× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 712acf837afb83296cff0411c51fa0f2bbeb7f512406b8377a06219608361286
File name: qtcheck.exe
Detection ratio: 30 / 47
Analysis date: 2013-11-02 20:29:19 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Yakes 20131102
AntiVir TR/Kazy.1044884 20131102
Avast Win32:Morphex [Cryp] 20131102
AVG Win32/Cryptor 20131102
Baidu-International Trojan.Win32.Generic.AcIo 20131102
BitDefender Gen:Variant.Kazy.260585 20131102
Commtouch W32/Siger.A.gen!Eldorado 20131102
Comodo TrojWare.Win32.Zbot.QLMT 20131102
DrWeb Trojan.PWS.StealerENT.3128 20131102
Emsisoft Gen:Variant.Kazy.260585 (B) 20131102
ESET-NOD32 a variant of Win32/Kryptik.BNQB 20131102
F-Prot W32/Siger.A.gen!Eldorado 20131102
F-Secure Gen:Variant.Kazy.260585 20131102
Fortinet W32/Kryptik.BHHU!tr 20131102
GData Gen:Variant.Kazy.260585 20131102
Ikarus Virus.Win32.Cryptor 20131102
Kaspersky HEUR:Trojan.Win32.Generic 20131101
Malwarebytes Spyware.Password.pony 20131102
McAfee BackDoor-FBIZ!45912F23C915 20131102
McAfee-GW-Edition BackDoor-FBIZ!45912F23C915 20131102
Microsoft PWS:Win32/Fareit.gen!J 20131102
eScan Gen:Variant.Kazy.260585 20131028
Norman ZBot.OPWO 20131102
Panda Generic Malware 20131102
Sophos AV Mal/Generic-S 20131102
SUPERAntiSpyware Trojan.Agent/Gen-Kazy 20131102
TrendMicro TROJ_GEN.R047C0DJS13 20131102
TrendMicro-HouseCall TSPY_ZBOT.SMSS 20131102
VBA32 Heur.Trojan.Hlux 20131101
VIPRE Trojan.Win32.Zbot.fft (v) 20131102
Yandex 20131102
Antiy-AVL 20131101
Bkav 20131102
ByteHero 20131028
CAT-QuickHeal 20131102
ClamAV 20131102
Jiangmin 20131102
K7AntiVirus 20131101
K7GW 20131101
Kingsoft 20130829
NANO-Antivirus 20131102
nProtect 20131101
Rising 20131101
Symantec 20131102
TheHacker 20131029
TotalDefense 20131101
ViRobot 20131102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-14 18:13:37
Entry Point 0x00009D18
Number of sections 4
PE sections
PE imports
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyW
RegCreateKeyW
RegOpenKeyW
RegDeleteKeyW
RegSetValueW
RegQueryValueExW
PatBlt
GetStockObject
GetPaletteEntries
GetObjectW
SelectObject
GetTextExtentPoint32W
GetLastError
HeapFree
EnterCriticalSection
GetSystemInfo
lstrlenA
LoadLibraryW
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
MulDiv
GetTickCount
IsBadWritePtr
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
GlobalAlloc
GetFileAttributesW
GetProfileIntA
DeleteCriticalSection
GetStartupInfoA
SetThreadPriority
GetCurrentProcessId
ReleaseSemaphore
CreateIoCompletionPort
lstrlenW
GetCurrentProcess
MultiByteToWideChar
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileStringW
GetProcessHeap
lstrcpynW
GetSystemDefaultLangID
lstrcpyW
SetEndOfFile
CloseHandle
WideCharToMultiByte
SetFilePointer
GetQueuedCompletionStatus
ReadFile
GetDiskFreeSpaceW
InterlockedExchange
CreateSemaphoreW
WriteFile
InterlockedIncrement
CreateEventW
ResetEvent
GetSystemTimeAsFileTime
lstrcmpW
CreateThread
GlobalLock
FreeLibrary
GlobalMemoryStatus
GetThreadPriority
SetUnhandledExceptionFilter
GlobalHandle
lstrcmpiW
InitializeCriticalSection
lstrcpyA
CreateFileW
PostQueuedCompletionStatus
VirtualFree
InterlockedDecrement
IsBadReadPtr
GetFullPathNameW
IsBadCodePtr
HeapAlloc
GetCurrentThread
GetFileSize
LeaveCriticalSection
_purecall
_except_handler3
??2@YAPAXI@Z
_ftol
??3@YAXPAX@Z
wcslen
ICClose
ICCompress
ICDecompress
ICSendMessage
ICLocate
ICGetInfo
ICOpen
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemFree
StringFromGUID2
IsRectEmpty
DefWindowProcW
CheckRadioButton
ShowWindow
GetDesktopWindow
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
MoveWindow
TranslateMessage
GetAsyncKeyState
GetDlgItemInt
SetDlgItemTextW
GetDC
CreateDialogParamW
ReleaseDC
SendMessageW
GetWindowLongW
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
ClientToScreen
InvalidateRect
CheckDlgButton
SetDlgItemInt
LoadCursorW
DispatchMessageW
wsprintfW
SetCursor
DestroyWindow
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
mixerGetID
mixerGetLineControlsW
mixerGetControlDetailsW
waveInOpen
CloseDriver
mixerOpen
waveInPrepareHeader
mixerSetControlDetails
waveInAddBuffer
SendDriverMessage
mixerClose
waveInClose
waveInUnprepareHeader
waveInStop
waveInStart
mixerGetLineInfoW
OpenDriver
waveInReset
waveInGetDevCapsW
Number of PE resources by type
RT_ICON 6
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
FRENCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:10:14 19:13:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46592

LinkerVersion
11.0

FileTypeExtension
exe

InitializedDataSize
149504

SubsystemVersion
5.1

EntryPoint
0x9d18

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

PCAP parents
File identification
MD5 45912f23c915fa3719601375521c8088
SHA1 5bd29ae6d01056b9abdb9151321bc49dc37688ea
SHA256 712acf837afb83296cff0411c51fa0f2bbeb7f512406b8377a06219608361286
ssdeep
3072:mjmBLaOGwywl+pwckEmOEGAaquxu5bX0X:42McgBmJGAaUg

authentihash c3f0c02e71be8ec0f5702d8f61e93d22542ca3fdef9a1fd7f4a7cf7ca63c66fa
imphash 810398dd663d524377b42a71c888631e
File size 100.5 KB ( 102912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-28 18:31:37 UTC ( 5 years, 6 months ago )
Last submission 2017-09-21 21:18:41 UTC ( 1 year, 8 months ago )
File names qtcheck.exe
1912672561612439880.exe
qtcheck.exe
HTTP-FULil01VYN4bvvBQu7.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections