× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3abc7d3287f466be976f7671a7a1b816347d1054f8f6f5e92b6834115347b449
File name: andy.exe
Detection ratio: 43 / 55
Analysis date: 2016-08-08 09:05:43 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.253415 20160808
AegisLab Backdoor.W32.Androm.asno!c 20160808
AhnLab-V3 Trojan/Win32.ZAccess.N958278462 20160807
ALYac Gen:Variant.Kazy.253415 20160808
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160808
Arcabit Trojan.Kazy.D3DDE7 20160808
Avast Win32:Alureon-BCV [Cryp] 20160808
AVG SHeur4.BQPI 20160808
Avira (no cloud) TR/Crypt.Xpack.23403 20160808
AVware Trojan.Win32.Generic!BT 20160808
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160806
BitDefender Gen:Variant.Kazy.253415 20160808
Bkav W32.ParagolAB.Trojan 20160806
CAT-QuickHeal Worm.Gamarue.r4 20160808
Comodo Heur.Suspicious 20160806
Cyren W32/S-289f9b0f!Eldorado 20160808
DrWeb Trojan.DownLoad3.28650 20160808
Emsisoft Gen:Variant.Kazy.253415 (B) 20160808
ESET-NOD32 Win32/TrojanDownloader.Wauchos.Q 20160808
F-Prot W32/S-289f9b0f!Eldorado 20160808
F-Secure Gen:Variant.Kazy.253415 20160808
Fortinet W32/Reconyc.DGQ!tr 20160808
GData Gen:Variant.Kazy.253415 20160808
Ikarus Trojan-PWS.Win32.Fareit 20160808
Jiangmin Backdoor/Androm.aok 20160808
K7AntiVirus Trojan-Downloader ( 00483e861 ) 20160808
K7GW Trojan-Downloader ( 00483e861 ) 20160808
Kaspersky HEUR:Trojan.Win32.Generic 20160808
Malwarebytes Trojan.Wauchos.Download 20160808
McAfee Artemis!BEBD381D4552 20160808
McAfee-GW-Edition Artemis!Trojan 20160808
Microsoft Worm:Win32/Gamarue.I 20160808
eScan Gen:Variant.Kazy.253415 20160808
NANO-Antivirus Trojan.Win32.DownLoad3.ctcukj 20160808
Panda Trj/Dtcontx.H 20160807
Qihoo-360 Win32/Trojan.Multi.daf 20160808
Sophos AV Mal/Generic-S 20160808
Symantec Trojan.Zeroaccess!g55 20160808
Tencent Win32.Trojan.Generic.Pjxl 20160808
TrendMicro TROJ_SPNR.35JA13 20160808
TrendMicro-HouseCall TROJ_SPNR.35JA13 20160808
VIPRE Trojan.Win32.Generic!BT 20160807
Yandex Backdoor.Androm!UhuVYOZnItA 20160807
Alibaba 20160808
ClamAV 20160808
CMC 20160804
Kingsoft 20160808
nProtect 20160809
SUPERAntiSpyware 20160808
TheHacker 20160806
TotalDefense 20160808
VBA32 20160805
ViRobot 20160808
Zillya 20160807
Zoner 20160808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Hpfvnoedmt

Product Niuvnuf
Original name Quvjcvcyn.exe
Internal name Quvjcvcyn
File version 3.11.2728.19204
Description QuvjcvcynYsvlf Zbpndmd
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-10 03:16:43
Entry Point 0x00001401
Number of sections 4
PE sections
PE imports
CAFindByCertType
CAFindByName
DllGetClassObject
CASetCertTypeFlags
CAGetCertTypeKeySpec
CACertTypeAccessCheck
CAGetCAExpiration
CAGetCACertificate
GetSystemTime
lstrlenA
GetFileAttributesA
CopyFileA
ExitProcess
GetFileAttributesW
GetCommandLineW
lstrlenW
GetLocalTime
GetCurrentProcess
AddConsoleAliasA
GetCurrentProcessId
AddAtomA
GetConsoleTitleW
GetCompressedFileSizeW
AddConsoleAliasW
GetStartupInfoW
GetConsoleTitleA
GetCompressedFileSizeA
InterlockedCompareExchange
GetCurrentThread
lstrcmpA
ReadFile
WriteFile
CloseHandle
GetCommandLineA
IsValidLocale
GetACP
GetVersion
VirtualAlloc
GetConsoleWindow
VirtualFree
Sleep
CreateFileA
GetTickCount
GetCurrentThreadId
lstrcmpW
acmFormatDetailsW
acmDriverAddA
acmDriverID
acmFormatEnumW
acmDriverEnum
acmStreamClose
acmDriverRemove
acmFilterDetailsA
acmFilterTagDetailsA
acmFormatSuggest
acmMetrics
acmFilterChooseA
acmStreamConvert
acmFormatChooseA
acmDriverMessage
acmFilterTagDetailsW
acmStreamReset
acmDriverDetailsA
acmFormatTagDetailsW
GetAcceptExSockaddrs
GetAddressByNameA
EnumProtocolsW
EnumProtocolsA
GetServiceA
AcceptEx
s_perror
SetServiceA
GetNameByTypeW
TransmitFile
WSARecvEx
NPLoadNameSpaces
dn_expand
GetServiceW
GetAddressByNameW
GetTypeByNameA
GetTypeByNameW
MigrateWinsockConfiguration
GetNameByTypeA
SetServiceW
VarUdateFromDate
UnRegisterTypeLib
VarI2FromI4
VarCmp
VarR8FromDisp
RegisterTypeLib
VarDecRound
SafeArrayGetRecordInfo
VectorFromBstr
VarR4FromUI4
VarUI2FromUI1
VarDateFromStr
VarFormatDateTime
VarDecFromBool
VarAdd
DllGetClassObject
RasEapFreeMemory
RasEapInvokeConfigUI
RasEapGetIdentity
DllUnregisterServer
DllCanUnloadNow
RasEapInvokeInteractiveUI
RasEapGetInfo
DllRegisterServer
WinntIsWorkstation
CreateUnimodemTimer
ReinitOverStruct
ResetCallCount
MonitorHandle
UmPlatformDeinitialize
SyncDeviceIoControl
FreeOverStruct
CallBeginning
CreateOverStructPool
StartMonitorThread
UnimodemReadFileEx
UnimodemDeviceIoControlEx
StopMonitorThread
CancelUnimodemTimer
AllocateOverStructEx
FreeUnimodemTimer
SetUnimodemTimer
UnimodemNotifyTSP
DestroyOverStructPool
UmPlatformInitialize
StopMonitoringHandle
UnimodemWaitCommEventEx
CallEnding
UnimodemQueueUserAPC
UnimodemWriteFileEx
GetForegroundWindow
ReleaseCapture
InternalGetWindowText
GetScrollInfo
FindWindowW
SetMenuItemBitmaps
GetMonitorInfoA
PostQuitMessage
FindWindowA
CliImmSetHotKey
GetSysColorBrush
GetLastInputInfo
AppendMenuA
GetWindowRect
GetTabbedTextExtentA
MessageBoxIndirectA
SetMenuItemInfoA
DdeEnableCallback
GetWindow
GetPropW
ReleaseDC
GetClientRect
DrawTextW
DlgDirSelectComboBoxExA
UserRegisterWowHandlers
DdeUninitialize
InsertMenuA
ChangeMenuA
IsDialogMessageW
GetAncestor
ModifyMenuW
GetWindowTextW
GetDesktopWindow
DialogBoxIndirectParamW
UserHandleGrantAccess
DdeFreeStringHandle
GetWindowTextA
GetMenuContextHelpId
GetInternalWindowPos
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.12

ImageVersion
5.0

FileSubtype
0

FileVersionNumber
3.11.2728.19204

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0x1401

OriginalFileName
Quvjcvcyn.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Hpfvnoedmt

FileVersion
3.11.2728.19204

TimeStamp
2001:01:10 04:16:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Quvjcvcyn

ProductVersion
3.11.2728.19204

FileDescription
QuvjcvcynYsvlf Zbpndmd

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hpfvnoedmt

CodeSize
13312

ProductName
Niuvnuf

ProductVersionNumber
3.11.2728.19204

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bebd381d45524e9318a52f6a634365c2
SHA1 87eec614130c500635d9b06d97a1d998db5f2d26
SHA256 3abc7d3287f466be976f7671a7a1b816347d1054f8f6f5e92b6834115347b449
ssdeep
1536:LmffqXpWT7BTGVzWiDxKrQHe0F9T8Ne4WDBM:bZWT7xYzdDUGpL8Ne4WDBM

authentihash 592167e650d856efe36d848a547e16a57f1af48390e3624f62af80cc3fcc144a
imphash d9eeaff46d60e9534b9e431bf739bfba
File size 54.0 KB ( 55296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-09-22 10:26:32 UTC ( 5 years, 5 months ago )
Last submission 2013-09-22 10:26:32 UTC ( 5 years, 5 months ago )
File names Quvjcvcyn
Quvjcvcyn.exe
andy.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.