× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 903d299b366ef1ba11538924dd57811aff80b8b91123889b872a098639a8effa
File name: 903d299b366ef1ba11538924dd57811aff80b8b91123889b872a098639a8effa
Detection ratio: 35 / 57
Analysis date: 2015-05-14 03:54:56 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.138897 20150514
Yandex Trojan.Foreign!ZjV7jQBkCoE 20150513
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20150514
Avast Win32:Malware-gen 20150514
AVG Win32/Cryptor 20150514
Avira (no cloud) TR/Crypt.ZPACK.143066 20150514
AVware Trojan.Win32.Generic!BT 20150514
Baidu-International Trojan.Win32.Ransom.77 20150513
BitDefender Gen:Variant.Zusy.138897 20150514
Cyren W32/S-0b92b060!Eldorado 20150513
Emsisoft Gen:Variant.Zusy.138897 (B) 20150514
ESET-NOD32 a variant of Generik.IEGFTDB 20150514
F-Prot W32/S-0b92b060!Eldorado 20150514
F-Secure Gen:Variant.Zusy.138897 20150514
Fortinet W32/Hra.CK!tr 20150514
GData Gen:Variant.Zusy.138897 20150514
Ikarus Win32.Cryptor 20150514
K7AntiVirus Riskware ( 0040eff71 ) 20150513
K7GW Riskware ( 0040eff71 ) 20150514
Kaspersky Trojan-Ransom.Win32.Foreign.mhmy 20150514
McAfee RDN/Generic.hra!ck 20150514
McAfee-GW-Edition RDN/Generic.hra!ck 20150514
Microsoft Trojan:Win32/Dynamer!ac 20150514
eScan Gen:Variant.Zusy.138897 20150514
Norman Troj_Generic_2.JPNL 20150513
Panda Trj/Genetic.gen 20150513
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150514
Sophos AV Mal/Generic-S 20150514
Symantec Trojan.Gen 20150514
Tencent Trojan.Win32.YY.Gen.30 20150514
TheHacker Trojan/Generik.IEGFTDB 20150514
TrendMicro TROJ_GEN.R00UC0FE415 20150514
TrendMicro-HouseCall TROJ_GEN.R00UC0FE415 20150514
VBA32 BScope.Trojan.Diple 20150513
VIPRE Trojan.Win32.Generic!BT 20150514
AegisLab 20150514
AhnLab-V3 20150513
Alibaba 20150514
ALYac 20150521
Bkav 20150513
ByteHero 20150514
CAT-QuickHeal 20150513
ClamAV 20150513
CMC 20150513
Comodo 20150521
DrWeb 20150514
Jiangmin 20150513
Kingsoft 20150514
Malwarebytes 20150513
NANO-Antivirus 20150514
nProtect 20150513
Rising 20150513
SUPERAntiSpyware 20150514
TotalDefense 20150513
ViRobot 20150514
Zillya 20150513
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2006-2014

Product Q-Dir SoftwareOK.com
Original name Q-Dir.exe
Internal name Q-Dir 6.05
File version 6, 0, 5, 0
Description Q-Dir
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-27 17:34:10
Entry Point 0x0000A172
Number of sections 4
PE sections
PE imports
RegEnumKeyExA
CryptHashToBeSigned
PatBlt
PeekNamedPipe
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReleaseMutex
SetHandleCount
DeactivateActCtx
GetModuleHandleW
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
CancelWaitableTimer
GetEnvironmentStrings
GetSystemTime
GetLocaleInfoA
GetCurrentProcessId
GetNamedPipeHandleStateA
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetCommBreak
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
ExitProcess
GetCPInfo
GetStringTypeA
FreeEnvironmentStringsW
IsSystemResumeAutomatic
SetUnhandledExceptionFilter
WaitForDebugEvent
GetCurrentProcess
MulDiv
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
SetMailslotInfo
EscapeCommFunction
GetFileAttributesExW
MoveFileA
TerminateProcess
QueryPerformanceCounter
IsValidCodePage
HeapCreate
WriteFile
FlushInstructionCache
VirtualFree
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetProcessVersion
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetStartupInfoA
SetLastError
LeaveCriticalSection
GetCaretBlinkTime
GetForegroundWindow
GetOpenClipboardWindow
UpdateWindow
ReleaseCapture
AnyPopup
WaitForInputIdle
VkKeyScanExA
GetUserObjectInformationW
GetNextDlgGroupItem
ArrangeIconicWindows
GetListBoxInfo
GetNextDlgTabItem
DefFrameProcW
OpenIcon
VkKeyScanA
MoveWindow
GetMessageExtraInfo
IsWindowEnabled
GetMenuDefaultItem
GetWindowRgn
CheckMenuItem
PrintWindow
GetAltTabInfoA
DrawIconEx
GetDesktopWindow
GetKeyboardLayoutList
RegisterRawInputDevices
EnableMenuItem
GetSubMenu
IsCharUpperA
GetMenuItemCount
MonitorFromPoint
MapVirtualKeyExW
DeferWindowPos
ExcludeUpdateRgn
IsCharUpperW
GetFocus
ReleaseDC
GetActiveWindow
IsWindowUnicode
GetGUIThreadInfo
NotifyWinEvent
GetMenuContextHelpId
ReplyMessage
OpenClipboard
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
36864

ImageVersion
0.0

ProductName
Q-Dir SoftwareOK.com

FileVersionNumber
6.0.5.0

LanguageCode
German

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

Company
Nenad Hrg (SoftwareOK.de)

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
Q-Dir.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6, 0, 5, 0

TimeStamp
2015:04:27 19:34:10+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Q-Dir 6.05

SubsystemVersion
5.0

ProductVersion
6, 0, 5, 0

FileDescription
Q-Dir

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2006-2014

MachineType
Intel 386 or later, and compatibles

CompanyName
Nenad Hrg (SoftwareOK.com)

CodeSize
61952

FileSubtype
0

ProductVersionNumber
6.0.5.0

EntryPoint
0xa172

ObjectFileType
Dynamic link library

File identification
MD5 a59bbc730c7c2ea84fb6169006075ebe
SHA1 eb17621f5ec1ff64bd1cd4d44d78667336697d35
SHA256 903d299b366ef1ba11538924dd57811aff80b8b91123889b872a098639a8effa
ssdeep
1536:Wua9O1SrtoLLXz5Y/N6rFRB76HkyndmAPSxu+Jg+y5ZRm673YxtJIl:WR01vnlY/YFR+I9xu+e5267CIl

authentihash 6baad3bcb0d7bb3d5567830dc2d2e05f6a810e8c5ef190896b04ea5b897c1a72
imphash ae7686d8bb8eba4749dfc265c2dafe91
File size 97.5 KB ( 99840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Executable MS Visual C++ (generic) (26.5%)
Win64 Executable (generic) (23.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-04-28 15:30:31 UTC ( 3 years, 9 months ago )
Last submission 2019-01-31 07:34:25 UTC ( 2 weeks, 3 days ago )
File names 903D299B366EF1BA11538924DD57811AFF80B8B91123889B872A098639A8EFFA
Q-Dir.exe
Q-Dir 6.05
903d299b366ef1ba11538924dd57811aff80b8b91123889b872a098639a8effa.bin
ecf66151c99194581a7bbe3007234753015edcce.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications