× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a578b07eb06e3b7ec15267f92fc5837bbbacc80bf999aa0528bbfc76e742680f
File name: lQyTkWeA9K.exe
Detection ratio: 11 / 63
Analysis date: 2018-03-24 06:25:33 UTC ( 11 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180323
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.79b526 20180225
Endgame malicious (high confidence) 20180316
Sophos ML heuristic 20180121
Malwarebytes Trojan.Emotet 20180324
Palo Alto Networks (Known Signatures) generic.ml 20180324
Qihoo-360 HEUR/QVM20.1.077A.Malware.Gen 20180324
SentinelOne (Static ML) static engine - malicious 20180225
TrendMicro TSPY_HPEMOTET.SMDX4 20180324
TrendMicro-HouseCall TSPY_HPEMOTET.SMDX4 20180324
Ad-Aware 20180324
AegisLab 20180324
AhnLab-V3 20180323
Alibaba 20180323
ALYac 20180324
Antiy-AVL 20180323
Arcabit 20180324
Avast 20180324
Avast-Mobile 20180323
AVG 20180324
Avira (no cloud) 20180323
AVware 20180324
BitDefender 20180324
Bkav 20180322
CAT-QuickHeal 20180323
CMC 20180324
Comodo 20180324
Cylance 20180324
Cyren 20180324
DrWeb 20180324
eGambit 20180324
Emsisoft 20180324
ESET-NOD32 20180324
F-Prot 20180324
F-Secure 20180324
Fortinet 20180324
GData 20180324
Ikarus 20180323
Jiangmin 20180324
K7AntiVirus 20180324
K7GW 20180324
Kaspersky 20180324
Kingsoft 20180324
MAX 20180324
McAfee 20180324
McAfee-GW-Edition 20180323
Microsoft 20180324
eScan 20180324
NANO-Antivirus 20180324
nProtect 20180324
Panda 20180323
Rising 20180324
Sophos AV 20180324
SUPERAntiSpyware 20180324
Symantec 20180323
Symantec Mobile Insight 20180311
Tencent 20180324
TheHacker 20180319
TotalDefense 20180324
Trustlook 20180324
VBA32 20180323
VIPRE 20180324
ViRobot 20180324
WhiteArmor 20180223
Yandex 20180323
Zillya 20180323
ZoneAlarm by Check Point 20180324
Zoner 20180324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009-2017 Oracle Corporation

Product Oracle VM VirtualBox Guest Additions
Original name VBoxOGLerrorspu.dll
Internal name VBoxOGLerrorspu
File version 5.1.26.117224
Description VirtualBox crOpenGL ICD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-24 06:20:22
Entry Point 0x00003910
Number of sections 5
PE sections
PE imports
DeleteAce
RegNotifyChangeKeyValue
CryptDestroyHash
CertCloseStore
CryptMsgControl
SelectPalette
CreatePolygonRgn
LPtoDP
AngleArc
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetCurrentDirectoryW
GetBinaryTypeW
LoadLibraryW
GetModuleHandleA
GetModuleFileNameW
ProcessIdToSessionId
FlsGetValue
ReadConsoleOutputW
GetCommandLineA
GetModuleFileNameA
FlsFree
LocalUnlock
GetProcessHeap
MprConfigTransportGetInfo
DrawDibClose
DsCrackNamesW
DispCallFunc
VarUI2FromStr
SysReAllocString
glTexImage2D
RasGetCustomAuthDataW
RasGetProjectionInfoW
NdrGetUserMarshalInfo
UuidCreate
NdrConformantArrayUnmarshall
CM_Get_Device_ID_List_ExW
SetupDiRemoveDevice
StrDupA
StrRChrA
StrCpyNW
PathMakePrettyW
SHRegGetValueW
QuerySecurityPackageInfoW
SetFocus
DdeDisconnectList
MenuItemFromPoint
GetActiveWindow
EndDialog
EnumDesktopWindows
TileWindows
LoadCursorW
UnpackDDElParam
RegisterDeviceNotificationW
TrackMouseEvent
GetClipboardOwner
SetCursorPos
IsCharLowerW
EnableMenuItem
UnlockUrlCacheEntryStream
DeleteUrlCacheEntryW
mixerGetID
CryptCATStoreFromHandle
g_rgSCardRawPci
SCardListReaderGroupsA
Ord(30)
iswlower
ReleaseStgMedium
StgIsStorageILockBytes
HICON_UserMarshal
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
r117224

SubsystemVersion
5.0

LinkerVersion
0.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.26.17224

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
VirtualBox crOpenGL ICD

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
59392

EntryPoint
0x3910

OriginalFileName
VBoxOGLerrorspu.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009-2017 Oracle Corporation

FileVersion
5.1.26.117224

TimeStamp
2018:03:23 23:20:22-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
VBoxOGLerrorspu

ProductVersion
5.1.26.117224

UninitializedDataSize
4096

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle Corporation

CodeSize
24576

ProductName
Oracle VM VirtualBox Guest Additions

ProductVersionNumber
5.1.26.17224

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 dded33289e5b98e48367929f7a3c462f
SHA1 15ee13579b526eb579893566f68884db85593006
SHA256 a578b07eb06e3b7ec15267f92fc5837bbbacc80bf999aa0528bbfc76e742680f
ssdeep
3072:TxGTSvBiI/UpdJ1Q0C89//q4BOoAcMMX74dVj7X:TxGTS5iIGdJm0C8Fq4Jvavn

authentihash f2c60137ef9d999bef5e7045e7665f604708e1e3dfe2163f74c03f58e972a608
imphash 38700ba9d39a705b1420173eb8464ca6
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-24 06:25:33 UTC ( 11 months ago )
Last submission 2018-06-19 07:02:02 UTC ( 8 months, 1 week ago )
File names 01159.exe
VBoxOGLerrorspu.dll
output.113181704.txt
5810.exe
lQyTkWeA9K.exe
01159.exe
.
VBoxOGLerrorspu
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!