× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54f10ca3aeb4b0813bc616ade0d2d56d078ff2bec027adda1ceb20ccad59c771
File name: gyas.exe
Detection ratio: 13 / 56
Analysis date: 2016-11-21 23:50:23 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Avira (no cloud) TR/Crypt.Xpack.lqcpo 20161122
CrowdStrike Falcon (ML) malicious_confidence_75% (W) 20161024
DrWeb Trojan.Inject2.33392 20161121
Fortinet W32/Yakes.RQIB!tr 20161121
Ikarus Trojan.Crypt.XPACK 20161121
Sophos ML virtool.win32.injector.ge 20161018
Jiangmin Trojan.Yakes.sym 20161121
Kaspersky Trojan.Win32.Yakes.rqib 20161121
McAfee Artemis!A1FBD71E4216 20161121
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20161121
Microsoft TrojanDownloader:Win32/Terdot.A 20161121
Symantec Trojan.Gen 20161121
Yandex Trojan.Yakes!Vs/9GRZvMP4 20161121
Ad-Aware 20161121
AegisLab 20161121
AhnLab-V3 20161121
Alibaba 20161121
ALYac 20161122
Antiy-AVL 20161122
Arcabit 20161121
Avast 20161122
AVG 20161122
AVware 20161122
Baidu 20161121
BitDefender 20161121
Bkav 20161121
CAT-QuickHeal 20161121
ClamAV 20161122
CMC 20161121
Comodo 20161121
Cyren 20161121
Emsisoft 20161121
ESET-NOD32 20161121
F-Prot 20161121
F-Secure 20161121
GData 20161121
K7AntiVirus 20161121
K7GW 20161121
Kingsoft 20161122
Malwarebytes 20161121
eScan 20161121
NANO-Antivirus 20161121
nProtect 20161121
Panda 20161121
Qihoo-360 20161122
Rising 20161121
Sophos AV 20161121
SUPERAntiSpyware 20161121
Tencent 20161122
TheHacker 20161117
TrendMicro 20161121
TrendMicro-HouseCall 20161121
Trustlook 20161122
VBA32 20161121
VIPRE 20161121
ViRobot 20161121
Zillya 20161121
Zoner 20161121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-15 14:08:21
Entry Point 0x000086B5
Number of sections 5
PE sections
PE imports
CreateToolbarEx
InitCommonControlsEx
CryptDecodeObject
CreatePen
TextOutA
CreateFontIndirectA
GetTextMetricsA
EnumFontsA
Rectangle
GetDeviceCaps
DeleteDC
SetBkMode
GetPixelFormat
EndDoc
StartPage
DeleteObject
BitBlt
CreateDIBSection
SetTextColor
ChoosePixelFormat
GetObjectA
GetCurrentObject
DescribePixelFormat
CreateFontA
SetPixelFormat
CreateCompatibleDC
EndPage
SelectObject
StartDocA
Polyline
GetTextExtentPoint32W
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
FileTimeToSystemTime
lstrlenA
GlobalFree
GetConsoleCP
LoadLibraryA
GetOEMCP
LCMapStringA
MulDiv
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
SetConsoleOutputCP
RtlUnwind
lstrlenW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
SetStdHandle
GetModuleHandleA
RaiseException
WideCharToMultiByte
GetStringTypeA
SetFilePointer
lstrcmpA
GetDiskFreeSpaceW
SetLastError
SetUnhandledExceptionFilter
WriteFile
GetTimeZoneInformation
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
SetConsoleCP
TerminateProcess
DisconnectNamedPipe
QueryPerformanceCounter
WriteConsoleA
GetCurrentProcess
IsValidCodePage
HeapCreate
lstrcpyA
VirtualFree
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
NetShareCheck
NetShareDelSticky
LoadTypeLibEx
glShadeModel
glEnable
glClearColor
wglCreateContext
glDepthFunc
glHint
glClearDepth
RasGetErrorStringA
RasHangUpA
RasDialA
InitSecurityInterfaceA
MapWindowPoints
GetMessageA
GetParent
UpdateWindow
DrawTextExW
LoadMenuA
OffsetRect
DefWindowProcA
KillTimer
PostQuitMessage
DefMDIChildProcA
ShowWindow
DrawFrameControl
SetWindowPos
GetSysColorBrush
GetSystemMetrics
MessageBoxW
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PeekMessageA
TranslateMessage
GetSysColor
GetDC
RegisterClassExA
DrawTextA
BeginPaint
CreatePopupMenu
CheckMenuItem
GetMenu
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
EnableMenuItem
InvalidateRect
GetSubMenu
LoadCursorA
LoadIconA
TrackPopupMenu
SetDlgItemInt
GetSystemMenu
CreateWindowExW
EnableWindow
GetWindowTextA
DestroyWindow
IsDialogMessageA
PtInRect
InternetConnectA
FtpSetCurrentDirectoryA
InternetGetLastResponseInfoA
InternetOpenA
FtpPutFileA
gethostname
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
WSAGetLastError
GdiplusShutdown
GdiplusStartup
CoRegisterClassObject
PdhValidatePathA
PdhUpdateLogFileCatalog
PdhVerifySQLDBA
PdhBrowseCountersA
Number of PE resources by type
PNG 9
AFX_DIALOG_LAYOUT 8
RT_ACCELERATOR 8
RT_ICON 7
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 34
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:11:15 15:08:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
83456

LinkerVersion
9.0

EntryPoint
0x86b5

InitializedDataSize
158720

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a1fbd71e4216312b4e089455b64b49cf
SHA1 b529077326f8299358913644603c9727b5376e88
SHA256 54f10ca3aeb4b0813bc616ade0d2d56d078ff2bec027adda1ceb20ccad59c771
ssdeep
6144:Cf8eGhf+DVTxLYzvwK1OYXLH4NlaFqae:Cf8eGhqDYzYK1OY7sda

authentihash 15c18070235d6ecf9a0e57d272226f5e6f077927750025231c8058d0f489a3ed
imphash 63196cbeeaf758b1b9ef2026fb7a695a
File size 237.5 KB ( 243200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-18 23:20:23 UTC ( 2 years, 3 months ago )
Last submission 2016-11-21 23:50:23 UTC ( 2 years, 3 months ago )
File names gyas.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
UDP communications