× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b7b28e855b8c6225c605330760ff4dc407efc83f72f1a04e974a72189d0f1d96
File name: winhmesv.exe
Detection ratio: 61 / 64
Analysis date: 2017-09-26 23:22:31 UTC ( 1 year, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.AYVR 20170927
AegisLab Backdoor.W32.Mazben.iu!c 20170926
AhnLab-V3 Trojan/Win32.CSon.R2002 20170926
ALYac Worm.Bagle-CF 20170926
Antiy-AVL Trojan[Backdoor]/Win32.Mazben 20170926
Arcabit Trojan.Agent.AYVR 20170926
Avast Win32:Malware-gen 20170926
AVG Win32:Malware-gen 20170926
Avira (no cloud) TR/Proxy.Pramro.F.4 20170927
AVware Trojan.Win32.Generic!BT 20170926
Baidu Win32.Virus.Agent.x 20170926
BitDefender Trojan.Agent.AYVR 20170926
CAT-QuickHeal TrojanProxy.Pramro.MUE.A3 20170926
ClamAV Win.Trojan.Pramro-1 20170926
CMC Trojan.Win32.Agent!O 20170926
Comodo Backdoor.Win32.Agent.lec 20170926
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170927
Cyren W32/Heuristic-170!Eldorado 20170926
DrWeb Trojan.NtRootKit.6725 20170926
Emsisoft Trojan.Agent.AYVR (B) 20170926
Endgame malicious (moderate confidence) 20170821
ESET-NOD32 Win32/Agent.HLU 20170926
F-Prot W32/Heuristic-170!Eldorado 20170926
F-Secure Trojan-Proxy:W32/Pramro.D 20170927
Fortinet W32/Mazben.IU!tr 20170926
GData Win32.Trojan.Agent.TG8U1V 20170926
Ikarus Virus.Win32.Sality 20170926
Sophos ML heuristic 20170914
Jiangmin Backdoor.Generic.ubc 20170926
K7AntiVirus Proxy-Program ( 003c29991 ) 20170926
K7GW Proxy-Program ( 003c29991 ) 20170926
Kaspersky Backdoor.Win32.Mazben.iu 20170926
Kingsoft Win32.Hack.Undef.(kcloud) 20170927
MAX malware (ai score=85) 20170926
McAfee Generic.oa 20170926
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.lc 20170926
Microsoft TrojanProxy:Win32/Pramro.F 20170927
eScan Trojan.Agent.AYVR 20170926
NANO-Antivirus Trojan.Win32.Mazben.brsrrd 20170926
Palo Alto Networks (Known Signatures) generic.ml 20170927
Panda Trj/Agent.IVN 20170926
Qihoo-360 HEUR/Malware.QVM11.Gen 20170927
Rising Trojan.Proxy.Win32.Promro.a (C64:YzY0Ouxr6+B9gwhH) 20170926
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/TinyDL-T 20170926
SUPERAntiSpyware Trojan.Agent/Gen 20170926
Symantec Trojan.Pramro 20170926
Tencent Trojan.Win32.Agent.rua 20170927
TheHacker Posible_Worm32 20170925
TrendMicro TROJ_PRAMRO.JEM 20170926
TrendMicro-HouseCall TROJ_PRAMRO.JEM 20170926
VBA32 suspected of Trojan.Downloader.gen.h 20170926
VIPRE Trojan.Win32.Generic!BT 20170926
ViRobot Backdoor.Win32.A.Mazben.12970.H[UPX] 20170926
Webroot W32.Malware.gen 20170927
WhiteArmor Malware.HighConfidence 20170829
Yandex Trojan.Agent!eXUdEQ0oE9o 20170908
Zillya Backdoor.Mazben.Win32.84 20170926
ZoneAlarm by Check Point Backdoor.Win32.Mazben.iu 20170926
Zoner Trojan.Agent.HLU 20170926
Alibaba 20170911
Avast-Mobile 20170926
Malwarebytes 20170926
nProtect 20170926
Symantec Mobile Insight 20170926
Trustlook 20170927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-26 12:10:19
Entry Point 0x0006D5B0
Number of sections 3
PE sections
Overlays
MD5 fae5603d367211741a60cd0369330272
File type data
Offset 11776
Size 1194
Entropy 1.40
PE imports
RegOpenKeyA
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
wsprintfA
InternetOpenA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:09:26 13:10:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

EntryPoint
0x6d5b0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
434176

Execution parents
File identification
MD5 573b6cc513e1b7cd9e35b491eacc38f3
SHA1 38603ce5c4088c7ce6b1e03ff5b8f49ae3667770
SHA256 b7b28e855b8c6225c605330760ff4dc407efc83f72f1a04e974a72189d0f1d96
ssdeep
192:in6t/yKmwStJkuYYml0H9ugU//q7LwZKlgc9O9H+j22IVHAEjZFs9:tyKm/kuEsuMLw4qwO9eLIVgEs9

authentihash b6e58235a82f4f034efd9f4f85da73b4ec775b031e2bc96abf5dbb90c2c6522f
imphash 8b3e82b7c0de59d476ec289f541fcaf8
File size 12.7 KB ( 12970 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe usb-autorun upx overlay

VirusTotal metadata
First submission 2012-09-26 18:24:46 UTC ( 6 years, 2 months ago )
Last submission 2017-09-26 23:22:31 UTC ( 1 year, 2 months ago )
File names winkgts.exe
winjsixel.exe
kyqvpf.exe
fwed.exe
lddgmi.exe
573B6CC513E1B7CD9E35B491EACC38F3
wineelv.exe
wingcagvh.exe
winrtqpk.exe
wineycmt.exe
winsybtq.exe
wingiqx.exe
winodxl.exe
winhrhlp.exe
eahhv.exe
lchyqe.exe
winsdnegh.exe
kobgx.exe
winpwdp.exe
winhmesv.exe
iccekx.exe
F1A8292EAA0F722632020054DE90CC006EC7DD27.exe
uatyvl.exe
oemavt.exe
winugbwf.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!