× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 78aaae835f1872d76dd70c3962b288c6a58fc7ced951a20d42d1910baffc31ca
File name: ahkorea.eu_pmqfmim.exe
Detection ratio: 20 / 67
Analysis date: 2018-03-12 11:49:47 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.131464 20180312
AegisLab Gen.Variant.Ursu!c 20180312
AhnLab-V3 PUP/Win32.ConvertAd.C2417772 20180312
ALYac Gen:Variant.Ursu.131464 20180312
Arcabit Trojan.Ursu.D20188 20180312
Avast FileRepMalware 20180312
AVG FileRepMalware 20180312
BitDefender Gen:Variant.Ursu.131464 20180312
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20170201
Cylance Unsafe 20180312
Emsisoft Gen:Variant.Ursu.131464 (B) 20180312
F-Secure Gen:Variant.Ursu.131464 20180312
GData Gen:Variant.Ursu.131464 20180312
Sophos ML heuristic 20180121
Jiangmin Trojan.Agent.bfkl 20180312
MAX malware (ai score=89) 20180312
eScan Gen:Variant.Ursu.131464 20180312
NANO-Antivirus Trojan.Win32.Kryptik.eylgva 20180312
Rising Trojan.Kryptik!8.8 (TFE:5:W2D0MYvyBMB) 20180312
Webroot W32.Trojan.Emotet 20180312
Alibaba 20180312
Avast-Mobile 20180312
Avira (no cloud) 20180312
AVware 20180312
Baidu 20180312
Bkav 20180312
CAT-QuickHeal 20180312
ClamAV 20180312
CMC 20180312
Comodo 20180312
Cybereason 20180225
Cyren 20180312
DrWeb 20180312
eGambit 20180312
Endgame 20180308
ESET-NOD32 20180312
F-Prot 20180312
Fortinet 20180312
Ikarus 20180312
K7AntiVirus 20180312
K7GW 20180312
Kaspersky 20180312
Kingsoft 20180312
Malwarebytes 20180312
McAfee 20180312
McAfee-GW-Edition 20180312
Microsoft 20180312
nProtect 20180312
Palo Alto Networks (Known Signatures) 20180312
Panda 20180311
Qihoo-360 20180312
SentinelOne (Static ML) 20180225
Sophos AV 20180312
SUPERAntiSpyware 20180312
Symantec 20180312
Symantec Mobile Insight 20180311
Tencent 20180312
TheHacker 20180311
TotalDefense 20180312
TrendMicro 20180312
TrendMicro-HouseCall 20180312
Trustlook 20180312
VBA32 20180312
VIPRE 20180312
ViRobot 20180312
WhiteArmor 20180223
Yandex 20180308
Zillya 20180309
ZoneAlarm by Check Point 20180312
Zoner 20180312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-09 09:48:50
Entry Point 0x00005620
Number of sections 7
PE sections
PE imports
GetStdHandle
HeapDestroy
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
OutputDebugStringW
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
InterlockedDecrement
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
GetStartupInfoW
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileExA
HeapValidate
ResetEvent
FreeConsole
FindNextFileA
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
WaitForSingleObjectEx
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
HeapQueryInformation
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
FindResourceExW
SysFreeString
SysAllocString
MessageBoxA
CoInitializeEx
CoCreateInstance
CoUninitialize
CLSIDFromProgID
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:09 10:48:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
199168

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x5620

InitializedDataSize
199680

SubsystemVersion
5.1

ImageVersion
1001.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 00f3f39a1868ac612b4422adf6e54bb1
SHA1 6c970373e24666210b0d8027688562daeb9420ba
SHA256 78aaae835f1872d76dd70c3962b288c6a58fc7ced951a20d42d1910baffc31ca
ssdeep
6144:ANr32iDeNPE3q2l+TMGGWEwZtenaB2sQ63QJiLijDcikRXRiQ:ANrmeeuEEG8naAsfL5RR/

authentihash 9602dbea49af1602b69a95329ee31b8affeaaa70652af6e801ebadb2ec3d05d4
imphash 61ceff257e8dbec3ccbf8862d563d03f
File size 378.0 KB ( 387072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-12 11:40:16 UTC ( 1 year, 1 month ago )
Last submission 2018-10-24 16:17:19 UTC ( 6 months ago )
File names 141_03_06_2018_14_12_46_oqjowkh.exe.malware.MRG
VirusShare_00f3f39a1868ac612b4422adf6e54bb1
VirusShare_00f3f39a1868ac612b4422adf6e54bb1
othpcek.exe
ahkorea.eu_pmqfmim.exe
C$~Users~test~Desktop~samples~installed~VirusShare_00f3f39a1868ac612b4422adf6e54bb1.exe
pmqfmim.exe
oqjowkh.exe
tmmhmvi.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs