× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a95cf46d51d5caf946811179ae92d46cbc095ea5593eb7105addc1cf71dc2347
File name: epLEQTI.exe
Detection ratio: 48 / 57
Analysis date: 2016-05-02 11:46:16 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Lethic.Gen.1 20160502
AhnLab-V3 Trojan/Win32.MDA 20160502
ALYac Trojan.Lethic.Gen.1 20160502
Antiy-AVL Trojan/Win32.Inject 20160502
Arcabit Trojan.Lethic.Gen.1 20160502
Avast Win32:Ransom-AVM [Trj] 20160502
AVG Inject2.BJQZ 20160502
Avira (no cloud) TR/Crypt.Xpack.123709 20160502
AVware Trojan.Win32.Generic!BT 20160502
Baidu-International Trojan.Win32.Injector.BSAQ 20160502
BitDefender Trojan.Lethic.Gen.1 20160502
Bkav W32.BustistaLTE.Trojan 20160429
CAT-QuickHeal Ransom.CryptoWall.BS4 20160502
Comodo UnclassifiedMalware 20160502
Cyren W32/Locky.Y.gen!Eldorado 20160502
DrWeb Trojan.DownLoader11.59776 20160502
Emsisoft Trojan.Lethic.Gen.1 (B) 20160502
ESET-NOD32 a variant of Win32/Injector.BSAQ 20160502
F-Prot W32/Locky.Y.gen!Eldorado 20160502
F-Secure Trojan.Lethic.Gen.1 20160502
GData Trojan.Lethic.Gen.1 20160502
Ikarus Trojan.Win32.Injector 20160502
Jiangmin Backdoor/Androm.dua 20160502
K7AntiVirus Trojan ( 004b32e71 ) 20160501
K7GW Trojan ( 004b32e71 ) 20160502
Kaspersky HEUR:Trojan.Win32.Generic 20160502
Malwarebytes Trojan.Agent.ED 20160502
McAfee RDN/Sdbot.worm!cc 20160502
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20160502
Microsoft Worm:Win32/Dorkbot.I 20160502
eScan Trojan.Lethic.Gen.1 20160502
NANO-Antivirus Trojan.Win32.Dycler.dlheyq 20160502
nProtect Worm/W32.Ngrbot.194560.B 20160429
Panda Trj/Genetic.gen 20160501
Qihoo-360 Trojan.Generic 20160502
Sophos AV Mal/Wonton-AN 20160502
Symantec Trojan.Asprox.B 20160502
Tencent Win32.Trojan.Inject.Auto 20160502
TheHacker Trojan/Injector.bsaq 20160502
TotalDefense Win32/Tnega.PaRTZTD 20160502
TrendMicro TROJ_FORUCON.BMC 20160502
TrendMicro-HouseCall TROJ_FORUCON.BMC 20160502
VBA32 Worm.Ngrbot 20160430
VIPRE Trojan.Win32.Generic!BT 20160502
ViRobot Trojan.Win32.Z.Ngrbot.194560.A[h] 20160502
Yandex Worm.Ngrbot!lzai4P7157M 20160501
Zillya Worm.Ngrbot.Win32.6313 20160501
Zoner Trojan.Injector.BSAQ 20160502
AegisLab 20160502
Alibaba 20160429
Baidu 20160429
ClamAV 20160501
CMC 20160429
Fortinet 20160502
Kingsoft 20160502
Rising 20160502
SUPERAntiSpyware 20160502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-29 07:34:09
Entry Point 0x0000364C
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
FindClose
InterlockedDecrement
FindFirstVolumeMountPointA
SetLastError
TlsGetValue
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryExA
GetPrivateProfileStringA
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
TerminateProcess
ConvertThreadToFiber
GetVersion
GlobalAlloc
SearchPathA
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
MoveFileWithProgressW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetFullPathNameA
GetProcAddress
lstrcmpA
FindFirstFileA
GetDiskFreeSpaceA
EnumResourceNamesA
GetTimeFormatA
GetTempFileNameA
FindNextFileA
ExpandEnvironmentStringsA
SetVolumeLabelW
WriteConsoleA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
GetShortPathNameA
GetEnvironmentStrings
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
glRasterPos4i
glFrontFace
glFogi
glColor4ubv
glGetError
wglGetCurrentContext
glEvalCoord1fv
glLightModelfv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
GetClassInfoA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
RegisterClassA
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 6
RT_MESSAGETABLE 1
Number of PE resources by language
ENGLISH US 6
LITHUANIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:12:29 08:34:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45568

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
147968

SubsystemVersion
5.0

EntryPoint
0x364c

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ee381ece9d7163d1fcfb52178567ea45
SHA1 fade53eac4a5ef6d13f8bc8b973fa7f7137b37c7
SHA256 a95cf46d51d5caf946811179ae92d46cbc095ea5593eb7105addc1cf71dc2347
ssdeep
3072:sihzK/+FX5yDP7HJyHGmhyT1FWnXRznrkuxlzUGtgsqd4+dD7EaPnhUxpgCKzvVo:sihzmsyxFWXRzt4Gtgsp+nnmx/Kzv

authentihash fed088ac7ee887a4dbe39fe46ed2cd4109d7232296a639e0d67dbb75b8e51c92
imphash b409f71190165992f9b7461ce88ffb18
File size 190.0 KB ( 194560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2014-12-29 12:02:44 UTC ( 4 years, 1 month ago )
Last submission 2015-02-05 16:57:09 UTC ( 4 years ago )
File names fvah8.exe
epLEQTI.exe
vti-rescan
joChLxP.exe
Flpopt.exe
a95cf46d51d5caf946811179ae92d46cbc095ea5593eb7105addc1cf71dc2347.exe
aSXEOrU.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs