× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 97cf1a80c334cfd03807b94217a4bcbb00ceb8fb294014e79c6f482028363731
File name: QrUJwsN3Fs.exe
Detection ratio: 20 / 67
Analysis date: 2018-06-17 00:02:01 UTC ( 8 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180616
Avast Win32:Malware-gen 20180617
AVG Win32:Malware-gen 20180617
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180615
Comodo TrojWare.Win32.Dovs.MO 20180616
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180617
Endgame malicious (high confidence) 20180612
Fortinet W32/Kryptik.GHOI!tr 20180617
Kaspersky UDS:DangerousObject.Multi.Generic 20180617
MAX malware (ai score=94) 20180617
McAfee Artemis!238E288DBEE9 20180616
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.fm 20180616
Microsoft Trojan:Win32/Cloxer.D!cl 20180617
Palo Alto Networks (Known Signatures) generic.ml 20180617
Qihoo-360 HEUR/QVM20.1.E471.Malware.Gen 20180617
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180616
Webroot W32.Trojan.Emotet 20180617
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180617
Ad-Aware 20180617
AhnLab-V3 20180616
Alibaba 20180615
ALYac 20180617
Antiy-AVL 20180617
Arcabit 20180616
Avast-Mobile 20180616
Avira (no cloud) 20180616
AVware 20180617
Babable 20180406
BitDefender 20180617
Bkav 20180616
CAT-QuickHeal 20180616
ClamAV 20180617
CMC 20180616
Cybereason 20180225
Cyren 20180617
DrWeb 20180617
eGambit 20180617
Emsisoft 20180617
ESET-NOD32 20180617
F-Prot 20180617
F-Secure 20180617
GData 20180617
Sophos ML 20180601
Jiangmin 20180616
K7AntiVirus 20180616
K7GW 20180616
Kingsoft 20180617
Malwarebytes 20180616
eScan 20180617
NANO-Antivirus 20180617
Panda 20180616
Rising 20180617
Sophos AV 20180616
SUPERAntiSpyware 20180616
Symantec Mobile Insight 20180614
TACHYON 20180616
Tencent 20180617
TheHacker 20180613
TotalDefense 20180616
TrendMicro 20180617
TrendMicro-HouseCall 20180617
Trustlook 20180617
VBA32 20180615
VIPRE 20180617
ViRobot 20180616
Yandex 20180615
Zillya 20180615
Zoner 20180617
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Uniscri
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-17 04:40:23
Entry Point 0x0000100F
Number of sections 6
PE sections
PE imports
ReadEventLogA
LogonUserA
RegCloseKey
CertGetSubjectCertificateFromStore
CertNameToStrA
CertGetCTLContextProperty
CryptSIPLoad
CryptMemRealloc
SetDCPenColor
ModifyWorldTransform
AddFontResourceA
GetTextCharset
GetNetworkParams
EnterCriticalSection
EnumSystemLocalesW
GetTempPathW
GetModuleFileNameA
FlsFree
GetBinaryTypeA
LZSeek
LZInit
VarBstrFromBool
glMultMatrixd
RasGetProjectionInfoA
AssocQueryKeyW
PathSetDlgItemPathW
wsprintfA
GetMessagePos
TrackPopupMenu
CharLowerBuffW
GetInputState
GetMessageExtraInfo
GetDialogBaseUnits
MessageBeep
FindNextPrinterChangeNotification
WSACleanup
SCardLocateCardsW
puts
fgetwc
OleCreateStaticFromData
CLSIDFromString
OleCreateFromData
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Uniscri

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
231936

EntryPoint
0x100f

MIMEType
application/octet-stream

TimeStamp
2018:06:16 21:40:23-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0626.

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
101376

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 238e288dbee9dbf92f798cee23b013f0
SHA1 ece21625e8b2f4012365348c2274a78e471679f2
SHA256 97cf1a80c334cfd03807b94217a4bcbb00ceb8fb294014e79c6f482028363731
ssdeep
1536:3iY7xal/Pk3anqn2n2q9WN0q4p9VXiaUEFr47DMCVLdOx4hg4fhV9Uk:3/+rnnBT9VSaUEFE7BkxAgqU

authentihash a751d01bd6e1ec0fa951b0f3a325a0a0a4f3e352e14acabfb6ac0c23bd3e6a4f
imphash 773f11e4a815f24136b418a5468665ce
File size 322.0 KB ( 329728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-16 21:43:55 UTC ( 8 months ago )
Last submission 2018-07-07 12:09:28 UTC ( 7 months, 1 week ago )
File names 42099.exe
540dcb02b450883ffb4d63bfb7be88a6dcd2b619
45829.exe
07309.exe
97482.exe
9603.exe
2894.exe
2399.exe
30309.exe
76892.exe
QrUJwsN3Fs.exe
35490.exe
238e288dbee9dbf92f798cee23b013f0.virobj
6228.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!