× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a9d618a54f9fc448e1c5c3e4dce2842c4327e9ce24fe858a0657d7b540f1cacb
File name: 4b743ef575c1d8f6260021a7a9a6607aaf0e71be_index.ex
Detection ratio: 42 / 46
Analysis date: 2013-05-10 18:48:18 UTC ( 5 years, 6 months ago )
Antivirus Result Update
Yandex Trojan.ATRAPS!dWWoRVjJta0 20130510
AhnLab-V3 Win-Spyware/Agent.3072 20130510
AntiVir TR/Qhost.mqt 20130510
Avast Win32:VB-UAI [Trj] 20130510
AVG Proxy-Wopla.D 20130510
BitDefender Trojan.Generic.3240299 20130510
ClamAV Win.Trojan.Qhost-71 20130510
Commtouch W32/Trojan.UZZY-3187 20130510
Comodo TrojWare.Win32.Trojan.Agent.Gen 20130510
DrWeb Trojan.Hosts.334 20130510
Emsisoft Trojan.Generic.3240299 (B) 20130510
eSafe Win32.TRATRAPS 20130509
ESET-NOD32 Win32/Qhost.NSN 20130510
F-Prot W32/Trojan2.MNAM 20130510
F-Secure Trojan.Generic.3240299 20130510
Fortinet W32/Qhost.MQT!tr 20130510
GData Trojan.Generic.3240299 20130510
Ikarus Trojan.Win32.Qhost 20130510
Jiangmin Trojan/Qhost.bjh 20130510
K7AntiVirus Trojan 20130510
K7GW Trojan 20130510
Kaspersky Trojan.Win32.Qhost.mqt 20130510
Kingsoft Win32.Troj.Qhost.(kcloud) 20130506
Malwarebytes Trojan.Qhosts 20130510
McAfee Generic QHosts.b 20130510
McAfee-GW-Edition Generic QHosts.b 20130510
Microsoft Trojan:Win32/Koobface.C 20130510
eScan Trojan.Generic.3240299 20130510
NANO-Antivirus Trojan.Win32.Hosts.rozp 20130510
Norman Malware 20130510
nProtect Trojan/W32.Qhost.3072.B 20130510
Panda Trj/Genetic.gen 20130510
PCTools Trojan.Generic 20130510
Sophos AV Troj/KoobHost-A 20130510
Symantec Trojan Horse 20130510
TheHacker Trojan/Qhost.mqt 20130509
TotalDefense Win32/QHosts.FP 20130510
TrendMicro TROJ_QHOST.XGH 20130510
TrendMicro-HouseCall TROJ_QHOST.XGH 20130510
VBA32 Trojan-Downloader.Agent.0193 20130510
VIPRE Trojan.Win32.Generic!BT 20130510
ViRobot Trojan.Win32.Qhost.3072.C 20130510
Antiy-AVL 20130510
ByteHero 20130510
CAT-QuickHeal 20130510
SUPERAntiSpyware 20130510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-19 11:06:05
Entry Point 0x00001531
Number of sections 1
PE sections
PE imports
FreeLibrary
ExitProcess
GetModuleFileNameA
GetStartupInfoA
GetCurrentProcessId
OpenProcess
DeleteFileA
GetWindowsDirectoryA
GetCommandLineA
GetProcessHeap
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
MoveFileExA
SetFileAttributesA
TerminateProcess
CreateProcessA
CreateFileA
HeapAlloc
GetVersion
GetFileSize
wvsprintfA
CharToOemA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:02:19 12:06:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
6.0

FileAccessDate
2013:05:10 19:48:25+01:00

EntryPoint
0x1531

InitializedDataSize
2560

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2013:05:10 19:48:25+01:00

UninitializedDataSize
0

File identification
MD5 803f1448d426007d885a5c1211062f13
SHA1 4b743ef575c1d8f6260021a7a9a6607aaf0e71be
SHA256 a9d618a54f9fc448e1c5c3e4dce2842c4327e9ce24fe858a0657d7b540f1cacb
ssdeep
48:q8jLZOxjoFNath0xyeCSnZGxeotybdgoHBHEwH0Aj6I:nkx8DathNePnseoW5EwUw6

File size 3.0 KB ( 3072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (74.9%)
Win32 Dynamic Link Library (generic) (9.6%)
Win32 Executable (generic) (9.5%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2010-02-19 13:07:07 UTC ( 8 years, 9 months ago )
Last submission 2013-05-10 18:48:18 UTC ( 5 years, 6 months ago )
File names 4b743ef575c1d8f6260021a7a9a6607aaf0e71be_index.ex
1.exe
803F1448D426007D885A5C1211062F13
tK1JT.hta
ytqiY.png
1266685213.hosts2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!