× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 227b22d5caa03e70e41393fd04f59907670d336028a09c0e5787e2c1a7cd07b2
File name: ogLq.exe
Detection ratio: 40 / 67
Analysis date: 2019-03-26 08:15:37 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190325
Ad-Aware Gen:Variant.Cerbu.30560 20190326
AegisLab Hacktool.Win32.Krap.lKMc 20190326
AhnLab-V3 Trojan/Win32.Fuerboos.R260171 20190326
ALYac Gen:Variant.Cerbu.30560 20190326
Arcabit Trojan.Cerbu.D7760 20190325
Avast Win32:DangerousSig [Trj] 20190326
AVG Win32:DangerousSig [Trj] 20190326
BitDefender Gen:Variant.Cerbu.30560 20190326
Comodo Malware@#3aq90zp970kul 20190326
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.ae62b7 20190325
Cyren W32/Kryptik.UV.gen!Eldorado 20190326
Emsisoft Gen:Variant.Cerbu.30560 (B) 20190326
Endgame malicious (high confidence) 20190322
ESET-NOD32 a variant of Win32/Kryptik.YHT 20190326
FireEye Generic.mg.d0dc67b20c631296 20190326
Fortinet W32/Emotet.Q!tr 20190326
GData Gen:Variant.Cerbu.30560 20190326
Ikarus Trojan-Banker.Emotet 20190325
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0034323e1 ) 20190326
K7GW Trojan ( 0034323e1 ) 20190326
Kaspersky Trojan-Banker.Win32.Emotet.csfm 20190326
Malwarebytes Trojan.Emotet 20190326
MAX malware (ai score=83) 20190326
McAfee Emotet-FMI!D0DC67B20C63 20190326
McAfee-GW-Edition Artemis!Trojan 20190325
Microsoft Trojan:Win32/Emotet.AC!bit 20190326
eScan Gen:Variant.Cerbu.30560 20190326
Palo Alto Networks (Known Signatures) generic.ml 20190326
Panda Trj/Genetic.gen 20190325
Qihoo-360 HEUR/QVM20.1.135A.Malware.Gen 20190326
Rising Trojan.Kryptik!8.8 (CLOUD) 20190326
Sophos AV Mal/Emotet-Q 20190326
Tencent Win32.Trojan.Falsesign.Wrgm 20190326
Trapmine suspicious.low.ml.score 20190325
TrendMicro-HouseCall TROJ_GEN.R020H05CP19 20190326
VBA32 BScope.Malware-Cryptor.Emotet 20190325
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.csfm 20190326
Alibaba 20190306
Antiy-AVL 20190326
Avast-Mobile 20190325
Avira (no cloud) 20190326
Babable 20180918
Baidu 20190318
Bkav 20190326
CAT-QuickHeal 20190325
ClamAV 20190325
CMC 20190321
DrWeb 20190326
eGambit 20190326
F-Secure 20190325
Jiangmin 20190326
Kingsoft 20190326
NANO-Antivirus 20190326
SentinelOne (Static ML) 20190317
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190325
TACHYON 20190326
TheHacker 20190324
TotalDefense 20190326
Trustlook 20190326
VIPRE 20190326
ViRobot 20190326
Yandex 20190324
Zillya 20190324
Zoner 20190326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2003-2015 Glarysoft Ltd

Product Glary Utilities
Original name memdefrag.exe
Internal name memdefrag.exe
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:09 AM 4/1/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-25 08:06:20
Entry Point 0x00001340
Number of sections 4
PE sections
Overlays
MD5 f5f358825239e2050344c23c8661c94c
File type data
Offset 175616
Size 3336
Entropy 7.35
PE imports
RegOpenKeyA
InitCommonControlsEx
_TrackMouseEvent
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetFileAttributesW
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetTimeZoneInformation
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
GetFullPathNameW
WritePrivateProfileStringW
SetLastError
InitializeCriticalSection
GlobalFindAtomW
ReadFile
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
FatalExit
GetCalendarInfoW
GetVolumeInformationW
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
SetFilePointer
GlobalAddAtomW
CreateThread
DisconnectNamedPipe
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
GetModuleHandleW
GetStartupInfoW
GlobalLock
GetProcessHeap
GetComputerNameW
AssignProcessToJobObject
WaitNamedPipeW
GlobalReAlloc
lstrcmpA
CompareStringA
FindFirstFileW
DuplicateHandle
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
lstrcpyn
InterlockedIncrement
GetLastError
LocalReAlloc
GlobalDeleteAtom
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
WinExec
VirtualFree
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
Module32NextW
GlobalFlags
CloseHandle
GetACP
GetCurrentThreadId
FreeResource
SetStdHandle
SizeofResource
HeapCreate
FindResourceW
VirtualQuery
CreateProcessW
Sleep
LocalShrink
VirtualAlloc
RedrawWindow
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
BroadcastSystemMessageA
DestroyMenu
PostQuitMessage
GetMessagePos
ValidateRect
SetWindowPos
IsWindow
GrayStringW
DispatchMessageA
EndPaint
PeekMessageA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetKeyState
GetMenu
UnregisterClassA
SendMessageA
SetThreadDesktop
GetClassInfoW
CreateAcceleratorTableW
AllowSetForegroundWindow
DrawTextW
GetNextDlgTabItem
CallNextHookEx
LoadImageW
TrackPopupMenu
GetActiveWindow
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
MsgWaitForMultipleObjects
GetTopWindow
InvalidateRgn
GetMenuItemID
DestroyWindow
GetMessageA
GetClassInfoExW
UpdateWindow
AdjustWindowRectEx
GetPropW
EqualRect
GetMessageW
ShowWindow
FlashWindowEx
GetNextDlgGroupItem
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
CharUpperW
EnumDisplaySettingsW
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
RegisterClassW
RegisterDeviceNotificationA
GetWindowPlacement
LoadStringW
SetWindowLongW
EnableMenuItem
GetWindowLongA
SetTimer
IsDialogMessageW
FillRect
CharNextA
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
MapWindowPoints
RegisterWindowMessageW
OpenInputDesktop
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
ReleaseCapture
KillTimer
DefWindowProcA
GetParent
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
DrawIcon
EnumChildWindows
IntersectRect
CharLowerW
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
PtInRect
CharUpperBuffW
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
SetKeyboardState
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
LoadCursorW
GetSystemMenu
DispatchMessageW
SetForegroundWindow
PostThreadMessageA
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
EndDialog
ModifyMenuW
CopyRect
GetCapture
FindWindowA
MessageBeep
SetFocus
GetWindowThreadProcessId
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
LoadIconW
MoveWindow
MessageBoxA
AppendMenuW
GetWindowDC
wvsprintfA
DialogBoxParamA
SendMessageTimeoutW
GetSysColor
RegisterClipboardFormatW
CopyImage
SystemParametersInfoA
GetProcessDefaultLayout
wsprintfW
IsWindowVisible
WinHelpW
SetWindowContextHelpId
SystemParametersInfoW
UnionRect
SetRect
InvalidateRect
wsprintfA
SendMessageTimeoutA
CallWindowProcW
GetClassNameW
UnregisterClassW
SetWindowTextA
GetClientRect
CloseDesktop
UnregisterDeviceNotification
IsRectEmpty
GetFocus
InsertMenuItemW
SetCursor
RemovePropW
Number of PE resources by type
RT_ICON 12
RT_GROUP_ICON 5
RT_BITMAP 4
RT_DIALOG 2
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 24
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.0.3

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
169984

EntryPoint
0x1340

OriginalFileName
memdefrag.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2003-2015 Glarysoft Ltd

TimeStamp
2019:03:25 09:06:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
memdefrag.exe

ProductVersion
5.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
4608

ProductName
Glary Utilities

ProductVersionNumber
5.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d0dc67b20c631296f911ad41a5f95d69
SHA1 6d36618ae62b7303768f5ed49f37603a6cc234dd
SHA256 227b22d5caa03e70e41393fd04f59907670d336028a09c0e5787e2c1a7cd07b2
ssdeep
3072:20kAJ4GLyfzK0R5vPNHYa0z8MHBp4Aq3npm9mX1n5Ehjfffffffffffffffffffo:BnLyfzX9PRYP4WRCnYsFcjfffffffffY

authentihash 2322a95db48a96cdd94392384f5b11ed5b67f421379a4362250b4534b08d1f7e
imphash 4fd3befba8c299655fd1d52148cef1f5
File size 174.8 KB ( 178952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-25 08:08:55 UTC ( 1 month, 4 weeks ago )
Last submission 2019-03-25 08:08:55 UTC ( 1 month, 4 weeks ago )
File names ogLq.exe
memdefrag.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections