× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5df60afbebc3737b766a7c9569b9249986c09a162041905faf23b862ebb1dfdf
File name: kyuwr.exe
Detection ratio: 20 / 56
Analysis date: 2016-10-13 07:34:49 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AegisLab Heur.Advml.Gen!c 20161013
AhnLab-V3 Trojan/Win32.ZBot.N2128119581 20161012
Avast Win32:Malware-gen 20161013
AVG Generic38.QYT 20161013
Avira (no cloud) TR/Crypt.ZPACK.byfwe 20161012
Baidu Win32.Trojan.Elenoocka.a 20161012
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
ESET-NOD32 Win32/Spy.Zbot.YW 20161013
Ikarus Trojan-Spy.Agent 20161012
Sophos ML trojanspy.win32.ursnif.hn 20160928
K7GW Spyware ( 00009b291 ) 20161013
Malwarebytes Trojan.Crypt 20161013
McAfee RDN/Generic PWS.y 20161013
McAfee-GW-Edition BehavesLike.Win32.Ransom.dc 20161013
Qihoo-360 Win32/Sorter.AVE.Etap.A 20161013
Rising Malware.XPACK-HIE/Heur!1.9C48 (classic) 20161013
Sophos AV Mal/Generic-S 20161013
Symantec Trojan Horse 20161013
TrendMicro TROJ_FORUCON.BMC 20161013
TrendMicro-HouseCall TROJ_FORUCON.BMC 20161013
Ad-Aware 20161013
Alibaba 20161013
ALYac 20161013
Antiy-AVL 20161013
Arcabit 20161013
AVware 20161013
BitDefender 20161013
Bkav 20161012
CAT-QuickHeal 20161013
ClamAV 20161013
CMC 20161013
Comodo 20161013
Cyren 20161013
DrWeb 20161013
Emsisoft 20161013
F-Prot 20161013
F-Secure 20161012
Fortinet 20161013
GData 20161013
Jiangmin 20161013
K7AntiVirus 20161013
Kaspersky 20161013
Kingsoft 20161013
Microsoft 20161013
eScan 20161013
NANO-Antivirus 20161013
nProtect 20161013
Panda 20161012
SUPERAntiSpyware 20161013
Tencent 20161013
TheHacker 20161011
VBA32 20161012
VIPRE 20161013
ViRobot 20161013
Yandex 20161011
Zillya 20161012
Zoner 20161013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-12 00:56:45
Entry Point 0x00004D24
Number of sections 3
PE sections
PE imports
GlobalDeleteAtom
WaitForSingleObject
FreeLibrary
GetTickCount
GetModuleFileNameA
LoadLibraryA
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
GetCurrentProcessId
CreateIoCompletionPort
GetConsoleTitleW
GetProcAddress
OpenMutexA
CreateMutexA
GetTempPathA
ReleaseSemaphore
InterlockedExchange
FindResourceExW
CompareStringA
lstrcpynA
FindNextFileA
SetLocalTime
SetPriorityClass
OpenSemaphoreA
GetStringTypeExW
InterlockedDecrement
IsBadStringPtrA
GetCurrentThreadId
lstrcmpW
GetTimeFormatA
TraceSQLCancel
TraceSQLFetch
TraceSQLError
TraceSQLBindCol
SHQueryRecycleBinW
SHBrowseForFolderA
FindExecutableA
StrCmpNW
ShellMessageBoxA
ExtractIconW
StrChrW
StrChrIW
SHGetSettings
DllCanUnloadNow
SHInvokePrinterCommandA
SHPathPrepareForWriteA
ShellAboutW
SHParseDisplayName
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:05:12 01:56:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221696

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
8704

SubsystemVersion
4.0

EntryPoint
0x4d24

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 76b609dac79e76fe7b5a78af35c5a2d6
SHA1 86c5d2d56950e9f3788730547dcae0b4ffc4989c
SHA256 5df60afbebc3737b766a7c9569b9249986c09a162041905faf23b862ebb1dfdf
ssdeep
6144:73FkDyJuH5SrMuKMFAdwzNQB26t38nI1:GDheBTQw

authentihash f3c3c00c641bebc269c6135540403670a8f63e88b0026a95e012dcb0a491aced
imphash d4c7ef40af53cef01ca8c5d46f8aa999
File size 226.0 KB ( 231424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-11 14:54:10 UTC ( 2 years, 5 months ago )
Last submission 2017-02-16 11:52:06 UTC ( 2 years, 1 month ago )
File names kyuwr.exe
76b609dac79e76fe7b5a78af35c5a2d6
5df60afbebc3737b766a7c9569b9249986c09a162041905faf23b862ebb1dfdf
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications