× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4eff3c0a2d1042dfac8b3814f433370af19270b05bc609ea854bde104f4d352d
File name: vt-upload-_QJAj
Detection ratio: 38 / 49
Analysis date: 2014-02-11 16:00:47 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.74816 20140211
AhnLab-V3 Trojan/Win32.Badur 20140211
AntiVir TR/Crypt.XPACK.Gen2 20140211
Avast Win32:PUP-gen [PUP] 20140211
AVG Crypt2.BYJW 20140211
BitDefender Gen:Variant.Zusy.74816 20140211
Commtouch W32/LoadMoney.M2.gen!Eldorado 20140211
Comodo TrojWare.Win32.Kryptik.BAJ 20140211
DrWeb Trojan.LoadMoney.227 20140211
Emsisoft Gen:Variant.Zusy.74816 (B) 20140211
ESET-NOD32 Win32/LoadMoney.AA 20140211
F-Prot W32/LoadMoney.M2.gen!Eldorado 20140211
F-Secure Gen:Variant.Zusy.74816 20140211
Fortinet Riskware/LMN 20140211
GData Gen:Variant.Zusy.74816 20140211
Ikarus Trojan.Crypt2 20140211
Jiangmin Trojan/Badur.bou 20140211
K7AntiVirus Trojan ( 0040f6d61 ) 20140211
K7GW Trojan ( 0040f6d61 ) 20140211
Kaspersky not-a-virus:Downloader.Win32.LMN.gjyy 20140211
Kingsoft Win32.Troj.DownLMN.gj.(kcloud) 20140211
Malwarebytes PUP.Optional.LoadMoney 20140211
McAfee PUP-FFD!6F67A907CB8A 20140211
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20140211
eScan Gen:Variant.Zusy.74816 20140211
NANO-Antivirus Trojan.Win32.StartPage.cqkybg 20140211
Norman Kryptik.CCYN 20140211
nProtect Trojan/W32.Badur.143872 20140211
Panda Trj/Genetic.gen 20140211
Qihoo-360 Malware.QVM20.Gen 20140211
Rising PE:Trojan.Hype!6.F3E 20140211
Sophos AV Troj/LdMon-D 20140211
Symantec Suspicious.Cloud.5 20140211
TrendMicro TROJ_GEN.R0CBC0PBB14 20140211
TrendMicro-HouseCall TROJ_GEN.R0CBC0PBB14 20140211
VBA32 Malware-Cryptor.Limpopo 20140211
VIPRE Trojan.Win32.LoadMoney.aa (v) 20140211
ViRobot Trojan.Win32.Generic.152064.B 20140211
Yandex 20140211
Baidu-International 20140211
Bkav 20140211
ByteHero 20140211
CAT-QuickHeal 20140211
ClamAV 20140211
CMC 20140211
Microsoft 20140211
SUPERAntiSpyware 20140211
TheHacker 20140208
TotalDefense 20140211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001018
Number of sections 6
PE sections
PE imports
BuildCommDCBA
LocalSize
GetCurrencyFormatA
GetVersionExW
IsBadReadPtr
SetLocaleInfoW
GetEnvironmentVariableW
SetThreadExecutionState
WritePrivateProfileStringW
CoInitializeWOW
WTSTerminateProcess
WTSCloseServer
WTSQueryUserConfigA
VerLanguageNameA
GetPrivateProfileSectionNamesA
EnumUILanguagesA
GetDriveTypeW
GlobalDeleteAtom
GetLargestConsoleWindowSize
QueryPerformanceCounter
LZInit
CreateMailslotA
LoadLibraryA
LockFile
GetVolumeInformationA
VirtualQueryEx
WriteFile
GetThreadTimes
QueryDosDeviceA
FormatMessageW
InitializeCriticalSection
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
GetVersion
SleepEx
UtConvertDvtd32toDvtd16
CreateObjrefMoniker
OleDestroyMenuDescriptor
GetDesktopWindow
WTSRegisterSessionNotification
WTSEnumerateSessionsA
WTSVirtualChannelClose
WTSQueryUserConfigA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
96768

LinkerVersion
2.25

FileAccessDate
2014:02:11 17:16:54+01:00

EntryPoint
0x1018

InitializedDataSize
23552

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:11 17:16:54+01:00

UninitializedDataSize
0

File identification
MD5 6f67a907cb8a651f4b08ba5d1d8614a3
SHA1 2522a297e91df6e587c0fd44a7940949230e153f
SHA256 4eff3c0a2d1042dfac8b3814f433370af19270b05bc609ea854bde104f4d352d
ssdeep
3072:FXsHfMTCdxC7oc+h8DQMbPcUVlffIL7+4NaskiidoUD:TCbKE8JQUV63adoUD

imphash fd10470bb48169d5a8260112e50f7b91
File size 140.5 KB ( 143872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-11 16:00:47 UTC ( 4 years, 3 months ago )
Last submission 2014-02-11 16:00:47 UTC ( 4 years, 3 months ago )
File names vt-upload-_QJAj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications