× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a435b1c48ca08fc842fa90d8294902c43b5ad5880c9170b4ca2f896232be67f
File name: intel
Detection ratio: 15 / 64
Analysis date: 2017-09-19 13:00:50 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AegisLab Ransom.Hplocky.Sme!c 20170919
AhnLab-V3 Win-Trojan/Sagecrypt.Gen 20170919
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20170919
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170919
Endgame malicious (high confidence) 20170821
Sophos ML heuristic 20170914
Palo Alto Networks (Known Signatures) generic.ml 20170919
Qihoo-360 HEUR/QVM10.1.F33F.Malware.Gen 20170919
Rising Malware.Heuristic!ET#99% (rdm+) 20170919
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170919
TrendMicro Ransom_HPLOCKY.SME 20170919
TrendMicro-HouseCall Ransom_HPLOCKY.SME 20170919
Webroot W32.Trojan.Gen 20170919
Ad-Aware 20170919
Alibaba 20170911
ALYac 20170919
Antiy-AVL 20170919
Arcabit 20170919
Avast 20170919
Avast-Mobile 20170829
AVG 20170919
Avira (no cloud) 20170919
AVware 20170919
BitDefender 20170919
CAT-QuickHeal 20170919
ClamAV 20170919
CMC 20170919
Comodo 20170918
Cyren 20170919
DrWeb 20170919
Emsisoft 20170919
ESET-NOD32 20170919
F-Prot 20170919
F-Secure 20170919
Fortinet 20170919
GData 20170919
Ikarus 20170919
Jiangmin 20170919
K7AntiVirus 20170919
K7GW 20170919
Kaspersky 20170919
Kingsoft 20170919
Malwarebytes 20170919
MAX 20170919
McAfee 20170919
McAfee-GW-Edition 20170919
Microsoft 20170919
eScan 20170919
NANO-Antivirus 20170919
nProtect 20170919
Panda 20170918
Sophos AV 20170919
SUPERAntiSpyware 20170919
Symantec Mobile Insight 20170917
Tencent 20170919
TheHacker 20170916
Trustlook 20170919
VBA32 20170919
VIPRE 20170919
ViRobot 20170919
WhiteArmor 20170829
Yandex 20170908
Zillya 20170919
ZoneAlarm by Check Point 20170919
Zoner 20170919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©. All rights reserved. Moritz Bunkus

Product Arq
Original name Arq.exe
Description Mtivates Integers Educators Compassion Gm Ip
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-14 09:36:27
Entry Point 0x0000CD66
Number of sections 4
PE sections
PE imports
SetServiceObjectSecurity
SetServiceBits
GetOpenFileNameA
GetObjectA
ExtTextOutW
SetMapMode
DeleteDC
SelectObject
CreatePen
GetMapMode
CreateBitmap
SetWindowExtEx
SetTextAlign
CreateSolidBrush
DeleteObject
BitBlt
SetBkColor
CreateCompatibleDC
GetBkColor
CreateCompatibleBitmap
SetTextColor
DPtoLP
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetLocaleInfoA
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
GetModuleHandleW
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
EncodePointer
GetLocaleInfoW
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
HeapSetInformation
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
TerminateProcess
IsValidCodePage
HeapCreate
GlobalAlloc
FindClose
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
GetDeviceDriverFileNameA
EnumProcesses
EnumPageFilesA
GetDeviceDriverBaseNameA
InitializeProcessForWsWatch
EnumDeviceDrivers
RasSetEapUserDataA
GetForegroundWindow
BeginPaint
HideCaret
FindWindowW
SetWindowPos
EndPaint
SetWindowPlacement
SetCapture
AdjustWindowRectEx
GetSysColor
GetMenuItemID
CreatePopupMenu
GetWindowPlacement
GetClientRect
InvalidateRect
GetSubMenu
CreateMenu
LoadCursorA
GetMenuItemCount
GetWindowTextW
FillRect
DestroyWindow
waveOutSetVolume
waveOutPrepareHeader
waveInAddBuffer
waveOutClose
waveOutUnprepareHeader
waveInClose
waveInUnprepareHeader
waveInPrepareHeader
waveOutWrite
Number of PE resources by type
RT_STRING 11
Struct(240) 9
RT_BITMAP 7
RDATA 4
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
DANISH DEFAULT 36
PE resources
ExifTool file metadata
LegalTrademarks
Copyright . All rights reserved. Moritz Bunkus

UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.2.6.2

LanguageCode
Danish

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
245760

EntryPoint
0xcd66

OriginalFileName
Arq.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright . All rights reserved. Moritz Bunkus

TimeStamp
2017:09:14 10:36:27+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

ProductVersion
9.2.6.2

FileDescription
Mtivates Integers Educators Compassion Gm Ip

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Moritz Bunkus

CodeSize
108032

ProductName
Arq

ProductVersionNumber
9.2.6.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f18afa3417b8b9ed313db769117a2280
SHA1 02e5cc05d9dfdcc36d65e05f80943db6d46d953c
SHA256 9a435b1c48ca08fc842fa90d8294902c43b5ad5880c9170b4ca2f896232be67f
ssdeep
6144:FLIstNt6tYUWE2//vaOepLuy5hW2e/4iyFC/WUZ91tbAIm6PCFDzaCojewH+1X+:5TUWE2//v3epLuauAiycuk91tbAIhEzc

authentihash 3c8f49fc974332efc16bd297a1a50385f13104c09c4b4eb68486ada2ed92c131
imphash 7358b86e68cf712ff942cf045171aac1
File size 346.5 KB ( 354816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (61.9%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (8.9%)
OS/2 Executable (generic) (4.0%)
Clipper DOS Executable (4.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-19 12:09:38 UTC ( 1 year, 5 months ago )
Last submission 2018-05-24 00:08:25 UTC ( 9 months ago )
File names f18afa3417b8b9ed313db769117a2280.vir
aqua
intel
f18afa3417b8b9ed313db769117a2280.virobj
Arq.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications