× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c429b3f5cb5d49fa8c1a7de36d1b11ca7cb4d43b31234a2f23d384f51514d50
File name: uqalygic.exe
Detection ratio: 17 / 54
Analysis date: 2016-02-17 10:11:33 UTC ( 2 years, 12 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3048506 20160217
Arcabit Trojan.Generic.D2E843A 20160217
Avast Win32:Malware-gen 20160217
Avira (no cloud) TR/AD.Teerac.Y.112 20160217
BitDefender Trojan.GenericKD.3048506 20160217
Emsisoft Trojan.GenericKD.3048506 (B) 20160217
ESET-NOD32 Win32/Filecoder.DI 20160217
F-Secure Trojan.GenericKD.3048506 20160217
Fortinet W32/Filecoder.DI!tr 20160217
GData Trojan.GenericKD.3048506 20160217
Ikarus Trojan-Ransom.CryptoWall3 20160217
Kaspersky Backdoor.Win32.Androm.jdta 20160217
McAfee Artemis!6ACCD20047BC 20160217
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20160217
eScan Trojan.GenericKD.3048506 20160217
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160217
Sophos AV Mal/Generic-S 20160217
AegisLab 20160217
Yandex 20160216
AhnLab-V3 20160216
Alibaba 20160217
ALYac 20160217
Antiy-AVL 20160217
AVG 20160217
Baidu-International 20160216
Bkav 20160215
ByteHero 20160217
CAT-QuickHeal 20160216
ClamAV 20160217
CMC 20160216
Comodo 20160217
Cyren 20160217
DrWeb 20160217
F-Prot 20160217
Jiangmin 20160217
K7AntiVirus 20160217
K7GW 20160217
Malwarebytes 20160217
Microsoft 20160216
NANO-Antivirus 20160217
nProtect 20160216
Panda 20160216
Rising 20160216
SUPERAntiSpyware 20160217
Symantec 20160216
Tencent 20160217
TheHacker 20160217
TrendMicro 20160217
TrendMicro-HouseCall 20160217
VBA32 20160216
VIPRE 20160217
ViRobot 20160217
Zillya 20160217
Zoner 20160217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-05-04 22:37:24
Entry Point 0x000087F6
Number of sections 4
PE sections
Overlays
MD5 572636b9494a53c317ef3fea2fa69a58
File type data
Offset 155648
Size 1096
Entropy 6.15
PE imports
GetSecurityDescriptorSacl
PolyPolyline
GetCharABCWidthsW
SetMapMode
PlayEnhMetaFileRecord
SetTextAlign
GetTextMetricsA
CombineRgn
GetROP2
SetMetaFileBitsEx
GetObjectType
GetTextExtentPointA
SetPixel
EndDoc
IntersectClipRect
OffsetWindowOrgEx
EqualRgn
GetDIBits
ExtCreateRegion
SetPixelFormat
GetEnhMetaFileBits
StretchBlt
Escape
SwapBuffers
ScaleViewportExtEx
CloseFigure
Pie
Arc
GetKerningPairsA
WidenPath
ExtCreatePen
GetFontData
ResetDCW
GetBkColor
MoveToEx
GetTextCharsetInfo
GetDIBColorTable
DeleteEnhMetaFile
CreateFontIndirectW
OffsetRgn
CreateFontIndirectA
LPtoDP
EnumFontsA
UpdateColors
GetBitmapBits
GetBrushOrgEx
OffsetViewportOrgEx
SetBkMode
RectInRegion
BitBlt
GetDeviceCaps
FillRgn
SetAbortProc
SelectPalette
SetBkColor
StrokePath
CreateEnhMetaFileA
SetWinMetaFileBits
ExtSelectClipRgn
ScaleWindowExtEx
CloseEnhMetaFile
EndPage
GetNearestPaletteIndex
SetDIBColorTable
CancelDC
SetPixelV
BeginPath
DeleteObject
CreatePenIndirect
PlayMetaFileRecord
SetBitmapBits
PatBlt
SetStretchBltMode
Rectangle
GetObjectA
CreateDCA
GetMetaFileBitsEx
DeleteDC
GetWorldTransform
EnumMetaFile
StartPage
CreateDCW
GetCharWidthA
RealizePalette
CreateHatchBrush
CreateDIBPatternBrushPt
CreateBitmap
DeleteColorSpace
GetStockObject
ExtTextOutA
UnrealizeObject
GdiFlush
GetTextAlign
GetWinMetaFileBits
GetEnhMetaFileHeader
SetTextCharacterExtra
GetTextExtentPoint32W
EndPath
CreateICA
GetGlyphOutlineW
GetRgnBox
SaveDC
CreateICW
SetDeviceGammaRamp
GetGlyphOutlineA
RestoreDC
FillPath
CreateDIBSection
SetTextColor
ExtFloodFill
PolyDraw
GetClipBox
CreateFontA
EnumFontFamiliesExW
SetViewportOrgEx
SetArcDirection
CreateRoundRectRgn
CreateFontW
PolyBezier
SetMetaRgn
Chord
CreateRectRgn
RemoveFontResourceA
GetClipRgn
SetPolyFillMode
RemoveFontResourceW
Polyline
AbortDoc
ImmIsUIMessageA
ImmGetDefaultIMEWnd
GetStartupInfoA
GetModuleHandleA
FindFirstFileA
BuildCommDCBAndTimeoutsW
CreateMutexW
GetCurrencyFormatW
Ord(324)
Ord(3825)
Ord(3147)
Ord(2982)
Ord(2124)
Ord(1775)
Ord(3830)
Ord(1059)
Ord(4627)
Ord(3597)
Ord(1168)
Ord(4853)
Ord(1081)
Ord(3136)
Ord(1002)
Ord(1019)
Ord(4353)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1045)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(1069)
Ord(3798)
Ord(1042)
Ord(3259)
Ord(1029)
Ord(3081)
Ord(2648)
Ord(1037)
Ord(4407)
Ord(2446)
Ord(1016)
Ord(4079)
Ord(1020)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(4486)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2514)
Ord(815)
Ord(1089)
Ord(4078)
Ord(5300)
Ord(2385)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(3922)
Ord(5277)
Ord(1032)
Ord(5265)
Ord(3749)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(5731)
__p__fmode
exp
__CxxFrameHandler
_acmdln
_adjust_fdiv
__setusermatherr
_setmbcp
_pipe
_onexit
_cgets
__dllonexit
strtoul
__getmainargs
_initterm
_controlfp
_yn
__p__commode
__set_app_type
BeginPaint
Number of PE resources by type
RT_RCDATA 23
RT_DIALOG 6
RT_ICON 4
RT_GROUP_ICON 4
RT_VERSION 1
Number of PE resources by language
NEUTRAL 38
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.138.46.66

UninitializedDataSize
0

LanguageCode
Unknown (UNTR)

FileFlagsMask
0x003f

CharacterSet
Unknown (UE)

InitializedDataSize
118784

EntryPoint
0x87f6

MIMEType
application/octet-stream

LegalCopyright
2014 (C) 2014

FileVersion
0.5.36.186

TimeStamp
2006:05:04 23:37:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Teem

ProductVersion
0.49.88.124

FileDescription
Remittal Refuses Retried

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
WRQ, Inc.

CodeSize
32768

ProductName
Shabby Slacked

ProductVersionNumber
0.102.85.220

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6accd20047bc38c110a3ea555566f59c
SHA1 4142f52b5461002fa8f625ddefc30863c7bf52e0
SHA256 6c429b3f5cb5d49fa8c1a7de36d1b11ca7cb4d43b31234a2f23d384f51514d50
ssdeep
1536:oaIS+ygSQChjUFJUg0FZ8zbA3a/Y3Oe/vq5+N5069N5Q2AZ0/Rt0LIytknq+qagt:oZS2SDU108zzY+4i+NKCrACRt0LIy//L

authentihash 1ee0e4320970065721973e918fa073004f5320020a2558b4656429d13ab96d4a
imphash acc159dea67c3b922e39e3799904866c
File size 153.1 KB ( 156744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-16 17:59:36 UTC ( 3 years ago )
Last submission 2016-02-17 10:11:33 UTC ( 2 years, 12 months ago )
File names uqalygic.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!