GYU 20140101
Fortinet W32/Simda.ABWR!tr.bdr 20140101
Kaspersky Backdoor.Win32.Simda.abwr 20140101
Kingsoft Win32.Hack.Simda.ab.(kcloud) 20130829
Malwarebytes Trojan.Agent.FSA89 20140101
McAfee Artemis!9B08B7633C46 20140101
McAfee-GW-Edition Artemis!9B08B7633C46 20140101
NANO-Antivirus Trojan.Win32.Simda.cscnee 20140101
Norman Simda.TGQ 20140101
Rising PE:Malware.XPACK/RDM!5.1 20140101
TrendMicro-HouseCall TROJ_GEN.F47V1227 20140101
Ad-Aware 20140101
AhnLab-V3 20140101
AVG 20140101
BitDefender 20140101
Bkav 20140101
ByteHero 20131227
CAT-QuickHeal 20140101
ClamAV 20140101
Emsisoft 20140101
GData 20140101
Ikarus 20140101
Jiangmin 20140101
K7AntiVirus 20131231
K7GW 20131231
Microsoft 20140101
eScan 20140101
nProtect 20140101
Panda 20140101
Sophos AV 20140101
SUPERAntiSpyware 20131231
Symantec 20140101
TheHacker 20131231
TotalDefense 20131231
TrendMicro 20140101
VBA32 20140101
VIPRE 20140101
ViRobot 20140101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
excowiant © wyay 1990 - 2012

Product Undernoi
Original name yeee.exe
Internal name mismles
File version 9.5.700.6400
Description Prel
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-07-06 18:54:20
Entry Point 0x000011AA
Number of sections 5
PE sections
PE imports
cos
srand
longjmp
floor
atof
vsprintf
__mb_cur_max
fclose
remove
wcscat
atoi
_unlock
time
_strlwr
__setusermatherr
strlen
_exit
WindowFromPoint
SetCapture
DestroyMenu
FindWindowA
SetSecurityDescriptorDacl
RegQueryValueExA
CryptGenRandom
RegOpenKeyExW
AdjustTokenPrivileges
EqualSid
RegEnumKeyExA
RegQueryInfoKeyA
GetUserDefaultLangID
GetModuleFileNameW
QueryPerformanceCounter
GetTickCount
GetThreadLocale
lstrcmpiW
RtlUnwind
GetShortPathNameA
GetStartupInfoA
WritePrivateProfileStringA
GetCurrentProcessId
SetErrorMode
WaitForMultipleObjects
InterlockedCompareExchange
VirtualProtectEx
lstrcmpiA
GetFileAttributesA
lstrcpyA
GetSystemTimeAsFileTime
SetFileAttributesA
TerminateProcess
GetCurrentThreadId
CreateStreamOnHGlobal
IsEqualGUID
OleInitialize
StgCreateDocfileOnILockBytes
CoFreeUnusedLibraries
CreateBindCtx
CoGetMalloc
OleRun
PropVariantClear
CreateErrorInfo
SysStringByteLen
SysAllocStringLen
VariantClear
SafeArrayCreate
SysAllocStringByteLen
Number of PE resources by type
RT_ICON 9
RT_DIALOG 1
RT_MESSAGETABLE 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.5.700.6400

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1780736

EntryPoint
0x11aa

OriginalFileName
yeee.exe

MIMEType
application/octet-stream

LegalCopyright
excowiant wyay 1990 - 2012

FileVersion
9.5.700.6400

TimeStamp
2010:07:06 19:54:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mismles

ProductVersion
9.5.700.6400

FileDescription
Prel

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
disqiryg Es

CodeSize
7680

ProductName
Undernoi

ProductVersionNumber
9.5.700.6400

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 9b08b7633c46decb861ca76e74390404
SHA1 06b781e683c63e2856c2cb3ba6ba4024c29e869d
SHA256 1d002272794d91c5c2d3a8c7610b030b379307d0499fbc88310125d1bd245024
ssdeep
24576:qdeZCSkdtwu20j/0HWmGo470AvVWz4wqbBCdDJfiLwLPmIi4u8IHziYtHCJaIZvs:qIoOq/jmGz903689xCDHCJaEk6

authentihash 6ece9092762e7699cd5afada2af58b3623a7185300e9dec6a286c31bae00800a
imphash b868d81bb19cc0d40bdeb9cde4f95431
File size 1.7 MB ( 1790976 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID DOS Executable Generic (100.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-27 03:51:13 UTC ( 3 years, 10 months ago )
Last submission 2017-06-28 09:30:21 UTC ( 4 months, 3 weeks ago )
File names pscgmwhrcyygkjjpneq.exe
mismles
yeee.exe
?c2i9ll04d=h5XWnanRqJmK5qLLdKFqaZeXmu3h1alkY2ivl5Nqn3Ki0Fao165qmm+oamKSm6uyk9XfbWRoqorElMurqb6Ef4rhost0o1+khQ==
pscgmwhrcyygkjjpneq.exe
virus
bdr
pscgmwhrcyygkjjpneq.exe
2.exe
?c2i9ll04d=h5XWnanRqJmK5qLLdKFqaZeXmu3h1alkY2ivl5Nqn3Ki0Fao165qmm oamKSm6uyk9XfbWRoqorElMurqb6Ef4rhost0o1 khQ==
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0CIB15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests