× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 249594d4bce1741ced9fa4396111afcd0c87e1a606dbf5b6d276294bb07ddeec
File name: IUYknej3.exe
Detection ratio: 10 / 68
Analysis date: 2017-12-27 09:58:15 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171227
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20171016
Cylance Unsafe 20171227
Endgame malicious (high confidence) 20171130
Fortinet W32/Kryptik.FZML!tr 20171227
Sophos ML heuristic 20170914
McAfee GenericRXDP-NO!0780C1594F30 20171227
Palo Alto Networks (Known Signatures) generic.ml 20171227
Qihoo-360 HEUR/QVM10.1.1F85.Malware.Gen 20171227
Webroot W32.Trojan.Gen 20171227
Ad-Aware 20171225
AegisLab 20171227
AhnLab-V3 20171226
Alibaba 20171227
ALYac 20171227
Antiy-AVL 20171227
Arcabit 20171227
Avast 20171227
Avast-Mobile 20171226
AVG 20171227
Avira (no cloud) 20171227
AVware 20171227
BitDefender 20171227
Bkav 20171227
CAT-QuickHeal 20171226
ClamAV 20171227
CMC 20171227
Comodo 20171227
Cybereason 20171103
Cyren 20171227
DrWeb 20171227
eGambit 20171227
Emsisoft 20171227
ESET-NOD32 20171227
F-Prot 20171227
F-Secure 20171227
GData 20171227
Ikarus 20171227
Jiangmin 20171227
K7AntiVirus 20171227
K7GW 20171227
Kaspersky 20171227
Kingsoft 20171227
Malwarebytes 20171227
MAX 20171227
McAfee-GW-Edition 20171227
Microsoft 20171226
eScan 20171227
NANO-Antivirus 20171227
nProtect 20171227
Panda 20171226
Rising 20171227
SentinelOne (Static ML) 20171224
Sophos AV 20171227
SUPERAntiSpyware 20171227
Symantec 20171227
Symantec Mobile Insight 20171227
Tencent 20171227
TheHacker 20171226
TotalDefense 20171227
TrendMicro 20171227
TrendMicro-HouseCall 20171227
Trustlook 20171227
VBA32 20171227
VIPRE 20171227
ViRobot 20171227
WhiteArmor 20171226
Yandex 20171225
Zillya 20171226
ZoneAlarm by Check Point 20171227
Zoner 20171227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

File version 1.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-27 05:15:36
Entry Point 0x0000D21C
Number of sections 5
PE sections
PE imports
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
ReadFile
LoadLibraryW
GetConsoleCP
FreeLibrary
HeapSize
GetTimeFormatW
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
SetUnhandledExceptionFilter
GetCommandLineW
RtlUnwind
GetStdHandle
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
SetConsoleCtrlHandler
GetCurrentProcessId
AddAtomA
GetDateFormatW
GetModuleHandleW
WideCharToMultiByte
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetFileInformationByHandle
GetUserDefaultLCID
AddAtomW
GetLocaleInfoW
SetStdHandle
CompareStringW
RaiseException
UnhandledExceptionFilter
GetCPInfo
GetModuleFileNameW
TlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetExitCodeThread
SetEndOfFile
CreateSemaphoreW
WriteFile
CreateEventW
DecodePointer
CloseHandle
GetMailslotInfo
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
GetCurrentThread
GetOEMCP
TerminateProcess
QueryPerformanceCounter
TlsGetValue
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GlobalAlloc
IsDebuggerPresent
Sleep
SetLastError
ReadConsoleW
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcessHeap
ExitProcess
WriteConsoleW
LeaveCriticalSection
GetMenuInfo
UpdateWindow
LoadMenuA
CallMsgFilterA
PrivateExtractIconsA
GetNextDlgGroupItem
GetRegisteredRawInputDevices
GetDialogBaseUnits
LoadBitmapA
PeekMessageA
LookupIconIdFromDirectoryEx
LoadCursorFromFileW
LoadKeyboardLayoutA
DispatchMessageW
GetDlgCtrlID
GetRawInputDeviceInfoW
TranslateMessage
LoadStringW
RegisterRawInputDevices
LoadMenuIndirectA
LoadImageW
LoadIconA
GetRawInputBuffer
LoadCursorW
LoadIconW
TranslateAcceleratorW
OpenClipboard
Number of PE resources by type
RT_ICON 2
GEJEFULE 1
BAJACIMIMODUWOTAMEJO 1
RT_ACCELERATOR 1
RT_VERSION 1
GNUV 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH UK 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
836608

EntryPoint
0xd21c

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2017:12:27 06:15:36+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017

MachineType
Intel 386 or later, and compatibles

CodeSize
206336

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 0780c1594f308101ab5a30baac2f3402
SHA1 88892bc44277214a8c664dafac4de77b5eb480dd
SHA256 249594d4bce1741ced9fa4396111afcd0c87e1a606dbf5b6d276294bb07ddeec
ssdeep
6144:6FIR4bHump2+euuRDRT/6w+8HnM+XAzg+Mp6DS:6FImHuuUDB/6pCwEbp6D

authentihash 44c05b6200171f769314b1fc0813ba37c12349f8017aee9e8f91362211f65d5d
imphash 86607f6053980f911f5c5a6f64863729
File size 276.0 KB ( 282624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-27 09:58:15 UTC ( 1 year, 3 months ago )
Last submission 2018-05-25 17:58:50 UTC ( 11 months ago )
File names rapid3.exe
rapid.exe
IUYknej3.exe
IUYknej3.exe
uolJgCK2.exe
IUYknej3
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Created processes
Code injections in the following processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications