× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6de067fe974a1fc95f94e2078b381fd0f2f206546507426060fa3a46ba1eca6a
File name: 4yopu.exe
Detection ratio: 50 / 56
Analysis date: 2016-08-30 09:53:19 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.44950 20160830
AegisLab Troj.Proxy.W32.Lethic.buv!c 20160830
AhnLab-V3 Dropper/Win32.Necurs.N1233586895 20160830
ALYac Gen:Variant.Symmi.44950 20160830
Antiy-AVL Trojan[Proxy]/Win32.Lethic 20160830
Arcabit Trojan.Symmi.DAF96 20160830
Avast Win32:Androp [Drp] 20160830
AVG Win32/Cryptor 20160830
Avira (no cloud) TR/Crypt.ZPACK.92647 20160830
AVware Trojan.Win32.Generic!BT 20160830
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160830
BitDefender Gen:Variant.Symmi.44950 20160830
CAT-QuickHeal Trojan.Lethic.B5 20160830
ClamAV Win.Trojan.Lethic-471 20160830
Comodo UnclassifiedMalware 20160830
Cyren W32/Powessere.A.gen!Eldorado 20160830
DrWeb Trojan.Inject1.43628 20160830
Emsisoft Gen:Variant.Symmi.44950 (B) 20160830
ESET-NOD32 a variant of Win32/Injector.BJFX 20160830
F-Prot W32/Powessere.A.gen!Eldorado 20160830
F-Secure Gen:Variant.Symmi.44950 20160830
Fortinet W32/Lethic.BUV!tr 20160830
GData Gen:Variant.Symmi.44950 20160830
Ikarus Trojan.Inject2 20160830
Jiangmin TrojanProxy.Lethic.at 20160830
K7AntiVirus Trojan ( 0040f9071 ) 20160830
K7GW Trojan ( 0040f9071 ) 20160830
Kaspersky HEUR:Trojan.Win32.Generic 20160830
Kingsoft Win32.Troj.Lethic.b.(kcloud) 20160830
Malwarebytes Trojan.Agent.VXGen 20160830
McAfee GenericATG-FAFP!D3B852481E8A 20160830
McAfee-GW-Edition BehavesLike.Win32.Ramnit.ch 20160830
Microsoft Worm:Win32/Dorkbot 20160830
eScan Gen:Variant.Symmi.44950 20160830
NANO-Antivirus Trojan.Win32.Agent.ddoucy 20160830
Panda Trj/Genetic.gen 20160830
Qihoo-360 Win32/Trojan.Proxy.b35 20160830
Rising Trojan.Generic-4LtHn6gTuQI (Cloud) 20160830
Sophos AV Mal/Wonton-Z 20160830
SUPERAntiSpyware Trojan.Agent/Gen-FalComp 20160830
Symantec Trojan.Gen 20160830
Tencent Win32.Trojan.Generic.Wrqe 20160830
TheHacker Trojan/Injector.bjfx 20160829
TrendMicro TROJ_SPNR.0CH014 20160830
TrendMicro-HouseCall TROJ_SPNR.0CH014 20160830
VBA32 Heur.Malware-Cryptor.Ngrbot 20160829
VIPRE Trojan.Win32.Generic!BT 20160830
ViRobot Dropper.S.Agent.117248.G[h] 20160830
Yandex Trojan.PR.Lethic!T+hEc+4jUnQ 20160830
Zillya Trojan.Lethic.Win32.639 20160830
Alibaba 20160830
Bkav 20160830
CMC 20160830
Sophos ML 20160830
nProtect 20160830
TotalDefense 20160830
Zoner 20160830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-04 21:25:12
Entry Point 0x00002EFB
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegDeleteKeyW
RegSetValueW
RegQueryValueExW
RegQueryValueW
CloseEnhMetaFile
CloseFigure
CreateBrushIndirect
AddFontResourceW
CombineRgn
CopyEnhMetaFileA
ColorCorrectPalette
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
FindResourceExA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
SetFileAttributesA
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLocaleInfoW
SetLastError
GetModuleFileNameW
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
GetWindowsDirectoryA
GetProcAddress
CompareStringW
lstrcpyA
CompareStringA
GetTempFileNameA
CreateWaitableTimerA
IsValidLocale
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetTempPathA
RemoveDirectoryA
GetShortPathNameA
CreateProcessW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
OpenEventA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
DragQueryFileA
DuplicateIcon
ExtractIconW
ShellAboutA
Shell_NotifyIconA
DestroyCaret
GetForegroundWindow
CountClipboardFormats
GetScrollBarInfo
InsertMenuItemW
SetLastErrorEx
ToAscii
DispatchMessageW
GetWindowInfo
CharUpperA
OpenDesktopA
GetClipboardData
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
sndPlaySoundW
SymEnumerateSymbols
ImageDirectoryEntryToData
SymFindFileInPath
SymEnumerateSymbols64
FindDebugInfoFile
MiniDumpReadDumpStream
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
StringFromGUID2
Number of PE resources by type
RT_STRING 6
RT_FONT 1
Number of PE resources by language
NEUTRAL 6
ENGLISH PHILIPPINES 1
PE resources
ExifTool file metadata
CodeSize
66048

SubsystemVersion
5.0

Comments
Bee pig influence

InitializedDataSize
50176

ImageVersion
0.0

ProductName
Task

FileVersionNumber
5.69.97.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
Upward.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.69.97.0

TimeStamp
2014:08:04 22:25:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Upward.exe

ProductVersion
5.69.97.0

FileDescription
Mississippi fewer Florida

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) Oldest passage

MachineType
Intel 386 or later, and compatibles

CompanyName
Gasoline tightly

LegalTrademarks
Industrial society principle fed orbit

FileSubtype
0

ProductVersionNumber
5.69.97.0

EntryPoint
0x2efb

ObjectFileType
Executable application

File identification
MD5 d3b852481e8accf425f0d86cae048a2a
SHA1 ef04962542204beba341471461ed039d54cd82e2
SHA256 6de067fe974a1fc95f94e2078b381fd0f2f206546507426060fa3a46ba1eca6a
ssdeep
1536:3toHyUh8iM1U84hbZ0lZZkk64yWhLzMCWxy7y6P3y/dwzamLhTHcQHinb2HyWR:3tYt8V4TGMWhLgCWxy7y6PudmhHlCnMR

authentihash 234ee408c03e02706a58353fbd2d2cebfa80ea4330332913c30ad711d0bbf909
imphash 98a84b22a5feb3de74a83e9a2af0b6f8
File size 114.5 KB ( 117248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-05 08:45:57 UTC ( 4 years, 6 months ago )
Last submission 2015-01-22 20:24:24 UTC ( 4 years ago )
File names va0b5.exe
cwca5.exe
6de067fe974a1fc95f94e2078b381fd0f2f206546507426060fa3a46ba1eca6a.exe
d3b852481e8accf425f0d86cae048a2a
pki0o.exe
4yopu.exe
88kuu.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs