× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 684e711d255b71846da71b4fbacad63573598b2cf8880cbe7d78d896759c86d0
File name: 7e7d1938e430c88a06597216c11a8ac6
Detection ratio: 60 / 67
Analysis date: 2017-12-06 18:00:30 UTC ( 10 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Oficla.11 20171206
AegisLab Troj.Dropper.W32.Drooptroop.gyj!c 20171206
AhnLab-V3 Trojan/Win32.Qbot.R18664 20171206
ALYac Gen:Variant.Oficla.11 20171206
Antiy-AVL Trojan[PSW]/Win32.Qbot 20171206
Arcabit Trojan.Oficla.11 20171206
Avast Win32:Bamital-AG [Drp] 20171206
AVG Win32:Bamital-AG [Drp] 20171206
Avira (no cloud) WORM/Oficla.a 20171206
AVware Backdoor.Win32.Qakbot.cd (v) 20171206
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9926 20171206
BitDefender Gen:Variant.Oficla.11 20171206
Bkav W32.Bamitall.Trojan 20171206
CAT-QuickHeal Trojan.DroopTroop.A 20171206
CMC Trojan-PWS.Win32.Qbot.1!O 20171206
Comodo TrojWare.Win32.Bamital.EO 20171206
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171206
Cyren W32/Oficla.Q.gen!Eldorado 20171206
DrWeb Trojan.Packed.21143 20171206
Emsisoft Gen:Variant.Oficla.11 (B) 20171206
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Bamital.DZ 20171206
F-Prot W32/Oficla.Q.gen!Eldorado 20171206
F-Secure Gen:Variant.Oficla.11 20171206
Fortinet W32/Krypt.D!tr.dldr 20171206
GData Gen:Variant.Oficla.11 20171206
Ikarus Trojan-Dropper.Win32.Bamital 20171206
Sophos ML heuristic 20170914
Jiangmin TrojanDropper.Drooptroop.aya 20171206
K7AntiVirus Password-Stealer ( 001d0dcc1 ) 20171205
K7GW Password-Stealer ( 001d0dcc1 ) 20171206
Kaspersky Trojan-PSW.Win32.Qbot.aem 20171206
Malwarebytes Trojan.Downloader 20171206
MAX malware (ai score=81) 20171206
McAfee W32/Pinkslipbot.gen.s 20171206
McAfee-GW-Edition W32/Pinkslipbot.gen.s 20171206
Microsoft TrojanDropper:Win32/Bamital.C 20171206
eScan Gen:Variant.Oficla.11 20171206
NANO-Antivirus Trojan.Win32.Drooptroop.bpqlz 20171206
nProtect Trojan-Dropper/W32.Drooptroop.64512 20171206
Panda Bck/Qbot.AO 20171206
Qihoo-360 HEUR/Malware.QVM20.Gen 20171206
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Oficla-A 20171206
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20171206
Symantec Trojan.Sasfis 20171206
Tencent Win32.Trojan-qqpass.Qqrob.Akpp 20171206
TheHacker Trojan/Kryptik.hop 20171205
TrendMicro TROJ_BAMITAL.AD 20171206
TrendMicro-HouseCall TROJ_BAMITAL.AD 20171206
VBA32 TScope.Malware-Cryptor.SB 20171206
VIPRE Backdoor.Win32.Qakbot.cd (v) 20171206
ViRobot Dropper.Drooptroop.64512 20171206
Webroot W32.Trojan.Trojan-Bamital 20171206
WhiteArmor Malware.HighConfidence 20171204
Yandex Trojan.DR.Drooptroop!73PKybCnLbY 20171205
Zillya Dropper.Drooptroop.Win32.3484 20171206
ZoneAlarm by Check Point Trojan-PSW.Win32.Qbot.aem 20171206
Alibaba 20171206
Avast-Mobile 20171206
ClamAV 20171206
eGambit 20171206
Kingsoft 20171206
Palo Alto Networks (Known Signatures) 20171206
Rising 20171206
Symantec Mobile Insight 20171206
Trustlook 20171206
Zoner 20171206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 63.1.0
Description (C) 29
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-19 18:38:51
Entry Point 0x00001210
Number of sections 5
PE sections
PE imports
GetCommandLineA
LoadIconA
Number of PE resources by type
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
9.3.2.5

UninitializedDataSize
0

LanguageCode
Unknown (FFFF)

FileFlagsMask
0x0000

CharacterSet
ASCII

InitializedDataSize
59392

EntryPoint
0x1210

MIMEType
application/octet-stream

FileVersion
63.1.0

TimeStamp
2010:10:19 19:38:51+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
90.7.87

FileDescription
(C) 29

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
4096

FileSubtype
0

ProductVersionNumber
9.5.6.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 7e7d1938e430c88a06597216c11a8ac6
SHA1 0d99e1a451315d2275bb8d121034c27668a1b22d
SHA256 684e711d255b71846da71b4fbacad63573598b2cf8880cbe7d78d896759c86d0
ssdeep
768:haLBGnIQLdXhpB/sgKVLO+C7I6iNMXlDrX4pwabg8I+fagiTaVVa5KuDssp:haQnFpjKlw+qaM1/X4aUVIRaVVa5lL

authentihash 8bbadd8b5545e18874d3660c39b90886ab7d50c990828ae3a687b36c57caf8b9
imphash b650d69ba2eb49af97c57821cf08461b
File size 63.0 KB ( 64512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2010-10-20 17:49:19 UTC ( 8 years ago )
Last submission 2017-12-06 18:00:30 UTC ( 10 months, 2 weeks ago )
File names aa
7e7d1938e430c88a06597216c11a8ac60d99e1a451315d2275bb8d121034c27668a1b22d64512.exe
smona130683348247699210032
7e7d1938e430c88a06597216c11a8ac6
u1gBQB.mht
7E7D1938E430C88A06597216C11A8AC6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!