× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43e30e3a58772743ad3fa4ae75de1a06204219eb80fbfc53fdb884d830942d44
File name: z3qpfzic.exe
Detection ratio: 6 / 58
Analysis date: 2017-02-15 01:45:28 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20170215
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170214
CrowdStrike Falcon (ML) malicious_confidence_94% (D) 20170130
Endgame malicious (high confidence) 20170208
Sophos ML virus.win32.jadtre.i 20170203
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170215
Ad-Aware 20170215
AegisLab 20170215
AhnLab-V3 20170214
Alibaba 20170214
ALYac 20170215
Antiy-AVL 20170215
Arcabit 20170214
AVG 20170214
Avira (no cloud) 20170215
AVware 20170215
BitDefender 20170215
Bkav 20170214
CAT-QuickHeal 20170214
ClamAV 20170215
CMC 20170214
Comodo 20170214
Cyren 20170214
DrWeb 20170214
Emsisoft 20170214
ESET-NOD32 20170215
F-Prot 20170215
F-Secure 20170214
Fortinet 20170214
GData 20170215
Ikarus 20170214
Jiangmin 20170214
K7AntiVirus 20170214
K7GW 20170214
Kaspersky 20170215
Kingsoft 20170215
Malwarebytes 20170214
McAfee 20170215
McAfee-GW-Edition 20170214
Microsoft 20170213
eScan 20170215
NANO-Antivirus 20170214
nProtect 20170214
Panda 20170214
Rising 20170215
Sophos AV 20170215
SUPERAntiSpyware 20170215
Symantec 20170214
Tencent 20170215
TheHacker 20170211
TrendMicro 20170214
TrendMicro-HouseCall 20170215
Trustlook 20170215
VBA32 20170214
VIPRE 20170214
ViRobot 20170214
Webroot 20170215
WhiteArmor 20170202
Yandex 20170214
Zillya 20170214
Zoner 20170215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) IGC

Product EmptyInference
Original name EmptyInference.exe
Internal name EmptyInference
File version 7.1.7.4
Description Resurfacing Series Clojure
Comments Resurfacing Series Clojure
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-14 18:28:15
Entry Point 0x00005DA1
Number of sections 5
PE sections
PE imports
RevertToSelf
ImageList_GetImageCount
ImageList_Create
Ord(17)
ImageList_AddMasked
SelectObject
GetStockObject
CreateSolidBrush
Rectangle
SetBkMode
SetBkColor
CreateCompatibleDC
DeleteObject
CreateHatchBrush
GetAdaptersInfo
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
FillConsoleOutputCharacterA
SetTapeParameters
GetPrivateProfileIntA
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
RtlUnwind
LoadLibraryA
RaiseException
GlobalSize
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetPrivateProfileStringA
GetLocaleInfoA
GetCurrentProcessId
LockResource
GetModuleHandleW
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
SetHandleCount
FindVolumeMountPointClose
GlobalLock
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
GetVolumePathNamesForVolumeNameW
GetModuleHandleA
FindResourceExA
FindNextVolumeMountPointA
UnhandledExceptionFilter
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
FreeEnvironmentStringsW
ReadFile
GlobalFree
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
TlsFree
TerminateProcess
GetEnvironmentStrings
LCMapStringA
IsValidCodePage
LoadResource
lstrcpyA
GlobalAlloc
VirtualFree
CreateEventA
InterlockedDecrement
Sleep
GetFileType
SetConsoleCursorPosition
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
FindFirstVolumeMountPointA
VirtualAlloc
GetStartupInfoA
SetLastError
LeaveCriticalSection
SafeArrayAccessData
UnRegisterTypeLib
SafeArrayUnaccessData
VariantClear
SafeArrayCreateVector
VariantInit
SHBrowseForFolderA
SHGetFolderPathA
EmptyClipboard
GetParent
GetCursorInfo
BeginPaint
PostQuitMessage
DefWindowProcA
GetIconInfo
LoadBitmapA
SetWindowPos
MessageBoxW
DispatchMessageA
UpdateWindow
PostMessageA
DdePostAdvise
GetClipboardData
TranslateMessage
GetWindow
GetDC
RegisterClassExA
SetWindowTextA
CheckMenuItem
GetMenu
GetWindowLongA
ShowWindow
DdeQueryConvInfo
SetClipboardData
DdeQueryNextServer
SendMessageA
GetClientRect
GetDlgItem
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
GetMessageA
EnumThreadWindows
SetDlgItemInt
CloseClipboard
DestroyWindow
OpenClipboard
CoGetCallContext
Number of PE resources by type
RT_ICON 6
TEXT 3
RT_MANIFEST 1
RT_VERSION 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Resurfacing Series Clojure

Languages
English

InitializedDataSize
236544

ImageVersion
0.0

ProductName
EmptyInference

FileVersionNumber
7.1.7.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
7.1.7.4

FileTypeExtension
exe

OriginalFileName
EmptyInference.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.1.7.4

TimeStamp
2017:02:14 19:28:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
EmptyInference

ProductVersion
7.1.7.4

FileDescription
Resurfacing Series Clojure

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) IGC

MachineType
Intel 386 or later, and compatibles

CompanyName
IGC

CodeSize
70656

FileSubtype
0

ProductVersionNumber
7.1.7.4

EntryPoint
0x5da1

ObjectFileType
Executable application

File identification
MD5 47208b6065b4d608f8a08dd05aaf4384
SHA1 6d35e2c8aa388c87d1cac9c58c431c637df741b2
SHA256 43e30e3a58772743ad3fa4ae75de1a06204219eb80fbfc53fdb884d830942d44
ssdeep
6144:uBeeXVoqXSdZ43Eh+IpaOodhMxARtz9fhlCjp:jeXVo/4wL3odixo5lU

authentihash a4aeb393d64da0cfa855266a7891ec0e23ae7682958e072471ffdb3996f00d88
imphash 34a0cc686eacabffcd6db48a864a65f8
File size 301.0 KB ( 308224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-15 01:45:28 UTC ( 1 year, 11 months ago )
Last submission 2017-02-15 01:45:28 UTC ( 1 year, 11 months ago )
File names EmptyInference.exe
z3qpfzic.exe
z3qpfzic.exe
EmptyInference
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications