× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 572606aa9bbc705457e1d35d4823b1c25b8b561a01dd2018dc7f94577b86c13f
File name: qppwkce.exe
Detection ratio: 3 / 55
Analysis date: 2015-06-24 13:41:08 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.A865 20150623
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150623
Tencent Win32.Trojan.Inject.Auto 20150624
Ad-Aware 20150623
AegisLab 20150623
Yandex 20150623
AhnLab-V3 20150624
Alibaba 20150624
ALYac 20150623
Antiy-AVL 20150624
Arcabit 20150623
Avast 20150623
AVG 20150623
Avira (no cloud) 20150624
AVware 20150623
Baidu-International 20150624
BitDefender 20150623
ByteHero 20150624
CAT-QuickHeal 20150623
ClamAV 20150623
Comodo 20150623
Cyren 20150623
DrWeb 20150623
Emsisoft 20150623
ESET-NOD32 20150623
F-Prot 20150622
F-Secure 20150623
Fortinet 20150624
GData 20150623
Ikarus 20150623
Jiangmin 20150620
K7AntiVirus 20150624
K7GW 20150623
Kaspersky 20150623
Kingsoft 20150624
Malwarebytes 20150624
McAfee 20150623
McAfee-GW-Edition 20150623
Microsoft 20150623
eScan 20150623
NANO-Antivirus 20150623
nProtect 20150623
Panda 20150623
Qihoo-360 20150624
Sophos AV 20150623
SUPERAntiSpyware 20150623
Symantec 20150623
TheHacker 20150622
TrendMicro 20150623
TrendMicro-HouseCall 20150623
VBA32 20150622
VIPRE 20150623
ViRobot 20150623
Zillya 20150624
Zoner 20150624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Linear mathematical analysis©. All rights reserved.

Product Linear mathematical analysis
File version 2.14
Description Mathematical Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-18 10:05:43
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
RegDeleteValueA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
ImageList_GetImageCount
LBItemFromPt
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
InitCommonControls
ImageList_Create
ImageList_GetIcon
ImageList_LoadImageA
CreateMappedBitmap
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ChooseFontA
CreatePen
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetPixel
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
SetPixel
BitBlt
SetTextColor
CreatePatternBrush
GetObjectA
MoveToEx
GetStockObject
ExtTextOutA
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
GetTextExtentPoint32A
GetTextColor
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetSystemTime
GetLastError
HeapFree
SystemTimeToFileTime
FileTimeToSystemTime
lstrlenA
GlobalFree
FreeLibrary
HeapDestroy
ExitProcess
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetDateFormatA
RtlZeroMemory
GetFileSize
lstrcatA
GetCurrentDirectoryA
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetProcessHeap
GlobalReAlloc
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
EnumResourceNamesA
CloseHandle
GetProcAddress
HeapCreate
lstrcpyA
GlobalAlloc
RtlMoveMemory
CreateFileA
HeapAlloc
SetCurrentDirectoryA
GetTimeFormatA
DoDragDrop
RevokeDragDrop
RegisterDragDrop
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
DragQueryFileA
CreateDesktopA
OpenInputDesktop
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
CodeSize
471040

SubsystemVersion
4.0

InitializedDataSize
6144

ImageVersion
0.0

ProductName
Linear mathematical analysis

FileVersionNumber
2.14.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
1.72

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.14

TimeStamp
2015:06:18 11:05:43+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

FileDescription
Mathematical Software

OSVersion
4.0

FileOS
Win32

LegalCopyright
Linear mathematical analysis . All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Enigma GmbH

LegalTrademarks
Linear mathematical analysis . 2010

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1000

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 e91e0424ac23193461c57ac1046e7dc1
SHA1 99f205b062a4a1287fd7e1268d225b903b54510a
SHA256 572606aa9bbc705457e1d35d4823b1c25b8b561a01dd2018dc7f94577b86c13f
ssdeep
6144:AtYfRA/DUae6EYE5EyUWKPLUSxfaarWnNen/frKmtIvtxuyH2v9P0v3iNRZoGlWG:AdDUaerm4G/xhGs+xums9PeynZoIRSq

authentihash c18e31b16c25fde874f7c155e57042ff99c78aa8222d22f3ae31e0e1d725dcc9
imphash 6376462af8d16d6583666139bd6452ae
File size 467.0 KB ( 478208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (53.8%)
Windows screen saver (25.5%)
Win32 Executable (generic) (8.7%)
Win16/32 Executable Delphi generic (4.0%)
Generic Win/DOS Executable (3.9%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-24 12:59:08 UTC ( 2 years, 5 months ago )
Last submission 2015-07-09 05:41:17 UTC ( 2 years, 4 months ago )
File names q4LO8qOjj.jar
jbqchlc.exe.2540.dr
qppwkce.exe
qtfjphm.exe
ynfqznb.exe.3068.dr
lGUjQwLIppUkIak.exe
malware (4).exe
hukzxjx.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs