× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: a6e9eb64f94897cb73f728f4e43dedcd79dd841e06021fbe06c6a3fd039ce3bb
File name: 5yK4C5Ps.exe
Detection ratio: 7 / 67
Analysis date: 2017-10-20 10:07:00 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cylance Unsafe 20171020
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM20.1.A11E.Malware.Gen 20171020
Rising Malware.Heuristic!ET#89% (RDM+:cmRtazo3KyBATmanKJP8wyNRVKn9) 20171020
SentinelOne (Static ML) static engine - malicious 20171019
Symantec ML.Attribute.HighConfidence 20171020
Ad-Aware 20171020
AegisLab 20171020
AhnLab-V3 20171020
Alibaba 20170911
ALYac 20171020
Antiy-AVL 20171020
Arcabit 20171020
Avast 20171020
Avast-Mobile 20171020
AVG 20171020
Avira (no cloud) 20171020
AVware 20171020
Baidu 20171020
BitDefender 20171020
Bkav 20171019
CAT-QuickHeal 20171020
ClamAV 20171020
CMC 20171018
Comodo 20171020
Cyren 20171020
DrWeb 20171020
eGambit 20171020
Emsisoft 20171020
Endgame 20171016
ESET-NOD32 20171020
F-Prot 20171020
F-Secure 20171020
Fortinet 20171020
GData 20171020
Ikarus 20171020
Jiangmin 20171020
K7AntiVirus 20171019
K7GW 20171020
Kaspersky 20171020
Kingsoft 20171020
Malwarebytes 20171020
MAX 20171020
McAfee 20171020
McAfee-GW-Edition 20171020
Microsoft 20171019
eScan 20171020
NANO-Antivirus 20171020
nProtect 20171020
Palo Alto Networks (Known Signatures) 20171020
Panda 20171019
Sophos AV 20171020
SUPERAntiSpyware 20171020
Symantec Mobile Insight 20171011
Tencent 20171020
TheHacker 20171017
TotalDefense 20171020
TrendMicro 20171020
TrendMicro-HouseCall 20171020
Trustlook 20171020
VBA32 20171019
VIPRE 20171020
ViRobot 20171020
Webroot 20171020
WhiteArmor 20171016
Yandex 20171020
Zillya 20171019
ZoneAlarm by Check Point 20171020
Zoner 20171020
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) NVIDIA Corporation. All rights reserved.

Product NVIDIA nView Control Panel, Version 136.53
Original name keystone.exe
Internal name KEYSTONE
File version 6.14.10.13653
Description NVIDIA nView Control Panel, Version 136.53
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-30 00:00:03
Entry Point 0x00003866
Number of sections 6
PE sections
PE imports
[+] ADVAPI32.dll
RegCloseKey
[+] KERNEL32.dll
GetUserDefaultUILanguage
GetLastError
SetCurrentDirectoryW
EnterCriticalSection
ReleaseMutex
LoadLibraryA
GetModuleFileNameW
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
MulDiv
DebugBreak
OutputDebugStringA
GetFileAttributesW
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
SystemTimeToFileTime
SizeofResource
LockResource
lstrlenW
ExitProcess
LoadLibraryExW
GetStartupInfoW
GetProcAddress
InterlockedCompareExchange
QueryPerformanceFrequency
CreateThread
LoadLibraryW
GetModuleHandleA
GetExitCodeThread
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
CreateMutexW
CloseHandle
GetModuleHandleW
FreeResource
LoadLibraryExA
LocalFree
CreateEventW
InitializeCriticalSection
LoadResource
FindResourceW
TlsGetValue
Sleep
GetCurrentThreadId
GetVersion
SetLastError
LeaveCriticalSection
[+] SHELL32.dll
Shell_NotifyIconW
ShellExecuteW
[+] USER32.dll
RedrawWindow
GetMessagePos
SetWindowRgn
LoadBitmapW
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
EndPaint
WindowFromPoint
GetMessageTime
DispatchMessageW
GetCursorPos
ReleaseDC
SendMessageW
GetClientRect
DrawTextW
CallNextHookEx
LoadImageW
ClientToScreen
LoadAcceleratorsW
DestroyWindow
GetParent
GetMessageW
ShowWindow
FlashWindowEx
InsertMenuItemW
TranslateMessage
GetMenuItemRect
LoadStringW
DrawMenuBar
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
CreateMenu
CreateWindowExW
GetWindowLongW
PtInRect
RegisterWindowMessageW
BeginPaint
DefWindowProcW
KillTimer
TrackMouseEvent
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
CreatePopupMenu
GetClassLongW
SetWindowTextW
SetTimer
GetDlgItem
ScreenToClient
TrackPopupMenu
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
FindWindowExW
GetDC
InsertMenuW
SetForegroundWindow
WindowFromDC
SetLayeredWindowAttributes
EndDialog
FindWindowW
LoadMenuW
RemoveMenu
MessageBoxW
GetMenu
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
GetSysColor
DestroyIcon
SystemParametersInfoW
CallWindowProcW
GetClassNameW
ModifyMenuW
EnableWindow
TranslateAcceleratorW
SetMenu
SetCursor
[+] WINMM.dll
PlaySoundW
[+] WINSPOOL.DRV
ClosePrinter
GetPrinterDriverDirectoryA
[+] ole32.dll
CoUninitialize
CoInitialize
OleInitialize
Number of PE resources by type
RT_STRING 61
RT_ICON 7
RT_DIALOG 2
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 73
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:03:30 01:00:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x3866

InitializedDataSize
644096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
15360

Compressed bundles
File identification
MD5 d328f779528bd13cba8e7a39743efb82
SHA1 19aa3805d48935e8f03ba0862dab676230fdffe1
SHA256 a6e9eb64f94897cb73f728f4e43dedcd79dd841e06021fbe06c6a3fd039ce3bb
ssdeep
6144:/jt8wuqEHqBemOf81CAaPu98IKdVGyZbDCNrXPljz9THAoEkfkF6+eFmC79l902n:J8wuABeF7H/Z3GyZbDKHgtQmdC

authentihash 0df337f9fe87c5d942d7571f40635c7dec6b83b8c8db9ed373acb3fe032ecb41
imphash efa5d565a5b99b274ebe7c013e412f45
File size 688.5 KB ( 705024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (61.8%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (8.9%)
Win16/32 Executable Delphi generic (4.1%)
OS/2 Executable (generic) (4.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-20 10:07:00 UTC ( 1 year, 6 months ago )
Last submission 2018-05-22 08:36:47 UTC ( 11 months ago )
File names keystone.exe
a6e9eb64f94897cb73f728f4e43dedcd79dd841e06021fbe06c6a3fd039ce3bb.bin_used
13cd335k.exe.2257285807.DROPPED
a6e9eb64f94897cb73f728f4e43dedcd79dd841e06021fbe06c6a3fd039ce3bb
PAYLOAD2
KEYSTONE
5yK4C5Ps.exe
kB72g8kT.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications
Blog | Twitter | Contact us | ToS | Privacy policy