× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5378fdfdbbb87695d334c13b0b035d260a5934c071849ee000beec59c3ac7c26
File name: e542a59eda45751412061677.exe
Detection ratio: 4 / 55
Analysis date: 2014-09-30 03:45:18 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Bkav W32.HfsAutoA.E264 20140929
ESET-NOD32 Win32/Filecoder.CO 20140930
Malwarebytes Spyware.Zbot.VXGen 20140930
Qihoo-360 Malware.QVM07.Gen 20140930
Ad-Aware 20140930
AegisLab 20140930
Yandex 20140929
AhnLab-V3 20140929
Antiy-AVL 20140929
Avast 20140930
AVG 20140929
Avira (no cloud) 20140930
AVware 20140930
Baidu-International 20140929
BitDefender 20140930
ByteHero 20140930
CAT-QuickHeal 20140929
ClamAV 20140929
CMC 20140930
Comodo 20140930
Cyren 20140930
DrWeb 20140930
Emsisoft 20140930
F-Prot 20140929
F-Secure 20140930
Fortinet 20140930
GData 20140930
Ikarus 20140930
Jiangmin 20140929
K7AntiVirus 20140929
K7GW 20140929
Kaspersky 20140930
Kingsoft 20140930
McAfee 20140930
McAfee-GW-Edition 20140929
Microsoft 20140930
eScan 20140930
NANO-Antivirus 20140930
Norman 20140929
nProtect 20140929
Panda 20140929
Rising 20140929
Sophos 20140930
SUPERAntiSpyware 20140930
Symantec 20140930
Tencent 20140930
TheHacker 20140929
TotalDefense 20140929
TrendMicro 20140930
TrendMicro-HouseCall 20140930
VBA32 20140929
VIPRE 20140930
ViRobot 20140930
Zillya 20140930
Zoner 20140929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014

Publisher OnNet Co., Ltd.
Product eNpuRULhV TmOcmqgW
Original name JjqnBpro.exe
Internal name kINPbMevX
File version 1, 0, 0, 1
Description hjWhiyusR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-29 21:38:38
Entry Point 0x0000BDCA
Number of sections 4
PE sections
Overlays
MD5 61063b183ee427b1e524af0e32c7f3c6
File type data
Offset 140800
Size 2527
Entropy 7.93
PE imports
ImmRegisterWordA
ImmIsUIMessageW
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmRegisterWordW
GetPrivateProfileSectionNamesA
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
HeapDestroy
ContinueDebugEvent
GetCommandLineW
GetPrivateProfileStructW
GetTapeParameters
Heap32Next
GetSystemDefaultLCID
GetLogicalDrives
CommConfigDialogA
GetLocaleInfoW
GetTempPathA
GetStringTypeA
GetTempPathW
HeapReAlloc
GetThreadPriority
GetFullPathNameA
FormatMessageW
ConnectNamedPipe
GetLogicalDriveStringsA
FreeLibraryAndExitThread
GetTimeZoneInformation
FatalExit
GetLogicalDriveStringsW
AllocConsole
FindNextChangeNotification
EnumDateFormatsA
BeginUpdateResourceA
GetSystemTime
GlobalFindAtomW
GetUserDefaultLangID
GetModuleFileNameW
GetLargestConsoleWindowSize
Beep
GetNumberOfConsoleInputEvents
FlushFileBuffers
GetModuleFileNameA
GetStringTypeExW
EnumSystemLocalesA
GetPrivateProfileStringA
Heap32First
GetProfileSectionW
EnumSystemLocalesW
EnumCalendarInfoW
GetProfileIntA
CreateMutexA
EraseTape
CreateThread
GetSystemDirectoryW
CreateSemaphoreW
ConvertDefaultLocale
CreateMutexW
GetNumberOfConsoleMouseButtons
GetThreadSelectorEntry
FindAtomW
CreateDirectoryExA
GetNumberFormatA
GetConsoleMode
FindAtomA
BackupSeek
GetCurrentThreadId
GetThreadPriorityBoost
EndUpdateResourceW
GetVersionExW
GetExitCodeProcess
CallNamedPipeA
GetCommMask
CreateMailslotA
GlobalUnfix
GlobalSize
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
GetNamedPipeHandleStateA
GetCommProperties
CreateNamedPipeW
GetProcessHeap
GetComputerNameW
EnumResourceNamesW
ExpandEnvironmentStringsW
FindNextFileW
GlobalFix
GlobalUnWire
EnumResourceNamesA
CompareStringA
FreeConsole
GetProcessWorkingSetSize
FindNextFileA
DuplicateHandle
GetBinaryTypeA
GetPrivateProfileSectionW
CreateEventW
GetCurrencyFormatA
CreateEventA
CreateFileA
GetCurrencyFormatW
GetSystemInfo
GlobalFree
GetConsoleCP
GetShortPathNameA
GetQueuedCompletionStatus
GetCPInfoExW
GetEnvironmentStrings
BuildCommDCBAndTimeoutsA
GetCurrentProcessId
GetDiskFreeSpaceExW
GetConsoleTitleW
GetCompressedFileSizeW
ClearCommBreak
GetCPInfoExA
EnumTimeFormatsA
GetConsoleTitleA
GetCommandLineA
EnumSystemCodePagesW
Heap32ListNext
GetModuleHandleA
EnumSystemCodePagesA
EnumResourceTypesW
CreateConsoleScreenBuffer
GetFileAttributesExW
GetSystemTimeAdjustment
GetLongPathNameW
GetCurrentDirectoryW
HeapCreate
FindResourceW
CreateProcessW
GetFileAttributesExA
GlobalHandle
LZDone
LZStart
LZRead
WNetEnumResourceA
WNetUseConnectionA
WNetGetNetworkInformationW
WNetCancelConnectionW
WNetGetUniversalNameA
WNetUseConnectionW
_except_handler3
__p__fmode
_acmdln
_exit
_adjust_fdiv
__p__commode
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
__setusermatherr
_initterm
__set_app_type
GetAcceptExSockaddrs
TransmitFile
Ord(74)
Ord(66)
Ord(24)
Ord(50)
Ord(22)
Ord(15)
Ord(40)
Ord(75)
Ord(49)
Ord(29)
Ord(169)
Ord(59)
Ord(61)
Ord(71)
Ord(34)
Ord(51)
Ord(170)
Ord(36)
Ord(57)
Ord(23)
Ord(44)
Ord(67)
Ord(65)
Ord(41)
Ord(601)
Ord(600)
Ord(505)
Ord(506)
Ord(606)
Ord(612)
Ord(602)
Ord(512)
Ord(605)
Ord(511)
Ord(610)
Ord(509)
SetupDiGetDeviceInfoListClass
GetClientRect
PdhCollectQueryData
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:09:29 22:38:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
6.0

EntryPoint
0xbdca

InitializedDataSize
2011136

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 57be5f290cc2325f9f8c53de9bb6dd1b
SHA1 7fae34c53a67ab1b5265cb7ff4e132c350e0e07b
SHA256 5378fdfdbbb87695d334c13b0b035d260a5934c071849ee000beec59c3ac7c26
ssdeep
3072:mRnhR3JAhzfj6PK/KhWfA4vjOc02XC24WGexX:8RZsucac02t

authentihash 43c34ca66dc5c222a86a247334236d5c90c13fbb4368a841eef3ceca3b8a1450
imphash 114c985bd9fdaf3259340803b8ce1a5c
File size 140.0 KB ( 143327 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-09-30 03:45:18 UTC ( 2 years, 5 months ago )
Last submission 2014-12-01 10:36:13 UTC ( 2 years, 3 months ago )
File names JjqnBpro.exe
00000000 MD5 57be5f290cc2325f9f8c53de9bb6dd1b.lst
WL-16dfeb1f37a44e0efb3bc51e2153ec3e-0
kINPbMevX
5378fdfdbbb87695d334c13b0b035d260a5934c071849ee000beec59c3ac7c26.exe
e542a59eda45751412061677.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs