× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 89d83db1d5aa9f8480fac867af5dfa401ed21e7ff09c71fb1ff1c85833ba45f5
File name: zqyCE7zCx1Sfi.exe
Detection ratio: 44 / 68
Analysis date: 2018-10-16 07:11:21 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31284523 20181016
ALYac Trojan.Autoruns.GenericKDS.31284523 20181016
Antiy-AVL Trojan/Win32.Azden 20181016
Arcabit Trojan.Autoruns.GenericS.D1DD5D2B 20181016
Avast Win32:MalwareX-gen [Trj] 20181016
AVG Win32:MalwareX-gen [Trj] 20181016
BitDefender Trojan.Autoruns.GenericKDS.31284523 20181016
CAT-QuickHeal Trojan.Emotet.X4 20181013
ClamAV Win.Trojan.Emotet-6707392-0 20181016
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.81aaaf 20180225
Cylance Unsafe 20181016
Cyren W32/Trojan.HHDJ-5682 20181016
Emsisoft Trojan.Autoruns.GenericKDS.31284523 (B) 20181016
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CNYM 20181016
F-Secure Trojan.Autoruns.GenericKDS.31284523 20181016
Fortinet W32/GenKryptik.CNYM!tr 20181016
GData Trojan.Autoruns.GenericKDS.31284523 20181016
Ikarus Trojan.Win32.Krypt 20181015
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053b6a31 ) 20181016
K7GW Trojan ( 0053b6a31 ) 20181016
Kaspersky Trojan-Banker.Win32.Emotet.bikn 20181016
Malwarebytes Trojan.Emotet 20181016
MAX malware (ai score=100) 20181016
McAfee GenericRXGM-WN!9F494D481AAA 20181016
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.ft 20181016
Microsoft Trojan:Win32/Occamy.C 20181016
eScan Trojan.Autoruns.GenericKDS.31284523 20181016
Palo Alto Networks (Known Signatures) generic.ml 20181016
Panda Trj/GdSda.A 20181015
Qihoo-360 HEUR/QVM20.1.8443.Malware.Gen 20181016
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181016
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181016
Symantec Trojan.Emotet 20181016
TACHYON Banker/W32.Emotet.347648.B 20181016
Tencent Win32.Trojan-banker.Emotet.Hvsz 20181016
TrendMicro TSPY_EMOTET.THJAEAH 20181016
TrendMicro-HouseCall TSPY_EMOTET.THJAEAH 20181016
VIPRE Trojan.Win32.Generic!BT 20181015
Webroot W32.Trojan.Emotet 20181016
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bikn 20181016
AegisLab 20181016
AhnLab-V3 20181016
Alibaba 20180921
Avast-Mobile 20181016
Avira (no cloud) 20181016
Babable 20180918
Baidu 20181015
Bkav 20181014
CMC 20181015
Comodo 20181016
DrWeb 20181016
eGambit 20181016
F-Prot 20181016
Jiangmin 20181016
Kingsoft 20181016
NANO-Antivirus 20181016
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TheHacker 20181015
TotalDefense 20181016
Trustlook 20181016
VBA32 20181015
ViRobot 20181016
Yandex 20181015
Zillya 20181015
Zoner 20181015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2000-2015 The Apache Software Foundation or its licensors, as applicable.

Product Apache Portable Runtime Project
Original name libapr-1.dll
Internal name libapr-1
File version 1.5.2
Description Apache Portable Runtime Library
Comments Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-14 09:45:39
Entry Point 0x0003BC87
Number of sections 6
PE sections
PE imports
ImpersonateNamedPipeClient
LineDDA
GdiSetBatchLimit
DeleteObject
GetTickCount64
SetThreadLocale
WaitForMultipleObjectsEx
TerminateProcess
GetConsoleFontSize
DeleteAtom
SystemTimeToTzSpecificLocalTime
FreeConsole
FillConsoleOutputCharacterW
GetModuleHandleW
GetShortPathNameA
SetMenuContextHelpId
OemKeyScan
DrawIcon
SetWindowPos
StartDocPrinterW
SCardReleaseContext
memset
VerSetConditionMask
CoFreeUnusedLibrariesEx
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
4294967295

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.2.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Apache Portable Runtime Library

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
107520

EntryPoint
0x3bc87

OriginalFileName
libapr-1.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2000-2015 The Apache Software Foundation or its licensors, as applicable.

FileVersion
1.5.2

TimeStamp
2018:10:14 10:45:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
libapr-1

ProductVersion
1.5.2

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Apache Software Foundation

CodeSize
245248

ProductName
Apache Portable Runtime Project

ProductVersionNumber
1.5.2.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 9f494d481aaafc92d13cca38ffbad429
SHA1 98d774cf200afcdba6ea99ca7b41fa33cb6988c0
SHA256 89d83db1d5aa9f8480fac867af5dfa401ed21e7ff09c71fb1ff1c85833ba45f5
ssdeep
3072:gzY/7BJeP4NS61j8irpjECF5dgVcQ/Ie585Iblrz:CYDBg4NX1jJRr2V/ge585Ihf

authentihash eeef30cc9dcd8bd76f0ed74110ae9300149fec131a048b067eac6d4bcc27ebf8
imphash 1233a6b230e6503a78a94bdb60786809
File size 339.5 KB ( 347648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (25.2%)
Clipper DOS Executable (25.0%)
Generic Win/DOS Executable (24.8%)
DOS Executable Generic (24.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-14 09:57:43 UTC ( 4 months ago )
Last submission 2018-10-14 09:57:43 UTC ( 4 months ago )
File names libapr-1.dll
libapr-1
zqyCE7zCx1Sfi.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!