× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 593f0c763c8e98b2c5a121bd3deaf8fbf4b926abf6fa6df631231bbef7e973bd
File name: yppbubyh.exe
Detection ratio: 41 / 57
Analysis date: 2016-03-23 15:12:24 UTC ( 2 years, 12 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3101918 20160323
AegisLab Backdoor.W32.Androm!c 20160323
AhnLab-V3 Trojan/Win32.Ransom 20160323
ALYac Trojan.GenericKD.3101918 20160323
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160323
Arcabit Trojan.Generic.D2F54DE 20160323
Avast Win32:Malware-gen 20160323
AVG Generic37.ARCA 20160323
Avira (no cloud) TR/Crypt.Xpack.432724 20160323
AVware Trojan.Win32.Generic!BT 20160323
BitDefender Trojan.GenericKD.3101918 20160323
CAT-QuickHeal Backdoor.Androm.r4 20160323
Cyren W32/Trojan.DFMW-7794 20160323
DrWeb Trojan.SkypeSpam.10673 20160323
Emsisoft Trojan.GenericKD.3101918 (B) 20160323
ESET-NOD32 Win32/Filecoder.DI 20160323
F-Secure Trojan.GenericKD.3101918 20160323
Fortinet W32/Kryptik.EQMA!tr 20160323
GData Trojan.GenericKD.3101918 20160323
Ikarus Trojan.Win32.Filecoder 20160323
Jiangmin Backdoor.Androm.fei 20160323
K7AntiVirus Trojan ( 004b8b881 ) 20160323
K7GW Trojan ( 004b8b881 ) 20160323
Kaspersky Backdoor.Win32.Androm.jgro 20160323
Malwarebytes Ransom.TorrentLocker 20160323
McAfee RDN/Generic BackDoor 20160323
McAfee-GW-Edition RDN/Generic BackDoor 20160323
Microsoft Ransom:Win32/Teerac 20160323
eScan Trojan.GenericKD.3101918 20160323
nProtect Trojan.GenericKD.3101918 20160323
Panda Trj/GdSda.A 20160322
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160323
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160323
Sophos AV Mal/Tinba-AA 20160323
Symantec Trojan.Cryptolocker.H 20160323
Tencent Win32.Backdoor.Androm.Agun 20160323
TrendMicro Ransom_CRILOCK.NEL 20160323
TrendMicro-HouseCall Ransom_CRILOCK.NEL 20160323
VIPRE Trojan.Win32.Generic!BT 20160323
ViRobot Trojan.Win32.Z.Filecoder.892928[h] 20160323
Zillya Trojan.Filecoder.Win32.2123 20160323
Yandex 20160316
Alibaba 20160323
Baidu 20160323
Baidu-International 20160323
Bkav 20160323
ByteHero 20160323
ClamAV 20160319
CMC 20160322
Comodo 20160323
F-Prot 20160323
NANO-Antivirus 20160323
SUPERAntiSpyware 20160323
TheHacker 20160321
TotalDefense 20160323
VBA32 20160323
Zoner 20160323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-09-15 20:40:52
Entry Point 0x00043D96
Number of sections 4
PE sections
PE imports
SetMapMode
GetWindowOrgEx
ResizePalette
SetTextAlign
GetTextMetricsA
SetPixel
EndDoc
IntersectClipRect
CreateEllipticRgn
ExtCreateRegion
SetPixelFormat
GetEnhMetaFileBits
StretchBlt
GetTextFaceA
SwapBuffers
ScaleViewportExtEx
Pie
SetWindowExtEx
GetKerningPairsA
ExtCreatePen
SetBkColor
SetWinMetaFileBits
GetBkColor
SetRectRgn
MoveToEx
GetTextCharsetInfo
GetDIBColorTable
DeleteEnhMetaFile
CreateFontIndirectW
OffsetRgn
EnumFontsW
TextOutA
CreateFontIndirectA
EndPath
GetBitmapBits
GetBrushOrgEx
OffsetViewportOrgEx
SetBkMode
OffsetClipRgn
EnumFontFamiliesA
GetDeviceCaps
FillRgn
SetAbortProc
SelectPalette
GetFontData
PtVisible
ExtSelectClipRgn
ScaleWindowExtEx
CloseEnhMetaFile
SetROP2
EndPage
GetNearestPaletteIndex
SetDIBColorTable
StrokePath
SetViewportExtEx
PatBlt
GetClipBox
Rectangle
GetObjectA
CreateDCA
DeleteDC
GetMapMode
GetSystemPaletteEntries
StartPage
CreateDCW
GetCharWidthA
CreateBitmap
GetStockObject
PlayEnhMetaFile
ExtTextOutA
GdiFlush
SelectClipRgn
GetTextAlign
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileHeader
GetClipRgn
SetTextCharacterExtra
GetTextExtentPoint32W
CreateICA
Polygon
GetGlyphOutlineW
GetRgnBox
SaveDC
GetGlyphOutlineA
RestoreDC
GetPixel
FillPath
CreateDIBSection
SetTextColor
ExtFloodFill
CreateFontA
EnumFontFamiliesExW
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
PolyBezierTo
CreateFontW
SetStretchBltMode
DeleteObject
StartDocA
SetPolyFillMode
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
StartDocW
Ellipse
_strrev
__p__fmode
_i64tow
fmod
_mbsrev
__p__commode
fclose
__dllonexit
_onexit
wcslen
_inpw
_strerror
modf
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type
Number of PE resources by type
RT_ICON 13
RT_GROUP_ICON 8
RT_DIALOG 3
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 13
ARABIC EGYPT 12
PE resources
ExifTool file metadata
SpecialBuild
0.76.137.183

LegalTrademarks
Metabolisms

SubsystemVersion
4.0

Comments
Karma

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.28.52.138

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Misdirections Notified Idealisation

CharacterSet
Unicode

InitializedDataSize
3391488

EntryPoint
0x43d96

OriginalFileName
Perioperativel.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2011

FileVersion
0.119.127.70

TimeStamp
2006:09:15 21:40:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Immigrants

ProductVersion
0.248.236.117

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bill2 Software

CodeSize
278528

ProductName
Infraction Nominations

ProductVersionNumber
0.41.145.154

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e40d02595d6adbebf8f73338c33d35a3
SHA1 509b3e84200d7997b93eb5af95b1b8ba2c8f9a63
SHA256 593f0c763c8e98b2c5a121bd3deaf8fbf4b926abf6fa6df631231bbef7e973bd
ssdeep
24576:iCTqJJJJZPB12zcH3Ib60TqQEs4mFibba9bil5wqmXtyJkW:ivJj2zrd+TrHqby5wqmmkW

authentihash 4fa9f7187a19768a46a3be2b304b421ecca941a3ca3ad00b7dd2cf91c7703b3c
imphash ab45e2963bb3ae88a3d41e5cff81a480
File size 872.0 KB ( 892928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (49.4%)
Windows screen saver (23.4%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Generic Win/DOS Executable (3.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-15 08:22:09 UTC ( 3 years ago )
Last submission 2016-03-15 09:32:31 UTC ( 3 years ago )
File names yppbubyh.exe
POSTNORD_info_23982.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!