× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88e3f6aa518bbffa5963638dec103e22814cc61a46849bddafde2179e7900b8d
File name: monuile.exe
Detection ratio: 24 / 53
Analysis date: 2014-07-18 17:39:39 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.11504060 20140718
AntiVir TR/Yakes.fifa 20140718
BitDefender Trojan.Generic.11504060 20140718
CMC Trojan.Win32.Swizzor.2!O 20140717
Comodo UnclassifiedMalware 20140718
DrWeb Trojan.Siggen6.20393 20140718
Emsisoft Trojan.Generic.11504060 (B) 20140718
ESET-NOD32 a variant of Generik.KCMAMIR 20140718
F-Secure Trojan.Generic.11504060 20140718
Fortinet W32/Yakes.FIFA!tr 20140718
GData Trojan.Generic.11504060 20140718
Ikarus Trojan.Win32.Yakes 20140718
Kaspersky Trojan.Win32.Yakes.fifa 20140718
Malwarebytes Trojan.Downloader 20140718
Microsoft PWS:Win32/Zbot 20140718
eScan Trojan.Generic.11504060 20140718
NANO-Antivirus Trojan.Win32.Yakes.dceoxa 20140718
Panda Trj/CI.A 20140718
Qihoo-360 HEUR/Malware.QVM20.Gen 20140718
Rising PE:Trojan.Win32.Generic.1702116A!386011498 20140718
Sophos AV Mal/Generic-S 20140718
Tencent Win32.Trojan.Yakes.Pezb 20140718
TrendMicro-HouseCall Suspicious_GEN.F47V0711 20140718
VIPRE Trojan.Win32.Generic!BT 20140718
AegisLab 20140718
Yandex 20140718
AhnLab-V3 20140718
Antiy-AVL 20140718
Avast 20140718
AVG 20140718
Baidu-International 20140718
Bkav 20140718
ByteHero 20140718
CAT-QuickHeal 20140718
ClamAV 20140718
Commtouch 20140718
F-Prot 20140718
Jiangmin 20140718
K7AntiVirus 20140718
K7GW 20140718
Kingsoft 20140718
McAfee 20140718
McAfee-GW-Edition 20140718
Norman 20140718
nProtect 20140718
SUPERAntiSpyware 20140718
Symantec 20140718
TheHacker 20140718
TotalDefense 20140718
TrendMicro 20140718
VBA32 20140718
ViRobot 20140718
Zoner 20140718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1978 - 2001

Publisher Nemetschek North America, Inc.
Product uV4vQ7G81
Original name FM4w1GuwY7.exe
Internal name FM4w1GuwY7.exe
File version 7.5.4.0
Description GUZBwZUSf1n5
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-11 09:29:40
Entry Point 0x000119D0
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
FreeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
AllocateAndInitializeSid
RegDeleteKeyW
IsTextUnicode
RegQueryValueExW
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_SetIconSize
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
GetSaveFileNameW
PrintDlgW
ChooseColorW
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
GetROP2
GetPixel
Rectangle
GetDeviceCaps
DeleteDC
RestoreDC
GetPixelFormat
EndDoc
CreateSolidBrush
StartPage
GetObjectW
BitBlt
CreateHatchBrush
OffsetWindowOrgEx
CreatePatternBrush
MoveToEx
EnumFontFamiliesExW
GetStockObject
SetBrushOrgEx
CreateCompatibleDC
SwapBuffers
SetROP2
EndPage
SetWindowOrgEx
DPtoLP
SetBkColor
StartDocW
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
GetFullPathNameW
CopyFileW
GetModuleFileNameW
ExitProcess
GetVersionExA
lstrcmpiW
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFileAttributesW
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
SetEnvironmentVariableA
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetOEMCP
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
LocalLock
GlobalSize
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcessHeap
GetTimeFormatW
ExpandEnvironmentStringsW
FindNextFileW
GetTimeFormatA
FindFirstFileW
IsValidLocale
lstrcmpW
GetLongPathNameW
GetTimeZoneInformation
CreateFileW
GetFileType
CreateFileA
HeapAlloc
LocalUnlock
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
CompareStringW
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
HeapSize
GetCommandLineA
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CompareStringA
InitializeProcessForWsWatch
DragQueryFileW
DragFinish
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
SHGetMalloc
SHBrowseForFolderW
PathStripPathW
PathMatchSpecW
StrStrNW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathCompactPathExW
RedrawWindow
LoadBitmapW
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
SetMenuItemInfoW
DispatchMessageW
DestroyCursor
GetCursorPos
GetDlgCtrlID
SendMessageW
GetClientRect
ToAscii
DefWindowProcW
DrawTextW
SetScrollPos
CallNextHookEx
LoadImageW
ClientToScreen
GetActiveWindow
ShowCursor
SetDlgItemTextW
LockWindowUpdate
ScrollWindow
PtInRect
GetMessageA
GetParent
UpdateWindow
GetPropW
CreateCaret
GetMessageW
ShowWindow
FlashWindowEx
GetMenuState
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
GetClipboardData
TranslateMessage
GetDlgItemTextW
GetDlgItemInt
CreateCursor
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
IsIconic
GetSubMenu
DrawFrameControl
GetDCEx
IsDialogMessageW
CreateAcceleratorTableW
DeferWindowPos
IsWindowUnicode
RealChildWindowFromPoint
CreateWindowExW
GetWindowLongW
IsChild
IsDialogMessageA
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
ReleaseCapture
DrawEdge
BeginPaint
SetCaretPos
GetScrollPos
SetClipboardViewer
GetSystemMetrics
SetWindowLongW
InflateRect
SetCapture
DrawIcon
CharLowerW
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
CheckMenuItem
SetWindowTextW
GetDlgItem
RemovePropW
ScreenToClient
GetKeyboardState
DialogBoxIndirectParamW
DestroyAcceleratorTable
SetDlgItemInt
SetWindowsHookExW
LoadIconW
RemoveMenu
GetMenuItemID
InsertMenuW
SetForegroundWindow
OpenClipboard
EmptyClipboard
EndDialog
MessageBeep
LoadMenuW
ShowCaret
BeginDeferWindowPos
MessageBoxW
GetMenu
RegisterClassExW
SetMenu
MessageBoxA
AppendMenuW
ChangeClipboardChain
mouse_event
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
SystemParametersInfoW
MonitorFromWindow
FrameRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
EnableMenuItem
CallWindowProcA
GetFocus
wsprintfW
TranslateAcceleratorW
UnhookWindowsHookEx
SetCursor
CoUninitialize
CoInitialize
Number of PE resources by type
RT_DIALOG 5
RT_VERSION 1
S9PAVLYO 1
Number of PE resources by language
ENGLISH US 3
GERMAN AUSTRIAN 1
SERBIAN *unknown* 1
PUNJABI ARABIC BAHRAIN 1
TELUGU ARABIC KUWAIT 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.5.4.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Japan (Shift - JIS X-0208)

InitializedDataSize
608768

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1978 - 2001

FileVersion
7.5.4.0

TimeStamp
2014:07:11 10:29:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FM4w1GuwY7.exe

FileAccessDate
2014:07:18 18:37:26+01:00

ProductVersion
7.5.4.0

FileDescription
GUZBwZUSf1n5

OSVersion
5.1

FileCreateDate
2014:07:18 18:37:26+01:00

OriginalFilename
FM4w1GuwY7.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Nemetschek North America, Inc.

CodeSize
260096

ProductName
uV4vQ7G81

ProductVersionNumber
7.5.4.0

EntryPoint
0x119d0

ObjectFileType
Executable application

File identification
MD5 b573dcbb29156de280dd328970daa3e7
SHA1 09bffd3c224c063526ce3a9dc1e5e0a9559085d3
SHA256 88e3f6aa518bbffa5963638dec103e22814cc61a46849bddafde2179e7900b8d
ssdeep
6144:5C+6Heou6C+Lill2Zp6YdUeKd3YMOeYVBdaB4RWigAICE5:hUAtW6YduSIP

imphash 6a8c8132e655fd4487778a5716f3c83e
File size 389.5 KB ( 398848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-11 17:39:04 UTC ( 4 years, 8 months ago )
Last submission 2014-07-11 17:39:07 UTC ( 4 years, 8 months ago )
File names FM4w1GuwY7.exe
monuile.exe
43d1dff8c18c6dc21d1fe994af2864150275c3e546d6f717dcdd19afd2347744-1405100342
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections