× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1fb62a162dec74fbfc2111659eaa64cc4c1d4b1076575cab570071d248ec560d
File name: uhukitaj.exe
Detection ratio: 37 / 57
Analysis date: 2016-03-11 09:24:05 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3078789 20160311
AegisLab Troj.W32.Waldek!c 20160311
AhnLab-V3 Malware/Win32.Generic 20160311
ALYac Trojan.GenericKD.3078789 20160311
Arcabit Trojan.Generic.D2EFA85 20160311
Avast Win32:Malware-gen 20160311
AVG Generic37.APOV 20160311
Avira (no cloud) TR/Crypt.ZPACK.231874 20160311
AVware Trojan.Win32.Generic!BT 20160311
BitDefender Trojan.GenericKD.3078789 20160311
CAT-QuickHeal Ransom.Teerac.r4 20160311
DrWeb Trojan.PWS.Siggen1.47976 20160311
Emsisoft Trojan.GenericKD.3078789 (B) 20160311
ESET-NOD32 Win32/Filecoder.DI 20160311
F-Secure Trojan.GenericKD.3078789 20160311
Fortinet W32/Waldek.DI!tr 20160311
GData Trojan.GenericKD.3078789 20160311
Ikarus Trojan.Win32.Filecoder 20160311
Jiangmin Trojan.Waldek.aqy 20160311
K7AntiVirus Trojan ( 004aa0281 ) 20160311
K7GW Trojan ( 004aa0281 ) 20160310
Kaspersky Trojan.Win32.Waldek.erg 20160311
Malwarebytes Backdoor.Bot 20160311
McAfee Generic.xy 20160311
McAfee-GW-Edition Generic.xy 20160311
Microsoft Ransom:Win32/Teerac 20160311
eScan Trojan.GenericKD.3078789 20160311
NANO-Antivirus Trojan.Win32.Waldek.eavsqm 20160311
nProtect Trojan.GenericKD.3078789 20160310
Panda Trj/CI.A 20160310
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160311
Sophos AV Mal/Ransom-EF 20160311
Symantec Trojan.Cryptolocker.H 20160310
Tencent Win32.Trojan.Crypt.Pfjl 20160311
TrendMicro TROJ_GEN.R028C0CC516 20160311
VIPRE Trojan.Win32.Generic!BT 20160311
ViRobot Trojan.Win32.Z.Filecoder.197687[h] 20160311
Yandex 20160310
Alibaba 20160311
Antiy-AVL 20160311
Baidu 20160310
Baidu-International 20160311
Bkav 20160310
ByteHero 20160311
ClamAV 20160311
CMC 20160307
Comodo 20160311
Cyren 20160311
F-Prot 20160311
Rising 20160311
SUPERAntiSpyware 20160311
TheHacker 20160310
TotalDefense 20160311
TrendMicro-HouseCall 20160311
VBA32 20160310
Zillya 20160310
Zoner 20160311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-15 23:21:22
Entry Point 0x000190C6
Number of sections 4
PE sections
Overlays
MD5 b9e45f7e5350fe6236a4c0b4fdff622d
File type data
Offset 196608
Size 1079
Entropy 5.95
PE imports
DuplicateTokenEx
ImpersonateSelf
DuplicateToken
PolyPolyline
GetCharABCWidthsW
SetMapMode
GetWindowOrgEx
PlayEnhMetaFileRecord
ResizePalette
GetEnhMetaFileBits
GetTextMetricsA
CombineRgn
GetROP2
GetObjectType
GetTextExtentPointA
CopyEnhMetaFileW
SetPixel
SetWorldTransform
DeleteObject
IntersectClipRect
CopyEnhMetaFileA
OffsetWindowOrgEx
CreateEllipticRgn
EqualRgn
GetPolyFillMode
GetDIBits
ExtCreateRegion
SetPixelFormat
SetTextAlign
StretchBlt
GetTextFaceA
SwapBuffers
ScaleViewportExtEx
AbortDoc
SetWindowExtEx
Arc
GetKerningPairsA
ExtCreatePen
GetFontData
SetWinMetaFileBits
GetBkColor
SetRectRgn
MoveToEx
GetTextCharsetInfo
GetDIBColorTable
DeleteEnhMetaFile
CreateFontIndirectW
OffsetRgn
EnumFontsW
Pie
TextOutA
CreateFontIndirectA
EndPath
UpdateColors
GetPixel
GetBrushOrgEx
OffsetViewportOrgEx
SetBkMode
BitBlt
EnumFontFamiliesA
GetDeviceCaps
FillRgn
SetAbortProc
ScaleWindowExtEx
SetBkColor
StrokePath
ExtSelectClipRgn
SelectPalette
CloseEnhMetaFile
SetROP2
ExtEscape
GetNearestPaletteIndex
SetDIBColorTable
CancelDC
GetTextColor
PtVisible
BeginPath
SetViewportExtEx
CreatePenIndirect
SetBitmapBits
PatBlt
CreatePen
SetStretchBltMode
Rectangle
GetObjectA
CreateDCA
DeleteDC
EndDoc
GetMapMode
GetSystemPaletteEntries
EnumMetaFile
StartPage
GetObjectW
CreateDCW
GetCharWidthA
RealizePalette
CreateDIBPatternBrushPt
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GdiFlush
SelectClipRgn
GetTextAlign
EndPage
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWindowOrgEx
SetTextCharacterExtra
GetTextExtentPoint32W
LPtoDP
CreateICA
Polygon
GetGlyphOutlineW
GetRgnBox
SaveDC
CreateICW
GetEnhMetaFilePaletteEntries
GetGlyphOutlineA
RestoreDC
GetBitmapBits
FillPath
CreateDIBSection
SetTextColor
ExtFloodFill
GetClipBox
CreateFontA
EnumFontFamiliesExW
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
PolyBezierTo
CreateFontW
CreateRectRgn
RemoveFontResourceA
GetClipRgn
StartDocA
SetPolyFillMode
Ellipse
CreateSolidBrush
Polyline
DPtoLP
StartDocW
CreateCompatibleBitmap
GetStartupInfoA
Toolhelp32ReadProcessMemory
ExpandEnvironmentStringsW
GetOverlappedResult
CreateDirectoryA
CreateProcessW
GetThreadTimes
GlobalUnfix
GetCurrencyFormatW
GetModuleHandleA
Ord(1080)
Ord(324)
Ord(3825)
Ord(3147)
Ord(2124)
Ord(1049)
Ord(3830)
Ord(4627)
Ord(1168)
Ord(4853)
Ord(3136)
Ord(2982)
Ord(1088)
Ord(561)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(1063)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(4353)
Ord(3798)
Ord(1012)
Ord(1053)
Ord(3259)
Ord(3081)
Ord(2648)
Ord(5280)
Ord(4407)
Ord(2446)
Ord(4079)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(1066)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1097)
Ord(1727)
Ord(3597)
Ord(2554)
Ord(2985)
Ord(4998)
Ord(1078)
Ord(2385)
Ord(815)
Ord(4486)
Ord(5300)
Ord(4698)
Ord(1030)
Ord(5163)
Ord(3922)
Ord(2976)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(1034)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(1085)
Ord(5731)
_except_handler3
__p__fmode
__p__dstbias
tanh
_chdrive
_acmdln
_ismbcupper
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
_j0
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
DragObject
Number of PE resources by type
RT_DIALOG 6
RT_ICON 4
RT_GROUP_ICON 4
K7v8g3SmO0 1
u5c5E 1
t8U8c1wGe 1
PnkE1V 1
CU83So2D2 1
mXu6S0yW 1
Bq100yHSv 1
L2L4Dq5 1
f7JC5sr 1
LlCna22ID 1
S0r613PT 1
KE44J7NUy 1
RT_VERSION 1
Gn4c6n78y 1
Number of PE resources by language
HUNGARIAN DEFAULT 18
ENGLISH UK 10
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.235.28.87

UninitializedDataSize
0

LanguageCode
Unknown (DISP)

FileFlagsMask
0x003f

CharacterSet
Unknown (IRITING)

InitializedDataSize
90112

EntryPoint
0x190c6

MIMEType
application/octet-stream

LegalCopyright
2015 (C) 2015

FileVersion
0.87.27.17

TimeStamp
2004:04:16 00:21:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Drinking

ProductVersion
0.49.58.102

FileDescription
Estrangement Forwardlooking Emerge

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fortinet Inc.

CodeSize
102400

ProductName
Justice Farces

ProductVersionNumber
0.161.111.244

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 49b1901e2684f1a18dfb11bc359da0bd
SHA1 320bd768a261b68207be1c2286cf30cd389b771b
SHA256 1fb62a162dec74fbfc2111659eaa64cc4c1d4b1076575cab570071d248ec560d
ssdeep
3072:QWTPY/AMwYj6DJsLSBVS7s5EpAKnIjJIOGD/NAoIbWssuCF9XFBX7DmzrJyELfOh:XPNMh0GSrrEjJJIqyCjveJ74

authentihash ac75d5c5e0b74bf9c560f9d1cc7b5f51e4afa608e07c06ccd912736e106a9d18
imphash ab50109bd49b13eed40409e8890f9ae9
File size 193.1 KB ( 197687 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-02 10:14:19 UTC ( 2 years, 11 months ago )
Last submission 2016-04-28 03:04:26 UTC ( 2 years, 10 months ago )
File names 49B1901E2684F1A18DFB11BC359DA0BD.22979DC8
ydycicoq.exe
uhukitaj.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!