× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 24b252941062ded074c8dfa37e33907322d270fd60a97b4db59baf29e81731a3
File name: klA1KMQj2D.exe
Detection ratio: 5 / 56
Analysis date: 2016-05-23 11:20:38 UTC ( 3 years ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.D196 20160521
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.ch 20160522
Qihoo-360 QVM20.1.Malware.Gen 20160523
Rising Malware.XPACK-HIE/Heur!1.9C48 20160523
Tencent Win32.Trojan.Raas.Auto 20160523
Ad-Aware 20160523
AegisLab 20160523
AhnLab-V3 20160522
Alibaba 20160523
ALYac 20160523
Antiy-AVL 20160523
Arcabit 20160523
Avast 20160523
AVG 20160523
Avira (no cloud) 20160523
AVware 20160523
Baidu 20160523
Baidu-International 20160523
BitDefender 20160523
CAT-QuickHeal 20160523
ClamAV 20160523
CMC 20160523
Comodo 20160523
Cyren 20160523
DrWeb 20160523
Emsisoft 20160523
ESET-NOD32 20160522
F-Prot 20160523
F-Secure 20160523
Fortinet 20160523
GData 20160523
Ikarus 20160523
Jiangmin 20160523
K7AntiVirus 20160523
K7GW 20160523
Kaspersky 20160523
Kingsoft 20160523
Malwarebytes 20160523
McAfee 20160523
Microsoft 20160523
eScan 20160523
NANO-Antivirus 20160523
nProtect 20160520
Panda 20160522
Sophos AV 20160523
SUPERAntiSpyware 20160523
Symantec 20160523
TheHacker 20160522
TrendMicro 20160523
TrendMicro-HouseCall 20160523
VBA32 20160523
VIPRE 20160523
ViRobot 20160523
Yandex 20160522
Zillya 20160523
Zoner 20160523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2007-2012 All rights Reserved.

File version 5, 0, 3, 5
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-23 05:48:48
Entry Point 0x000073FC
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
OpenServiceW
ControlService
RegOpenKeyExW
DeleteService
RegQueryValueExW
CloseServiceHandle
RegOpenKeyA
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
SetServiceStatus
RegEnumKeyW
SetTokenInformation
RegisterServiceCtrlHandlerExW
CreateServiceW
GetTokenInformation
DuplicateTokenEx
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
CreateProcessAsUserW
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
ReportEventW
QueryServiceStatusEx
StartServiceCtrlDispatcherW
ChangeServiceConfigW
SetNamedSecurityInfoW
AbortPath
ColorCorrectPalette
AddFontMemResourceEx
AngleArc
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
CompareFileTime
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
GetFileInformationByHandle
MultiByteToWideChar
SetStdHandle
GetFileTime
FindResourceExA
GetShortPathNameA
GetCPInfo
lstrcmpiA
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
FindNextChangeNotification
GetStringTypeExA
SetLastError
GetUserDefaultUILanguage
LocalLock
GetUserDefaultLangID
FileTimeToDosDateTime
GetModuleFileNameW
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
RaiseException
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
GlobalFindAtomA
GetProfileIntA
GetModuleHandleA
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
FindCloseChangeNotification
GetNumberFormatA
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
LeaveCriticalSection
UnlockFile
SystemTimeToFileTime
GetFileSize
LCMapStringW
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GetFullPathNameA
GlobalLock
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
FreeEnvironmentStringsW
lstrcmpA
lstrcpyA
ResetEvent
GetTempFileNameA
CreateFileMappingA
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetCurrentDirectoryW
GetTimeZoneInformation
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
LocalUnlock
InterlockedIncrement
GetLastError
FreeConsole
DosDateTimeToFileTime
GlobalDeleteAtom
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
WinExec
OpenFile
CancelWaitableTimer
FileTimeToLocalFileTime
SizeofResource
SearchPathA
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
HeapQueryInformation
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
GetTempPathA
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
WriteFile
Sleep
GetFileAttributesExA
FindResourceA
CompareStringA
SHGetSpecialFolderPathW
SHEmptyRecycleBinW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathQuoteSpacesW
StrStrIW
PathAppendW
PathCombineW
SetFocus
MapWindowPoints
GetMonitorInfoW
GetParent
LoadIconA
PostQuitMessage
EnumWindows
DefWindowProcW
KillTimer
DestroyMenu
TrackMouseEvent
GetMessageW
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
SetCursor
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
LoadStringA
EnumChildWindows
AppendMenuW
GetWindowDC
DestroyCursor
TranslateMessage
IsWindowEnabled
GetWindow
PostMessageW
InvalidateRect
DispatchMessageW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
UnregisterClassA
DestroyWindow
PtInRect
SendMessageA
LoadStringW
SetWindowTextW
GetMenuItemInfoW
DrawTextW
LoadImageW
MonitorFromWindow
ScreenToClient
TrackPopupMenuEx
SetTimer
CallWindowProcW
GetClassNameW
GetMenuItemCount
CharLowerW
MonitorFromPoint
GetClientRect
GetWindowTextW
LoadCursorW
GetFocus
GetWindowLongW
CharNextW
TranslateAcceleratorW
VerQueryValueW
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
_CIsin
free
exit
_CIcos
calloc
__set_app_type
Ord(8)
OleUIBusyW
Number of PE resources by type
RT_ICON 12
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
SpecialBuild
2015.07.17

UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
8.0

FileVersionNumber
5.0.3.5

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
127488

PrivateBuild
2015.07.17

EntryPoint
0x73fc

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007-2012 All rights Reserved.

FileVersion
5, 0, 3, 5

TimeStamp
2016:05:23 06:48:48+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5, 0, 3, 5

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Accmeware Corporation

CodeSize
68096

FileSubtype
0

ProductVersionNumber
5.0.3.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 86fa752330fb189952a69742244b5890
SHA1 d325fe1066068c7b40536d013405d6e91e9384a8
SHA256 24b252941062ded074c8dfa37e33907322d270fd60a97b4db59baf29e81731a3
ssdeep
1536:XAaixKMeWjJp3Y8fxZSoqG1aQyS91c5dlh6CpmuWwydjO88+6dbk17HWa:XNwyWdp3ooqqaQySyh62nWXdVa6Wa

authentihash 2410a0053d7d5a8f0d0e77ab3c1170256484edcbd0e03710925d8d3a2d939fd8
imphash 0e508150a6d5da7000fb375acc1d7445
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-23 11:12:50 UTC ( 3 years ago )
Last submission 2018-10-08 07:50:17 UTC ( 7 months, 2 weeks ago )
File names klA1KMQj2D.exe
klA1KMQj2D.exe
86FA752330FB189952A69742244B5890.EXE
86fa752330fb189952a69742244b5890.exe
klA1KMQj2D.exe
86fa752330fb189952a69742244b5890
klA1KMQj2D.exe
klA1KMQj2D.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications