× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d73323e599d543e29e9dedbb01e85f9a5e7c3e5672bfa0ceef41a9847c2ec45
File name: UniExtract
Detection ratio: 34 / 57
Analysis date: 2016-11-15 10:35:06 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3680630 20161115
AegisLab Troj.Ransom.W32.Foreign!c 20161115
AhnLab-V3 Trojan/Win32.Foreign.N2143998232 20161114
ALYac Trojan.GenericKD.3680630 20161115
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20161115
Arcabit Trojan.Generic.D382976 20161115
Avast Win32:Malware-gen 20161115
AVG Generic_r.OVV 20161115
AVware Trojan.Win32.Generic!BT 20161115
BitDefender Trojan.GenericKD.3680630 20161115
Comodo TrojWare.Win32.Cerber.AV 20161115
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.WUSD-4183 20161115
Emsisoft Trojan.GenericKD.3680630 (B) 20161115
ESET-NOD32 a variant of Win32/Kryptik.FIWU 20161115
F-Secure Trojan.GenericKD.3680630 20161115
Fortinet W32/Foreign.NHYC!tr 20161115
GData Trojan.GenericKD.3680630 20161115
Ikarus Trojan.Win32.Crypt 20161115
Sophos ML ransom.win32.troldesh.a 20161018
Kaspersky Trojan-Ransom.Win32.Foreign.nhyc 20161115
McAfee RDN/Ransom 20161115
McAfee-GW-Edition BehavesLike.Win32.Dropper.gc 20161115
eScan Trojan.GenericKD.3680630 20161115
nProtect Ransom/W32.Foreign.420864 20161115
Panda Trj/GdSda.A 20161114
Rising Malware.XPACK-HIE/Heur!1.9C48 (classic) 20161115
Sophos AV Mal/Generic-S 20161115
Symantec Infostealer.Limitail 20161115
Tencent Win32.Trojan.Foreign.Efbf 20161115
TrendMicro Ransom_Foreign.R02KC0PK716 20161115
TrendMicro-HouseCall Ransom_Foreign.R02KC0PK716 20161115
VIPRE Trojan.Win32.Generic!BT 20161115
Yandex Trojan.Foreign!82uPIYa9B4g 20161114
Alibaba 20161115
Avira (no cloud) 20161115
Baidu 20161115
Bkav 20161112
CAT-QuickHeal 20161115
ClamAV 20161115
CMC 20161115
DrWeb 20161115
F-Prot 20161115
Jiangmin 20161115
K7AntiVirus 20161115
K7GW 20161115
Kingsoft 20161115
Malwarebytes 20161115
Microsoft 20161115
NANO-Antivirus 20161115
Qihoo-360 20161115
SUPERAntiSpyware 20161115
TheHacker 20161115
TotalDefense 20161115
VBA32 20161114
ViRobot 20161115
Zillya 20161114
Zoner 20161115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
GNU General Public License v2

Product Universal Extractor
Original name UniExtractsetup.exe
Internal name UniExtract
File version 1.6.1.2
Description Universal Extract Program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-30 19:08:04
Entry Point 0x00006B2A
Number of sections 4
PE sections
PE imports
QueryServiceConfig2A
CloseServiceHandle
QueryServiceConfigA
OpenServiceA
SetServiceStatus
CreateProcessAsUserA
ChangeServiceConfigA
LogonUserA
ImpersonateLoggedOnUser
OpenSCManagerA
RegisterServiceCtrlHandlerA
ImageList_ReplaceIcon
ImageList_Create
ImageList_BeginDrag
ImageList_Draw
ImageList_DragEnter
ChooseColorA
Polygon
CreatePen
GetRgnBox
Rectangle
GetObjectA
LineTo
DeleteDC
ChoosePixelFormat
CreateHatchBrush
CreatePatternBrush
MoveToEx
GetDIBits
SetPixelFormat
ExtSelectClipRgn
RoundRect
CreateRectRgn
GetClipRgn
CreateSolidBrush
SelectObject
SetBkColor
DeleteObject
Ellipse
CreateCompatibleDC
ImmGetCandidateWindow
ImmIsIME
ImmGetCompositionFontA
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
SetSystemTime
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
EnumTimeFormatsA
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
LoadResource
InterlockedDecrement
SetLastError
GetUserDefaultLangID
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
SetPriorityClass
TerminateProcess
WriteConsoleA
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetProcAddress
GetProcessHeap
lstrcpyA
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
WNetAddConnectionA
WNetGetConnectionA
acmFormatChooseA
acmMetrics
acmDriverOpen
NetServerEnum
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantInit
wglDeleteContext
wglCreateContext
SHBrowseForFolderA
TcModifyFlow
TcOpenInterfaceW
GetParent
EndDialog
BeginPaint
GetUserObjectInformationA
TrackMouseEvent
PostQuitMessage
DefWindowProcA
GetIconInfo
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
EndPaint
SetCapture
MessageBoxA
GetWindowDC
SetWindowLongA
AdjustWindowRectEx
DialogBoxParamA
GetWindow
GetDC
GetCursorPos
ReleaseDC
SetWindowTextA
GetMenu
GetWindowLongA
IsWindowVisible
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
EnableMenuItem
GetThreadDesktop
InvalidateRect
wsprintfA
SetTimer
LoadImageA
GetWindowTextA
PtInRect
DestroyWindow
inet_addr
GdipDisposeImage
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateHBITMAPFromBitmap
OleCreateStaticFromData
CoInitialize
StgCreateDocfileOnILockBytes
CoCreateGuid
CoCreateInstance
StringFromCLSID
CreateFileMoniker
OleGetClipboard
OleSetContainedObject
CreateILockBytesOnHGlobal
Number of PE resources by type
RT_RCDATA 6
RT_STRING 4
RT_GROUP_CURSOR 3
RT_CURSOR 3
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.1.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
35840

EntryPoint
0x6b2a

OriginalFileName
UniExtractsetup.exe

MIMEType
application/octet-stream

LegalCopyright
GNU General Public License v2

FileVersion
1.6.1.2

TimeStamp
2016:10:30 20:08:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UniExtract

ProductVersion
1.6.1.2

FileDescription
Universal Extract Program

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
koros aka ya158

CodeSize
384000

ProductName
Universal Extractor

ProductVersionNumber
1.6.1.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8eb3de0f1629da135925e8bb998e9d86
SHA1 5dda8ada403dae29a0b3862b0c30f0861472842f
SHA256 9d73323e599d543e29e9dedbb01e85f9a5e7c3e5672bfa0ceef41a9847c2ec45
ssdeep
12288:0vyz1gMdooD8nlZ49RrDNOz+ocfo6FL2XPeC:02gMe49RrDMsA6FaGC

authentihash 3d963d288ba69a9244bc1c054a83e79c0c63666285210592da76d59fcac4de05
imphash 78a3ac85064b0a1ca2c884f5386ebb95
File size 411.0 KB ( 420864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-31 16:01:17 UTC ( 2 years, 4 months ago )
Last submission 2016-10-31 16:01:17 UTC ( 2 years, 4 months ago )
File names UniExtract
AB00.tmp
UniExtractsetup.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1031.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications