× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 656abede5b5b7183c8fee89a8a37d7e77255b5d481a56bddd96265c36e8e0437
File name: 4e1daa08a03d245c354678e516da5802.virus
Detection ratio: 41 / 68
Analysis date: 2018-01-06 04:31:51 UTC ( 1 year, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.227599 20180106
AhnLab-V3 Malware/Win32.Generic.C2300255 20180105
ALYac Gen:Variant.Razy.227599 20180106
Arcabit Trojan.Razy.D3790F 20180106
Avast Win32:Malware-gen 20180106
AVG Win32:Malware-gen 20180106
Avira (no cloud) TR/Crypt.ZPACK.lcluu 20180106
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180105
BitDefender Gen:Variant.Razy.227599 20180106
Bkav HW32.Packed.8205 20180106
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20180106
eGambit Unsafe.AI_Score_99% 20180106
Emsisoft Gen:Variant.Razy.227599 (B) 20180106
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GANS 20180106
F-Secure Gen:Variant.Razy.227599 20180106
Fortinet W32/Kryptik.FYQZ!tr 20180106
GData Gen:Variant.Razy.227599 20180106
Ikarus Win32.Outbreak 20180105
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0051f75f1 ) 20180105
K7GW Trojan ( 0051f75f1 ) 20180105
Kaspersky HEUR:Trojan.Win32.Generic 20180106
MAX malware (ai score=80) 20180106
McAfee W32/PinkSbot-EX!4E1DAA08A03D 20180102
McAfee-GW-Edition BehavesLike.Win32.Virut.gc 20180106
eScan Gen:Variant.Razy.227599 20180106
NANO-Antivirus Trojan.Win32.Kryptik.ewrhpm 20180106
Panda Trj/CI.A 20180105
Qihoo-360 HEUR/QVM20.1.554A.Malware.Gen 20180106
Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) 20180106
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/EncPk-ANR 20180105
Symantec W32.Qakbot!gen18 20180106
Tencent Suspicious.Heuristic.Gen.b.0 20180106
TrendMicro TROJ_GEN.R039C0OA418 20180106
TrendMicro-HouseCall TROJ_GEN.R039C0OA418 20180106
VBA32 Backdoor.QBot 20180105
VIPRE Trojan.Win32.Generic!BT 20180106
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180106
AegisLab 20180105
Alibaba 20180105
Antiy-AVL 20180106
Avast-Mobile 20180105
AVware 20180103
CAT-QuickHeal 20180105
ClamAV 20180105
CMC 20180105
Comodo 20180106
Cybereason 20171103
Cyren 20180106
DrWeb 20180106
F-Prot 20180106
Jiangmin 20180106
Kingsoft 20180106
Malwarebytes 20180106
Microsoft 20180105
nProtect 20180106
Palo Alto Networks (Known Signatures) 20180106
SUPERAntiSpyware 20180106
TheHacker 20180103
TotalDefense 20180105
Trustlook 20180106
ViRobot 20180106
Webroot 20180106
WhiteArmor 20171226
Yandex 20171229
Zillya 20180105
Zoner 20180106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name sqmapi.dll
Internal name sqmapi
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description SQM Client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-13 22:35:20
Entry Point 0x00001B40
Number of sections 12
PE sections
PE imports
IsValidSecurityDescriptor
GetOEMCP
GetCommandLineA
IsDBCSLeadByte
GetConsoleDisplayMode
IsProcessorFeaturePresent
SHGetFileInfoA
ExtractAssociatedIconExW
PathFindFileNameW
GetTitleBarInfo
CreateDialogIndirectParamW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
SQM Client

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
sqmapi.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2017:12:13 23:35:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sqmapi

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
20480

FileSubtype
0

ProductVersionNumber
6.1.7601.17514

EntryPoint
0x1b40

ObjectFileType
Dynamic link library

File identification
MD5 4e1daa08a03d245c354678e516da5802
SHA1 3ce5ce7aca7f9d41ae38a2311c844753809babde
SHA256 656abede5b5b7183c8fee89a8a37d7e77255b5d481a56bddd96265c36e8e0437
ssdeep
12288:t97lDQAMIJhTdqRCi9UwydeyWwi80VyHr+Oov2QAcfLu2s:tR5QAMIJhTdOCNwydlMLer+f2xcfyB

authentihash 3432dad739fae90ca5beef0b39867d253d83e423c55bdd64b1f68c282d26e500
imphash c0172389a8b4c07aa68f1fa9c318a097
File size 456.0 KB ( 466944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-01-06 04:31:51 UTC ( 1 year, 2 months ago )
Last submission 2018-01-06 04:31:51 UTC ( 1 year, 2 months ago )
File names sqmapi
4e1daa08a03d245c354678e516da5802.virus
sqmapi.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!