× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a38dbae35d832be4f2222c06f5bcc9efb55adc4e0958d3f2edf65e3094ad100c
File name: QTN.rc
Detection ratio: 43 / 56
Analysis date: 2015-10-26 23:32:27 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Symmi.17824 20151027
AVG Generic_s.AXL 20151026
AVware Trojan.Win32.FakeSysDef.g (v) 20151026
Ad-Aware Gen:Variant.Symmi.17824 20151027
AhnLab-V3 Trojan/Win32.FakeAlert 20151026
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20151027
Arcabit Trojan.Symmi.D45A0 20151027
Avast Win32:Malware-gen 20151027
Avira TR/Urausy.59904125 20151027
Baidu-International Adware.Win32.iBryte.AWUM 20151026
BitDefender Gen:Variant.Symmi.17824 20151027
Bkav HW32.Packed.DC41 20151026
CAT-QuickHeal Trojan.FakeAV 20151027
Comodo TrojWare.Win32.Trojan.Agent.Gen 20151027
DrWeb Trojan.Fakealert.37629 20151027
ESET-NOD32 a variant of Win32/Kryptik.AWUM 20151027
Emsisoft Gen:Variant.Symmi.17824 (B) 20151027
F-Secure Gen:Variant.Symmi.17824 20151027
Fortinet W32/FakeAV.RY!tr 20151026
GData Gen:Variant.Symmi.17824 20151027
Ikarus Trojan.Win32.FakeSysdef 20151027
K7AntiVirus Backdoor ( 04c509701 ) 20151026
K7GW Backdoor ( 04c509701 ) 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151027
Malwarebytes Trojan.FakeAV 20151026
McAfee Fake-SysDef-FIH!BE52E7E38B9B 20151027
McAfee-GW-Edition Fake-SysDef-FIH!BE52E7E38B9B 20151027
MicroWorld-eScan Gen:Variant.Symmi.17824 20151027
Microsoft Trojan:Win32/FakeSysdef 20151027
NANO-Antivirus Trojan.Win32.Fakealert.cqprdt 20151026
Panda Trj/Genetic.gen 20151026
Qihoo-360 Win32/Trojan.e6d 20151027
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20151027
Sophos Mal/FakeAV-RY 20151027
Symantec Trojan.FakeAV 20151026
Tencent Win32.Trojan.Agent.cuby 20151027
TheHacker Trojan/Kryptik.awum 20151026
TrendMicro TROJ_SPNR.16DO13 20151027
TrendMicro-HouseCall TROJ_SPNR.16DO13 20151027
VBA32 TrojanFakeAV.FakeSysDef 20151026
VIPRE Trojan.Win32.FakeSysDef.g (v) 20151027
nProtect Trojan/W32.Agent.301568.EW 20151026
AegisLab 20151026
Agnitum 20151026
Alibaba 20151026
ByteHero 20151027
CMC 20151026
ClamAV 20151027
Cyren 20151027
F-Prot 20151027
Jiangmin 20151026
TotalDefense 20151026
ViRobot 20151026
Zillya 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2011

Publisher QTN
Product QTN
Original name QTN.rc
Internal name QTN.rc
File version 2,8,1,7
Description QTN
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-24 09:43:49
Link date 10:43 AM 3/24/2013
Entry Point 0x00001EB6
Number of sections 4
PE sections
PE imports
VirtualAllocEx
GetProcAddress
GetStartupInfoA
GetModuleHandleA
_except_handler3
__p__fmode
_acmdln
_exit
_adjust_fdiv
__setusermatherr
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__p__commode
__set_app_type
NetMessageNameAdd
NetAuditRead
NetConfigGet
NetGetJoinableOUs
NetGetDCName
NetFileGetInfo
NetMessageBufferSend
NetErrorLogClear
NetGetJoinInformation
NetConnectionEnum
NetGroupAdd
NetConfigGetAll
EndDeferWindowPos
ChildWindowFromPointEx
SetDlgItemTextA
GetWindowRect
ShowOwnedPopups
OpenIcon
EnumWindows
MoveWindow
GetDlgItemTextA
ChildWindowFromPoint
FindWindowA
DialogBoxParamA
ShowWindow
IsIconic
AdjustWindowRect
ScriptString_pcOutChars
ScriptStringXtoCP
ScriptBreak
ScriptStringGetOrder
ScriptString_pLogAttr
ScriptFreeCache
ScriptLayout
ScriptShape
ScriptIsComplex
ScriptStringOut
ScriptTextOut
ScriptCacheGetHeight
ScriptGetFontProperties
ScriptCPtoX
ScriptItemize
ScriptJustify
GetThemeSysBool
GetThemeSysColor
GetThemeColor
GetThemeAppProperties
DrawThemeIcon
SetThemeAppProperties
IsThemeActive
EnableThemeDialogTexture
DrawThemeText
GetThemeEnumValue
DrawThemeBackground
GetThemeSysInt
GetThemeMargins
GetThemeSysSize
WTSSetUserConfigA
WTSEnumerateSessionsA
WTSSendMessageA
WTSVirtualChannelWrite
WTSSetUserConfigW
WTSOpenServerA
WTSCloseServer
WTSFreeMemory
WTSLogoffSession
WTSEnumerateSessionsW
WTSVirtualChannelClose
WTSEnumerateServersW
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSVirtualChannelQuery
WTSEnumerateServersA
Number of PE resources by type
RT_DIALOG 6
RT_ICON 4
RT_GROUP_ICON 2
RT_MANIFEST 1
Struct(190) 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 16
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.32

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.8.1.7

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
626688

EntryPoint
0x1eb6

OriginalFileName
QTN.rc

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2011

FileVersion
2,8,1,7

TimeStamp
2013:03:24 10:43:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
QTN.rc

ProductVersion
2,8,1,7

FileDescription
QTN

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
QTN

CodeSize
4608

ProductName
QTN

ProductVersionNumber
2.8.1.7

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 be52e7e38b9b467c51972cc841e7e487
SHA1 711562eef8e44c684b707410ec93910021da8074
SHA256 a38dbae35d832be4f2222c06f5bcc9efb55adc4e0958d3f2edf65e3094ad100c
ssdeep
6144:YzwmvuPOluzzLV2DmKCTWWo0TJGbHLyOyiWJiakA701YE:uvijzB2DSTzdQb31WwakI0SE

authentihash 027ed182a0c77d7349a343cc09159609d87ce78707edc0dac47c2c07391b44c7
imphash 8b3e8a530e1b78c58993a22c17410e11
File size 294.5 KB ( 301568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-23 01:09:00 UTC ( 2 years, 9 months ago )
Last submission 2013-10-23 17:29:26 UTC ( 2 years, 3 months ago )
File names be52e7e38b9b467c51972cc841e7e487
ya.exe
QTN.rc
75ac73a6a6f83c68a80614af302ce121-75ac73a6a6f83c68a80614af302ce121-1366679323
vti-rescan
output.10412004.txt
file-5433060_arl
10412004
eknXhqrKnsXlF.exe_1367248509.arl
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications