× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a2cc0153a1a5633baead2e7e1e9360fbe2c647faaf59c1d1eafa45141d829f1
File name: kele.exe
Detection ratio: 46 / 64
Analysis date: 2017-08-15 08:45:44 UTC ( 4 days, 2 hours ago )
Antivirus Result Update
Ad-Aware Application.Agent.AQZ 20170815
AhnLab-V3 PUP/Win32.Downloader.C880528 20170814
Antiy-AVL Trojan/Win32.TSGeneric 20170815
Arcabit Application.Agent.AQZ 20170815
Avast Win32:Adware-gen [Adw] 20170815
AVG Win32:Adware-gen [Adw] 20170815
Avira (no cloud) ADWARE/Guagua.dfdg 20170815
AVware Trojan.Win32.Generic!BT 20170815
BitDefender Application.Agent.AQZ 20170815
CAT-QuickHeal Porntool.Guagua 20170814
ClamAV Win.Trojan.Generic-1523 20170815
Comodo Application.Win32.GuaGua.~A 20170814
Cyren W32/S-94c424df!Eldorado 20170815
DrWeb Adware.Downware.10691 20170815
Emsisoft Application.PornTool (A) 20170815
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/PornTool.GuaGua.A potentially unsafe 20170815
F-Prot W32/S-94c424df!Eldorado 20170815
Fortinet Riskware/PornTool_GuaGua 20170815
GData Win32.Application.GuaGua.A 20170815
Ikarus PUA.PornTool.Guagua 20170815
Sophos ML heuristic 20170607
Jiangmin Porn-Tool.GuaGua.a 20170815
K7AntiVirus Unwanted-Program ( 004b9d761 ) 20170814
K7GW Unwanted-Program ( 004b9d761 ) 20170815
Kaspersky not-a-virus:Porn-Tool.Win32.GuaGua.bk 20170815
Kingsoft Win32.ADWARE.Advert.ac.(kcloud) 20170815
Malwarebytes Adware.Agent 20170815
MAX malware (ai score=100) 20170815
McAfee PUP-XBW-KJ 20170815
McAfee-GW-Edition PUP-XBW-KJ 20170814
eScan Application.Agent.AQZ 20170815
NANO-Antivirus Riskware.Win32.Adw.eggoku 20170815
Panda Trj/Genetic.gen 20170814
Rising PUA.PornTool!8.445 (cloud:Fw3Yynjh9AV) 20170815
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Generic PUA OH (PUA) 20170815
Symantec Trojan.Gen.2 20170815
TrendMicro TROJ_GEN.R0EBC0EAU17 20170815
TrendMicro-HouseCall TROJ_GEN.R0EBC0EAU17 20170815
VIPRE Trojan.Win32.Generic!BT 20170815
ViRobot Adware.PornTool.1330792.A 20170815
Webroot Adware.Gen 20170815
Yandex Riskware.GuaGua! 20170814
Zillya Tool.GuaGua.Win32.17 20170815
ZoneAlarm by Check Point not-a-virus:Porn-Tool.Win32.GuaGua.bk 20170815
AegisLab 20170815
Alibaba 20170815
ALYac 20170815
Baidu 20170815
Bkav 20170814
CMC 20170815
CrowdStrike Falcon (ML) 20170804
Cylance 20170815
F-Secure 20170815
Microsoft 20170815
nProtect 20170815
Palo Alto Networks (Known Signatures) 20170815
Qihoo-360 20170815
SUPERAntiSpyware 20170815
Symantec Mobile Insight 20170815
Tencent 20170815
TheHacker 20170814
Trustlook 20170815
VBA32 20170814
WhiteArmor 20170815
Zoner 20170814
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2016 ZheJiang QiJu Technology CO.,LTD

Product GirlShow
Original name GirlShow.exe
Internal name
File version 2.3.0.0
Description GirlShow
Signature verification Signed file, verified signature
Signing date 9:20 AM 3/15/2016
Signers
[+] 浙江齐聚科技有限公司
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer WoSign Class 3 Code Signing CA
Valid from 9:59 AM 11/5/2015
Valid to 9:59 AM 2/5/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 757F4BEC83A1C2D74E8EBA90E1A5AB943F41054D
Serial number 44 36 73 F6 2C 8D 81 95 2B 12 36 8E 02 D3 C6 B7
[+] WoSign Class 3 Code Signing CA
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2024
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 1C554F5B2042DF153C43E156C56F08EED0973EC7
Serial number 46 BB B3 40 FA B9 C1 79 28 93 8C 93 DA 10 86 79
[+] WoSign
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2039
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint B94294BF91EA8FB64BE61097C7FB001359B676CB
Serial number 5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-15 08:17:59
Entry Point 0x0003544F
Number of sections 4
PE sections
Overlays
MD5 6b057db55f5bde94fda42f43e7530feb
File type data
Offset 1323008
Size 7784
Entropy 7.51
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
Ord(17)
_TrackMouseEvent
GetWindowExtEx
SetMapMode
GetRgnBox
SaveDC
TextOutA
CreateRectRgnIndirect
GetClipBox
GetPixel
Rectangle
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SetPixel
SelectObject
DeleteObject
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
ExtSelectClipRgn
CreateCompatibleDC
ScaleViewportExtEx
GetBkColor
GetTextExtentPoint32A
GetMapMode
SetWindowExtEx
GetTextColor
DPtoLP
Escape
GetViewportExtEx
SetViewportExtEx
CreateCompatibleBitmap
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
DebugBreak
DuplicateHandle
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDiskFreeSpaceExA
GetLocaleInfoA
LocalAlloc
lstrcatA
Module32First
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
GetEnvironmentVariableA
LoadResource
FatalExit
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
InitializeCriticalSection
GlobalFindAtomA
HeapAlloc
GetVersionExA
RemoveDirectoryA
GlobalHandle
GetVolumeInformationA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
SetFilePointer
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
OpenProcess
CreateDirectoryA
DeleteFileA
GlobalLock
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
FindNextFileA
Process32First
lstrcmpW
WaitForMultipleObjects
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
GetModuleFileNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
FreeResource
SizeofResource
CreateProcessA
HeapCreate
VirtualQuery
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
SysStringLen
SysStringByteLen
OleCreateFontIndirect
SysAllocString
SafeArrayCreate
VariantCopy
VariantInit
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayUnlock
SafeArrayGetUBound
SysFreeString
SysAllocStringByteLen
SafeArrayLock
VariantChangeType
SafeArrayGetVartype
SafeArrayRedim
SafeArrayCopy
SystemTimeToVariantTime
SysAllocStringLen
VariantClear
GetErrorInfo
ShellExecuteExA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
PathFindExtensionA
PathIsUNCA
PathAddBackslashA
PathQuoteSpacesA
PathRemoveBackslashA
PathCanonicalizeA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathRemoveFileSpecA
PathFileExistsA
MapWindowPoints
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
ScreenToClient
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetWindowContextHelpId
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
CopyAcceleratorTableA
GetTopWindow
ShowCursor
GetActiveWindow
GetWindowTextA
InvalidateRgn
RegisterClassExA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
GetClassInfoExA
ShowWindow
GetPropA
GetNextDlgGroupItem
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetSubMenu
SetTimer
CharNextA
GetSysColorBrush
ReleaseDC
EndPaint
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
PostMessageA
BeginPaint
OffsetRect
ReleaseCapture
KillTimer
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
SetCapture
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
CreateWindowExA
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
GetDC
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
SetLayeredWindowAttributes
EndDialog
CopyRect
GetCapture
MessageBeep
DrawTextExA
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
CallWindowProcA
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
UpdateLayeredWindow
IsWindowVisible
GetDesktopWindow
WinHelpA
SetRect
InvalidateRect
wsprintfA
IsRectEmpty
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
HttpSendRequestA
InternetSetStatusCallback
InternetQueryDataAvailable
HttpAddRequestHeadersA
InternetWriteFile
HttpOpenRequestA
InternetReadFile
InternetCanonicalizeUrlA
InternetCloseHandle
InternetOpenA
InternetGetLastResponseInfoA
InternetConnectA
InternetSetOptionExA
HttpQueryInfoA
InternetSetFilePointer
InternetGetCookieExA
InternetCrackUrlA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
WSAStartup
GetFileTitleA
GdipSetImageAttributesColorKeys
GdipAlloc
GdipCreateImageAttributes
GdipCreateFromHDC
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipDisposeImage
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipFree
GdipCloneImage
GdiplusStartup
GdipGetImageHeight
GdipDrawImageRectI
GdiplusShutdown
GdipDrawImageRectRectI
GdipDeleteGraphics
OleUninitialize
OleCreate
StgOpenStorageOnILockBytes
CreateStreamOnHGlobal
OleFlushClipboard
OleSetContainedObject
CoRegisterMessageFilter
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
OleDraw
CoInitialize
OleInitialize
CoCreateInstance
OleRun
CoTaskMemAlloc
CoInitializeEx
StgCreateDocfileOnILockBytes
CoRevokeClassObject
CLSIDFromProgID
CoFreeUnusedLibraries
OleIsCurrentClipboard
CoTaskMemFree
Number of PE resources by type
IMAGE 16
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 9
RT_DIALOG 8
RT_BITMAP 2
SWF 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 84
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.3.0.0

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
999424

PrivateBuild
GirlShow.exe

EntryPoint
0x3544f

OriginalFileName
GirlShow.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2016 ZheJiang QiJu Technology CO.,LTD

FileVersion
2.3.0.0

TimeStamp
2016:03:15 09:17:59+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.3.0.0

FileDescription
GirlShow

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
339968

ProductName
GirlShow

ProductVersionNumber
2.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bde29dee841faf6a084a57bcc7bf4513
SHA1 e730310f63f16c2737a4d3c9706d93c36941bfd1
SHA256 9a2cc0153a1a5633baead2e7e1e9360fbe2c647faaf59c1d1eafa45141d829f1
ssdeep
24576:WM22RO0fJNGQIJ4N+IuozxB8592YOKGpZNfy7QrCV+XR6I8CWtza5:XRO0fJNq4NGodW5QhKWyOCV+B58v6

authentihash 5bfb8a9846523493462885646da9420852c1c3401cdaaf66011d139dc6db9a6f
imphash f8ade3601e4dde73363912d4497ab95f
File size 1.3 MB ( 1330792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Win64 Executable (generic) (41.0%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
peexe overlay signed via-tor

VirusTotal metadata
First submission 2016-03-16 04:04:14 UTC ( 1 year, 5 months ago )
Last submission 2017-08-15 08:45:44 UTC ( 4 days, 2 hours ago )
File names fc84e8c7-2285-11e7-adaa-80e65024849a.file
d7f47c61-21a1-11e7-aa11-80e65024849a.file
kele_20090198914.exe
kele_20050086614.exe
kele_20090198918.exe
kele_21107073582.exe
kele (1).exe
kele_20090199373.exe
kele_23102590133.exe
kele_20090198492.exe
kele_23102510083.exe
kele_20050086615.exe
kele_21100062408.exe
kele_22091302616.exe
kele_21100017970.exe
kele_23132010351.exe
kele_21117012022.exe
kele_21100066258.exe
Trojan.Guagua.exe
kele_20090197081.exe
GirlShow.exe
kele_21560001733.exe
bde29dee841faf6a084a57bcc7bf4513
kele_20680153278.exe
kele_22093814192.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0EBC0OFN16.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications