× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 556bf347d190eb16ef2b5f66b8775a449d94b6af12712503f507b71c4a83de4a
File name: zqsqm6GnfCM.exe
Detection ratio: 18 / 68
Analysis date: 2018-08-03 00:45:10 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180802
AVG FileRepMalware 20180802
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180802
CAT-QuickHeal Trojan.Emotet.X4 20180802
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.8aeb4f 20180225
Cylance Unsafe 20180803
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJMI 20180802
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Generic.dm 20180802
Microsoft Trojan:Win32/Emotet.AC!bit 20180802
Palo Alto Networks (Known Signatures) generic.ml 20180803
Qihoo-360 HEUR/QVM20.1.EC71.Malware.Gen 20180803
Rising Malware.Heuristic!ET#92% (RDM+:cmRtazpBLHHcqAbz6hc+MU7+zH3g) 20180802
SentinelOne (Static ML) static engine - malicious 20180701
Symantec Packed.Generic.517 20180802
VBA32 Malware-Cryptor.Limpopo 20180802
Ad-Aware 20180802
AegisLab 20180802
AhnLab-V3 20180802
Alibaba 20180713
ALYac 20180803
Antiy-AVL 20180803
Arcabit 20180803
Avast-Mobile 20180802
Avira (no cloud) 20180802
AVware 20180727
Babable 20180725
BitDefender 20180802
Bkav 20180802
ClamAV 20180802
CMC 20180802
Comodo 20180803
Cyren 20180803
DrWeb 20180802
eGambit 20180803
Emsisoft 20180803
F-Prot 20180802
F-Secure 20180802
Fortinet 20180802
GData 20180802
Ikarus 20180802
Jiangmin 20180802
K7AntiVirus 20180802
K7GW 20180803
Kaspersky 20180802
Kingsoft 20180803
Malwarebytes 20180802
MAX 20180803
McAfee 20180802
eScan 20180802
NANO-Antivirus 20180802
Panda 20180802
Sophos AV 20180802
SUPERAntiSpyware 20180802
Symantec Mobile Insight 20180801
TACHYON 20180802
Tencent 20180803
TheHacker 20180802
TotalDefense 20180802
TrendMicro 20180802
TrendMicro-HouseCall 20180802
Trustlook 20180803
VIPRE 20180802
ViRobot 20180802
Webroot 20180803
Yandex 20180731
Zillya 20180802
ZoneAlarm by Check Point 20180802
Zoner 20180802
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-03 07:32:41
Entry Point 0x00001BB9
Number of sections 6
PE sections
PE imports
CryptDeriveKey
RegDisablePredefinedCache
GetObjectType
AbortDoc
WidenPath
LPtoDP
SetThreadLocale
FindVolumeClose
_lclose
AllocateUserPhysicalPages
GetThreadIOPendingFlag
ContinueDebugEvent
ChangeTimerQueueTimer
TlsGetValue
FindNextChangeNotification
IsProcessorFeaturePresent
GetCommMask
FindNLSString
GetCommandLineA
GetCurrentThreadId
GetThreadLocale
GetCurrentThread
Ord(29)
GetMenuPosFromID
AnimateWindow
GetSystemMetrics
GetActiveWindow
IsZoomed
SetMenuContextHelpId
ChildWindowFromPoint
DdeQueryConvInfo
GetShellWindow
NotifyWinEvent
Number of PE resources by type
RT_STRING 15
RT_BITMAP 14
Number of PE resources by language
NEUTRAL 27
CHINESE TRADITIONAL 1
SPANISH 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:08:03 09:32:41+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
11776

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1bb9

InitializedDataSize
275968

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 f35c5b1fd1fc0e93810a47dc49cdc49d
SHA1 857013f8aeb4fb99b8ba4e53bc3941512e1e1385
SHA256 556bf347d190eb16ef2b5f66b8775a449d94b6af12712503f507b71c4a83de4a
ssdeep
3072:fr5PHWtMqhoHr+bIDYl/stsCpiocMxRawgIlrX7goVyxrv/wYCx/p42:z5/WhqLm/sqCpYESIlflYCx

authentihash 47db534160c8c7cb5b3803920365b59444cece53d4ed29f6db92c873213d9cdd
imphash ba6278f6e771790127884d726ff53ded
File size 278.0 KB ( 284672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-03 00:45:10 UTC ( 6 months, 3 weeks ago )
Last submission 2018-08-03 00:45:10 UTC ( 6 months, 3 weeks ago )
File names 7658890.exe
55830120.exe
zqsqm6GnfCM.exe
28305488.exe
1573.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!