× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 726ac2e514611cd7a85bbebdcf63781f4f0d303a6d736ecf6ed623718e2ce089
File name: 07a5da01d5d245c29296d67cca7b1100
Detection ratio: 21 / 65
Analysis date: 2017-09-25 00:24:12 UTC ( 1 year, 6 months ago )
Antivirus Result Update
AhnLab-V3 Backdoor/Win32.Agent.C2154458 20170923
Avast Win32:GenMalicious-NXK [Trj] 20170924
AVG Win32:GenMalicious-NXK [Trj] 20170924
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170922
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170925
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/GenKryptik.AXFI 20170924
Fortinet W32/Kryptik.FWTK!tr 20170924
Sophos ML heuristic 20170914
Kaspersky Backdoor.Win32.QBot.wox 20170924
McAfee W32/PinkSbot-EJ!07A5DA01D5D2 20170924
McAfee-GW-Edition BehavesLike.Win32.Generic.gc 20170924
Panda Generic Malware 20170924
Qihoo-360 Win32/Trojan.aac 20170925
Rising Backdoor.QBot!8.3147 (CLOUD) 20170924
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170923
Tencent Win32.Backdoor.Qbot.Glp 20170925
TrendMicro-HouseCall TROJ_GEN.R03AH06IL17 20170924
ZoneAlarm by Check Point Backdoor.Win32.QBot.wox 20170924
Ad-Aware 20170924
AegisLab 20170924
Alibaba 20170911
ALYac 20170924
Antiy-AVL 20170924
Arcabit 20170924
Avast-Mobile 20170923
Avira (no cloud) 20170923
AVware 20170923
BitDefender 20170924
CAT-QuickHeal 20170923
ClamAV 20170924
CMC 20170920
Comodo 20170924
Cyren 20170924
DrWeb 20170924
Emsisoft 20170924
F-Prot 20170924
F-Secure 20170924
GData 20170924
Ikarus 20170924
Jiangmin 20170924
K7AntiVirus 20170924
K7GW 20170924
Kingsoft 20170925
Malwarebytes 20170924
MAX 20170924
Microsoft 20170924
eScan 20170924
NANO-Antivirus 20170924
nProtect 20170924
Palo Alto Networks (Known Signatures) 20170925
Sophos AV 20170923
SUPERAntiSpyware 20170924
Symantec Mobile Insight 20170922
TheHacker 20170921
TotalDefense 20170924
TrendMicro 20170924
Trustlook 20170925
VBA32 20170922
VIPRE 20170924
ViRobot 20170924
Webroot 20170925
WhiteArmor 20170829
Yandex 20170908
Zillya 20170922
Zoner 20170924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights

Product Microsoft® Windows® Operat
Original name apisetst
Internal name apisetstu
File version 6.1.7601.23677 (win7sp1_ldr.1
Description ApiSet Stub DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-18 16:15:12
Entry Point 0x000016F0
Number of sections 7
PE sections
PE imports
GetOldestEventLogRecord
GetCurrentHwProfileW
RegDisablePredefinedCache
FlattenPath
GetBkMode
GetTextExtentExPointW
GetRegionData
ExtCreateRegion
GetClipBox
ModifyWorldTransform
GlobalFindAtomW
GetPrivateProfileStructA
GetModuleFileNameW
GlobalFree
FreeLibrary
GetFileAttributesW
FindNextVolumeW
GetShortPathNameA
GetEnvironmentStrings
GetCompressedFileSizeW
GetCurrentActCtx
DeleteFileW
GetUserDefaultLCID
GetProfileSectionA
GetSystemPowerStatus
GlobalAddAtomW
GetBinaryTypeW
WritePrivateProfileStructA
GlobalFlags
GetComputerNameExW
GetCommandLineA
FindFirstFileW
FindFirstFileExW
GetModuleHandleW
GetMailslotInfo
FindAtomW
GetLongPathNameW
GetCurrentConsoleFont
GetCurrentThreadId
LoadTypeLibEx
ExtractIconW
ExtractAssociatedIconW
GetUserNameExA
LoadAcceleratorsA
GetWindowRgn
CountClipboardFormats
GetWindowRect
DrawIcon
GetDesktopWindow
GetWindowTextLengthW
GetDlgItem
DestroyCursor
FindWindowA
GetCaretPos
RegisterClipboardFormatW
GetDC
GetFileVersionInfoW
GetColorProfileElement
fputc
fread
fsetpos
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x16f0

OriginalFileName
apisetst

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights

FileVersion
6.1.7601.23677 (win7sp1_ldr.1

TimeStamp
2017:09:18 17:15:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
apisetstu

ProductVersion
6.1.7601.

FileDescription
ApiSet Stub DLL

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporat

CodeSize
12288

ProductName
Microsoft Windows Operat

ProductVersionNumber
5.1.2600.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 07a5da01d5d245c29296d67cca7b1100
SHA1 cce1ec4437668a85752a81f3d077ec608f361cdd
SHA256 726ac2e514611cd7a85bbebdcf63781f4f0d303a6d736ecf6ed623718e2ce089
ssdeep
12288:xi9QZb/zOG0ylYPMiVvBjOQX3u8p0X5zgyG:xiEzzqPHBX3u8p0Nk

authentihash ddddeddcebdb2fd1867270b610ddc7c13813f924c63b53dd7f6326fb125f37c2
imphash 84659bb4aa4352026be299294c2cc948
File size 440.0 KB ( 450560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-25 00:24:12 UTC ( 1 year, 6 months ago )
Last submission 2017-09-25 00:24:12 UTC ( 1 year, 6 months ago )
File names 07a5da01d5d245c29296d67cca7b1100
apisetstu
apisetst
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs