× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a6b140ec734c258c5ebf19c0bc0b414b5655adc00108a038b5be6a8f83d0bd03
File name: hkqmrn.sys
Detection ratio: 51 / 67
Analysis date: 2018-11-08 19:37:11 UTC ( 4 months, 1 week ago )
Antivirus Result Update
Ad-Aware Rootkit.75040 20181108
AegisLab Trojan.Multi.Generic.4!c 20181108
ALYac Rootkit.75040 20181108
Antiy-AVL Virus/Win32.Sality.aa 20181108
Arcabit Rootkit.D12520 20181108
Avast Win32:Malware-gen 20181108
AVG Win32:Malware-gen 20181108
Avira (no cloud) RKIT/Sality.A 20181108
Baidu Win32.Trojan.Sality.j 20181108
BitDefender Rootkit.75040 20181108
Bkav W32.VodkaXAAN.Worm 20181108
CAT-QuickHeal Trojan.Sality 20181108
ClamAV Win.Trojan.Sality-56 20181108
CMC Generic.Win32.8ac1e580cf!CMCRadar 20181108
Cybereason malicious.0cf274 20180225
Cylance Unsafe 20181108
DrWeb Win32.Sector.12 20181108
Emsisoft Rootkit.75040 (B) 20181108
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Sality.NAR 20181108
F-Secure Rootkit.75040 20181108
Fortinet W32/KillAV.TH!tr 20181108
GData Rootkit.75040 20181108
Ikarus Virus.Win32.Sality 20181108
Jiangmin Rootkit.KuKu.b 20181108
K7AntiVirus RootKit ( 0013bccf1 ) 20181108
K7GW RootKit ( 0013bccf1 ) 20181108
Kaspersky UDS:DangerousObject.Multi.Generic 20181108
Malwarebytes Virus.Sality 20181108
MAX malware (ai score=100) 20181108
McAfee NTRootKit-AB 20181108
McAfee-GW-Edition NTRootKit-AB 20181108
Microsoft Trojan:WinNT/Sality 20181108
eScan Rootkit.75040 20181108
NANO-Antivirus Trojan.Win32.Sality.botxqt 20181108
Panda Rootkit/Sality.AM 20181108
Qihoo-360 Win32/Trojan.c30 20181108
Rising Virus.Sality!8.35A (CLOUD) 20181108
Sophos AV Troj/RKSal-Gen 20181108
SUPERAntiSpyware Rootkit.Agent/Gen 20181107
Symantec Hacktool 20181108
TACHYON Trojan/W32.Agent.5669 20181108
Tencent Trojan.Win32.RootKit.bzj 20181108
TotalDefense Win32/Sality.AA!Rootkit 20181108
TrendMicro RTKT_SALITY.AR 20181108
TrendMicro-HouseCall RTKT_SALITY.AR 20181108
VBA32 Rootkit.Win32.Sality.baka 20181108
VIPRE Trojan.Win32.Generic!BT 20181108
ViRobot Trojan.Win32.S.RT-Agent.5669 20181108
Yandex Rootkit.Sality!omZeL2niSl4 20181108
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181108
AhnLab-V3 20181108
Alibaba 20180921
Avast-Mobile 20181108
Babable 20180918
CrowdStrike Falcon (ML) 20181022
Cyren 20181108
F-Prot 20181108
Sophos ML 20181108
Kingsoft 20181108
Palo Alto Networks (Known Signatures) 20181108
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181108
TheHacker 20181108
Trustlook 20181108
Webroot 20181108
Zillya 20181107
Zoner 20181108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-10-04 18:52:16
Entry Point 0x0000072F
Number of sections 5
PE sections
Overlays
MD5 4f757db936228f2839bd17beed796842
File type data
Offset 5184
Size 485
Entropy 2.79
PE imports
RtlInitUnicodeString
PsLookupProcessByProcessId
IoGetDeviceObjectPointer
KeInitializeEvent
strlen
_except_handler3
DbgPrint
IoCreateDevice
IoBuildDeviceIoControlRequest
KeClearEvent
KeCancelTimer
ExAllocatePoolWithTag
PsTerminateSystemThread
IofCompleteRequest
NtBuildNumber
KeSetTimer
KeSetEvent
KeInitializeTimer
ObReferenceObjectByHandle
ObfDereferenceObject
IofCallDriver
memcpy
IoCreateSymbolicLink
ObOpenObjectByPointer
PsCreateSystemThread
KeWaitForSingleObject
ZwClose
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:10:04 19:52:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3264

LinkerVersion
5.12

FileTypeExtension
exe

InitializedDataSize
1280

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x072f

OSVersion
5.0

ImageVersion
5.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 8ac1e580cf274b3ca98124580e790706
SHA1 e010f298c086c2e1d7265fd18aea2dfbaa9dcd35
SHA256 a6b140ec734c258c5ebf19c0bc0b414b5655adc00108a038b5be6a8f83d0bd03
ssdeep
96:eYtNn0TXtPVSDHawANDfq4bV1f7fn/33dMg7D:eYD0TXNVCLANT/b7n9Mg/

authentihash 49e2ed697970dfb2aefb9935a54829ca389952611ef39ca644e0e33c7a26a9bd
imphash 1f5d19fc6ff4381ea0389d897da2cc57
File size 5.5 KB ( 5669 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe overlay native

VirusTotal metadata
First submission 2008-09-19 19:01:16 UTC ( 10 years, 6 months ago )
Last submission 2018-11-08 19:37:11 UTC ( 4 months, 1 week ago )
File names gmfrn.sys
jdsmle.sys
ujlrm.sys
nlkgn.sys
httnfm.sys
rjjgd.sys
8ac1e580cf274b3ca98124580e790706
rqonon.sys
upphnn.sys
omqlv.sys
iiqshj.sys
ipmqhk.sys
pngpln.sys
emjgsn.sys
rfhmmn.sys
kgohm.sys
lpkjnn.sys
a6b140ec734c258c_kkogrq.sys
elgokr.sys
igfnlk.sys
a6b140ec734c258c_limmrn.sys
rqmln.sys
a6b140ec734c258c_lglsmq.sys
upgpo.sys
a6b140ec734c258c_lpljqn.sys
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!