× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 27bff4bd9558f3ea40c0ef4a556e7099dff9122a599daabe10e025367d4ecfdf
File name: bad.exe
Detection ratio: 8 / 55
Analysis date: 2017-01-17 09:26:57 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20170117
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170117
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Fortinet W32/Kryptik.FMZC!tr 20170117
Sophos ML worm.win32.gamarue.f 20170111
Qihoo-360 HEUR/QVM08.0.0000.Malware.Gen 20170117
Rising Malware.XPACK-HIE/Heur!1.9C48 (classic) 20170117
Symantec ML.Attribute.VeryHighConfidence [Heur.AdvML.B] 20170116
Ad-Aware 20170117
AegisLab 20170117
AhnLab-V3 20170117
Alibaba 20170117
ALYac 20170117
Antiy-AVL 20170117
Arcabit 20170117
Avast 20170117
AVG 20170117
AVware 20170117
BitDefender 20170117
CAT-QuickHeal 20170117
ClamAV 20170117
CMC 20170117
Comodo 20170117
Cyren 20170117
DrWeb 20170117
Emsisoft 20170117
ESET-NOD32 20170117
F-Prot 20170117
F-Secure 20170117
GData 20170117
Ikarus 20170117
Jiangmin 20170117
K7AntiVirus 20170117
K7GW 20170117
Kaspersky 20170117
Kingsoft 20170117
Malwarebytes 20170117
McAfee 20170108
McAfee-GW-Edition 20170117
Microsoft 20170117
eScan 20170117
NANO-Antivirus 20170117
nProtect 20170117
Panda 20170116
Sophos AV 20170117
SUPERAntiSpyware 20170117
Tencent 20170117
TheHacker 20170117
TrendMicro 20170117
TrendMicro-HouseCall 20170117
Trustlook 20170117
VBA32 20170116
VIPRE 20170117
ViRobot 20170117
WhiteArmor 20170117
Yandex 20170116
Zillya 20170116
Zoner 20170117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©Iendoilo ewfaniretoykge egenejanalt

Product KEHEHECUI
Original name kehehecui.exe
Internal name KEHEHECUI.EXE
File version 2.8.0.3
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-16 14:16:08
Entry Point 0x0005D279
Number of sections 4
PE sections
Overlays
MD5 4c1295a43f0f153ffcf213f3475f07e0
File type data
Offset 417792
Size 628
Entropy 7.66
PE imports
JetTerm
JetCommitTransaction
JetMove
JetMakeKey
ImmSetConversionStatus
ImmSetCompositionFontW
ImmEscapeW
ImmGetConversionStatus
ImmGetCompositionStringW
SetThreadLocale
GetStdHandle
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetLocaleInfoA
GetConsoleCursorInfo
FreeEnvironmentStringsW
GetCPInfo
GetStringTypeA
GetTempPathW
HeapReAlloc
GetStringTypeW
ConnectNamedPipe
LocalFree
GetProfileIntW
AddVectoredExceptionHandler
InitializeCriticalSection
TlsGetValue
SetLastError
GetSystemTime
GlobalFindAtomW
WriteProcessMemory
GetModuleFileNameW
HeapAlloc
GetModuleFileNameA
FillConsoleOutputCharacterW
UnhandledExceptionFilter
OpenWaitableTimerW
MultiByteToWideChar
FoldStringW
_lclose
VirtualQuery
GetCurrentThreadId
GetSystemWow64DirectoryW
HeapFree
EnterCriticalSection
SetHandleCount
FindVolumeClose
GetOEMCP
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
Process32Next
CreateRemoteThread
GetStartupInfoA
GetFileSize
GetGeoInfoW
GetStartupInfoW
ReadProcessMemory
GetUserDefaultLCID
FindNextFileW
lstrcmpW
GetProcAddress
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
AttachConsole
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
CancelWaitableTimer
GetEnvironmentStrings
CompareFileTime
VirtualFreeEx
CreateIoCompletionPort
GetCommandLineW
WideCharToMultiByte
QueryActCtxW
GetCommandLineA
MapViewOfFile
TlsFree
GetModuleHandleA
RtlCaptureContext
GetACP
GetModuleHandleW
GetCurrentDirectoryW
HeapCreate
WriteFile
VirtualFree
IsBadCodePtr
OpenSemaphoreW
VirtualAlloc
CallNtPowerInformation
CreateURLMoniker
Number of PE resources by type
RT_BITMAP 2
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.8.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
21504

EntryPoint
0x5d279

OriginalFileName
kehehecui.exe

MIMEType
application/octet-stream

LegalCopyright
Iendoilo ewfaniretoykge egenejanalt

FileVersion
2.8.0.3

TimeStamp
2015:01:16 15:16:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
KEHEHECUI.EXE

ProductVersion
2.8.0.3

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Iendoilo ewfaniretoykge egenejanalt

CodeSize
397312

ProductName
KEHEHECUI

ProductVersionNumber
2.8.0.3

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 31ba0ddf31605d54e5e1188b8bf8ee48
SHA1 c6ac4f2b069736921924668f1e37dc1af9ca063c
SHA256 27bff4bd9558f3ea40c0ef4a556e7099dff9122a599daabe10e025367d4ecfdf
ssdeep
6144:XzjHwi5S0Klc7J0CHEcdK60bKsj8YO0yYEqypdOai7vJF7GSjsLUEbHAUUllw:Dsi5ilOdKxKsjeiEOai7f0jqlw

authentihash 58ea234eff9e7506336126406df3c914124f6e23b2dbf3e4a978dec27c09e887
imphash 227ca6d8d3a9b2b96ed683a9ee8b8fe3
File size 408.6 KB ( 418420 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-01-17 09:26:57 UTC ( 2 years, 3 months ago )
Last submission 2017-01-17 10:34:30 UTC ( 2 years, 3 months ago )
File names bad.exe
KEHEHECUI.EXE
mofyvhu.exe
kehehecui.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!