× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6ea02c51e57f712a80106c8ab607fd74d2efc6d97814fa68daf0e84c7cfc0815
File name: huq.exe
Detection ratio: 46 / 62
Analysis date: 2017-06-30 21:56:05 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5199034 20170630
AegisLab Troj.W32.Apost!c 20170630
AhnLab-V3 Trojan/Win32.Agent.C1976472 20170630
ALYac Trojan.GenericKD.5199034 20170630
Antiy-AVL Trojan/Win32.SGeneric 20170630
Arcabit Trojan.Generic.D4F54BA 20170630
Avast Win32:ApplockBypass-F [Trj] 20170630
AVG Win32:ApplockBypass-F [Trj] 20170630
Avira (no cloud) TR/AD.RemoteExecHeur.hidze 20170630
AVware Trojan.Win32.Generic!BT 20170630
BitDefender Trojan.GenericKD.5199034 20170630
Bkav W32.TedasorDYT.Trojan 20170630
CAT-QuickHeal Trojan.Autoit 20170630
Comodo UnclassifiedMalware 20170630
Cyren W32/Apost.JERZ-5858 20170630
Emsisoft Trojan.GenericKD.5199034 (B) 20170630
ESET-NOD32 MSIL/TrojanDownloader.Agent.DLO 20170630
F-Prot W32/Apost.A 20170630
F-Secure Trojan.GenericKD.5199034 20170630
Fortinet W32/APosT.HL!tr 20170629
GData Win32.Trojan.Agent.6IGWQ9 20170630
Ikarus Trojan-Downloader.Win32.Dldwp 20170630
Jiangmin Trojan.APosT.s 20170628
K7AntiVirus Riskware ( 0040eff71 ) 20170630
K7GW Riskware ( 0040eff71 ) 20170630
Kaspersky Trojan.Win32.APosT.hl 20170630
Malwarebytes Trojan.Downloader 20170630
McAfee Generic.abu 20170630
McAfee-GW-Edition Generic.abu 20170630
Microsoft TrojanDownloader:Win32/Dldwp.D 20170630
eScan Trojan.GenericKD.5199034 20170630
NANO-Antivirus Trojan.Win32.APosT.epnvxo 20170630
Palo Alto Networks (Known Signatures) generic.ml 20170630
Panda Trj/agent.ICB 20170630
Rising Downloader.Dldwp!8.E809 (ktse) 20170630
Sophos AV Mal/Generic-L 20170630
Symantec Trojan.Gen.6 20170630
Tencent Win32.Trojan.Apost.Hsjb 20170630
TrendMicro TROJ_GEN.R021C0DES17 20170630
TrendMicro-HouseCall TROJ_GEN.R021C0DES17 20170630
VIPRE Trojan.Win32.Generic!BT 20170630
ViRobot Trojan.Win32.Agent.68096.AT 20170630
Webroot W32.Trojan.Ransom 20170630
Yandex Trojan.APosT! 20170630
Zillya Trojan.APosT.Win32.32 20170630
ZoneAlarm by Check Point Trojan.Win32.APosT.hl 20170630
Alibaba 20170630
Baidu 20170630
ClamAV 20170630
CMC 20170630
CrowdStrike Falcon (ML) 20170420
DrWeb 20170630
Endgame 20170629
Sophos ML 20170607
Kingsoft 20170630
nProtect 20170630
Qihoo-360 20170630
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170630
Symantec Mobile Insight 20170630
TheHacker 20170628
TotalDefense 20170630
Trustlook 20170630
VBA32 20170630
WhiteArmor 20170627
Zoner 20170630
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-24 19:18:55
Entry Point 0x0000119A
Number of sections 4
PE sections
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
WinExec
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
WideCharToMultiByte
TlsFree
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
TlsGetValue
Sleep
GetFileType
TlsSetValue
EncodePointer
GetCurrentThreadId
SetLastError
LeaveCriticalSection
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:05:24 20:18:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
33792

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x119a

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 25cb3ad3fdf7558e225b4bd3844b0dd2
SHA1 1e4538afaed1b21fbd319774d013622d678b01b2
SHA256 6ea02c51e57f712a80106c8ab607fd74d2efc6d97814fa68daf0e84c7cfc0815
ssdeep
1536:dcYQelKrEz+5DixrV/c87sWjcduwlZZZZXO:OreQHOEuL

authentihash bfe14fec6b34cb06ef1a9996f9542289f92de68705068a6666de7149c73f743d
imphash d60943f5bc7c9fd8248be67c6ea03dfd
File size 66.5 KB ( 68096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-26 19:03:45 UTC ( 1 year, 9 months ago )
Last submission 2018-05-07 09:36:22 UTC ( 9 months, 3 weeks ago )
File names fja.exe
imdvr.exe_
huq.exe
bezaab.exe
aovdqem.exe_
dlo.exe
mpu.exe
ymuzflu.exe
has.exe
uzkinnndf.exe
fkujsn.exe
kff.exe
czk.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications