× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 487fc78d92112d7eedc4dbf5ff286705967e79e34e17d43d58837b29cedcbef5
File name: WinHost32.exe
Detection ratio: 31 / 56
Analysis date: 2016-08-17 11:14:49 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3469620 20160817
AhnLab-V3 Trojan/Win32.Agent.N2080548597 20160817
ALYac Trojan.GenericKD.3469620 20160817
Arcabit Trojan.Generic.D34F134 20160817
Avast Win32:Malware-gen 20160817
AVG Generic_r.MKG 20160817
Baidu Win32.Trojan.WisdomEyes.151026.9950.9977 20160817
BitDefender Trojan.GenericKD.3469620 20160817
Cyren W32/Ransom.OLKY-6503 20160817
DrWeb Trojan.DownLoader22.20671 20160817
Emsisoft Trojan.GenericKD.3469620 (B) 20160817
ESET-NOD32 Win32/Agent.RWB 20160817
F-Secure Trojan.GenericKD.3469620 20160817
Fortinet W32/Malicious_Behavior.VEX 20160817
GData Trojan.GenericKD.3469620 20160817
Ikarus Trojan.Win32.Agent 20160817
K7AntiVirus Riskware ( 0040eff71 ) 20160817
K7GW Riskware ( 0040eff71 ) 20160817
Kaspersky UDS:DangerousObject.Multi.Generic 20160817
Malwarebytes Ransom.CryptoLocker 20160817
McAfee RDN/Generic.bfr 20160817
McAfee-GW-Edition BehavesLike.Win32.Injector.qh 20160816
Microsoft TrojanDownloader:Win32/Zdowbot.A 20160817
eScan Trojan.GenericKD.3469620 20160817
Qihoo-360 Win32/Trojan.Multi.daf 20160817
Rising Malware.XPACK-LNR/Heur!1.5594 20160817
Sophos AV Troj/Agent-ATES 20160816
Symantec W32.Hinired 20160817
Tencent Win32.Trojan.Inject.Auto 20160817
TrendMicro BKDR_HANCITOR.VVQY 20160817
TrendMicro-HouseCall BKDR_HANCITOR.VVQY 20160817
AegisLab 20160817
Alibaba 20160817
Antiy-AVL 20160817
Avira (no cloud) 20160817
AVware 20160817
Bkav 20160816
CAT-QuickHeal 20160817
ClamAV 20160817
CMC 20160816
Comodo 20160817
F-Prot 20160817
Jiangmin 20160817
Kingsoft 20160817
NANO-Antivirus 20160817
nProtect 20160817
Panda 20160816
SUPERAntiSpyware 20160817
TheHacker 20160816
TotalDefense 20160817
VBA32 20160817
VIPRE 20160817
ViRobot 20160817
Yandex 20160816
Zillya 20160816
Zoner 20160817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1990 - 2013

Product ngqlgdA
Original name MpklYuere.exe
File version 15,6,6,22
Description МmaeZo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-15 11:39:31
Entry Point 0x00005FE0
Number of sections 5
PE sections
PE imports
RegOpenKeyA
RegCloseKey
OpenServiceA
RegSetValueExW
RegOpenKeyExA
RegCreateKeyA
OpenSCManagerA
IsTextUnicode
RegQueryValueExW
PrintDlgExW
FindTextA
GetOpenFileNameW
GetFileTitleW
ChooseColorA
PageSetupDlgW
GetSaveFileNameA
GetObjectA
GetDeviceCaps
SetMapMode
TextOutW
GetTextExtentPointA
GetTextExtentPoint32A
CreateFontA
TextOutA
EndDoc
GetTextMetricsA
EndPage
StartPage
LPtoDP
GetObjectW
GetTextFaceW
CreateCompatibleDC
GetTextExtentPoint32W
StretchBlt
DeleteObject
GetStdHandle
GetConsoleOutputCP
GetDriveTypeA
HeapDestroy
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetFileInformationByHandle
lstrcatW
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetStringTypeW
FreeLibrary
LocalFree
ResumeThread
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
SetLastError
GetSystemTime
DeviceIoControl
LocalLock
WriteProcessMemory
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
QueueUserAPC
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
MultiByteToWideChar
FatalAppExitA
CreateMutexA
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SearchPathA
SetEndOfFile
GetProcAddress
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
SetEvent
QueryPerformanceCounter
DisableThreadLibraryCalls
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetDateFormatA
SystemTimeToFileTime
GetDateFormatW
DeleteFileW
GetUserDefaultLCID
GetProfileStringW
FreeEnvironmentStringsW
lstrcpyA
CompareStringA
GetComputerNameA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
LocalSize
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LocalUnlock
GetLastError
DosDateTimeToFileTime
VirtualAllocEx
GlobalFree
LCMapStringA
LockResource
HeapSize
RaiseException
MapViewOfFile
GetModuleHandleA
lstrcpynA
GetModuleHandleW
FindResourceA
CreateProcessA
UnmapViewOfFile
Sleep
OpenEventA
VirtualAlloc
ResetEvent
DragQueryFileW
ShellAboutW
DragFinish
Shell_NotifyIconA
RegisterWindowMessageW
SetWindowPlacement
GetForegroundWindow
EmptyClipboard
DrawTextExW
SetCapture
EndDialog
BeginPaint
HideCaret
OffsetRect
DefWindowProcW
ReleaseCapture
SetWinEventHook
GetMessageW
ScreenToClient
ShowWindow
DrawFocusRect
LoadMenuW
PeekMessageW
GetWindowThreadProcessId
GetSysColorBrush
SendMessageW
LoadImageW
GetWindowRect
DispatchMessageA
RegisterClassExW
SetMenu
SetDlgItemTextA
PostMessageA
CharUpperW
LoadBitmapA
CallWindowProcA
PeekMessageA
SetWindowLongA
SendDlgItemMessageW
PostQuitMessage
GetDlgItemTextW
PostMessageW
TrackPopupMenuEx
SetDlgItemTextW
CloseClipboard
GetMenuItemCount
DrawTextA
GetMenu
LoadStringA
FindWindowA
SetClipboardData
GetDesktopWindow
SetActiveWindow
WinHelpW
GetWindowPlacement
SendMessageA
DialogBoxParamA
GetClientRect
IsZoomed
SystemParametersInfoW
MoveWindow
IsIconic
RegisterClassA
InvalidateRect
GetSubMenu
LoadCursorA
LoadIconA
CheckRadioButton
ClientToScreen
TranslateAcceleratorA
IsDlgButtonChecked
SetWindowTextW
GetWindowTextW
GetDialogBaseUnits
GetMenuState
LoadCursorW
LoadIconW
GetFocus
MsgWaitForMultipleObjects
EnableWindow
SetForegroundWindow
CharNextW
CallWindowProcW
TranslateAcceleratorW
GetPrinterDriverW
OpenPrinterW
Number of PE resources by type
RT_STRING 21
RT_ACCELERATOR 3
RT_DIALOG 1
RT_RCDATA 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 28
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.6.6.22

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
maeZo

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Hebrew

InitializedDataSize
35840

EntryPoint
0x5fe0

OriginalFileName
MpklYuere.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1990 - 2013

FileVersion
15,6,6,22

TimeStamp
2016:08:15 13:39:31+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
15,6,6,22

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SynapticosSoft, Corporation.

CodeSize
24064

ProductName
ngqlgdA

ProductVersionNumber
15.6.6.22

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5c0d870c2d427806691fc773a2b5942c
SHA1 9454883c8fb78f84dc4389bdfcf330adafe98d95
SHA256 487fc78d92112d7eedc4dbf5ff286705967e79e34e17d43d58837b29cedcbef5
ssdeep
768:ovL5VSZTDKUeMTI4zOB6WfZVRVfcP2bmUi57O3SXirtNRAcbDl4T+w6BlS:onMnKULTLzWfvR+P2bTi57Kptjl45

authentihash f7b53310f8d4ca5c88bb913cbd7d0534877725b8ff363684310a439e71ea0e68
imphash 2d3d2707d004d5ece054385252f13d38
File size 59.0 KB ( 60416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (50.8%)
Windows screen saver (21.3%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-15 15:15:54 UTC ( 2 years, 8 months ago )
Last submission 2018-05-14 23:56:35 UTC ( 11 months, 1 week ago )
File names WinHost32.exe
MpklYuere.exe
5c0d870c2d427806691fc773a2b5942c
hancitor.exe
gg474.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications