× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aeeed580e5d6e69a97557d6c324ec238aa17652d19e6ed52704e86c42a6b4c1c
File name: 3d0f3b4544ec71a800033e69fc212aa5c4a0806b
Detection ratio: 8 / 56
Analysis date: 2015-07-06 01:04:41 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.17973 20150706
BitDefender Gen:Variant.Mikey.17973 20150706
Emsisoft Gen:Variant.Mikey.17973 (B) 20150706
ESET-NOD32 Win32/Spy.Zbot.ACB 20150706
Kaspersky UDS:DangerousObject.Multi.Generic 20150706
eScan Gen:Variant.Mikey.17973 20150705
TrendMicro TROJ_FORUCON.BMC 20150706
TrendMicro-HouseCall TROJ_FORUCON.BMC 20150706
AegisLab 20150706
Yandex 20150630
AhnLab-V3 20150705
Alibaba 20150630
ALYac 20150705
Antiy-AVL 20150706
Arcabit 20150630
Avast 20150706
AVG 20150706
Avira (no cloud) 20150705
AVware 20150706
Baidu-International 20150705
Bkav 20150704
ByteHero 20150706
CAT-QuickHeal 20150704
ClamAV 20150706
Comodo 20150705
Cyren 20150706
DrWeb 20150706
F-Prot 20150705
F-Secure 20150704
Fortinet 20150706
GData 20150702
Ikarus 20150706
Jiangmin 20150703
K7AntiVirus 20150705
K7GW 20150705
Kingsoft 20150706
Malwarebytes 20150705
McAfee 20150706
McAfee-GW-Edition 20150705
Microsoft 20150705
NANO-Antivirus 20150706
nProtect 20150703
Panda 20150705
Qihoo-360 20150706
Rising 20150705
Sophos AV 20150706
SUPERAntiSpyware 20150705
Symantec 20150706
Tencent 20150706
TheHacker 20150702
TotalDefense 20150705
VBA32 20150703
VIPRE 20150706
ViRobot 20150705
Zillya 20150705
Zoner 20150706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2002-2013 Caterpillar

Publisher Caterpillar
Product AgainstQuotient
Original name racedescribe.exe
Internal name AgainstQuotient
File version 6.0.4299.3825
Description AgainstQuotient
Comments AgainstQuotient Cause
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-03 16:10:22
Entry Point 0x0001ED47
Number of sections 5
PE sections
PE imports
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
FormatMessageA
SetLastError
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
SetSystemTimeAdjustment
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GetProcAddress
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
SetSystemPowerState
GlobalFlags
CloseHandle
GetACP
GetVersion
SizeofResource
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOleaccVersionInfo
AccessibleObjectFromEvent
CreateStdAccessibleObject
GetRoleTextA
LresultFromObject
VariantChangeType
VariantInit
VariantClear
MapWindowPoints
GetMessagePos
GetParent
ReleaseDC
SetPropA
SetMenuItemBitmaps
RegisterWindowMessageA
GetCapture
SetWinEventHook
RemovePropA
DestroyMenu
PostQuitMessage
DefWindowProcA
SetWindowTextA
IsWindowEnabled
GetPropA
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
DispatchMessageA
ClientToScreen
UnhookWindowsHookEx
PostMessageA
GrayStringA
GetMenuState
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
GetMessageTime
GetWindow
GetSysColor
GetDC
GetKeyState
GetMenuItemCount
SystemParametersInfoA
GetDlgCtrlID
GetClassInfoA
CheckMenuItem
GetMenu
UnregisterClassA
GetLastActivePopup
PtInRect
GetForegroundWindow
GetWindowPlacement
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
GetMenuCheckMarkDimensions
DrawTextExA
WinHelpA
UnhookWinEvent
IsIconic
RegisterClassA
GetClassLongA
CallNextHookEx
TabbedTextOutA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
SetWindowsHookExA
GetTopWindow
GetClassInfoExA
GetSubMenu
CopyRect
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
GetMenuItemID
EnableWindow
SetForegroundWindow
ModifyMenuA
DestroyWindow
OpenPrinterA
DocumentPropertiesA
ClosePrinter
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
FileDescription
AgainstQuotient

Comments
AgainstQuotient Cause

InitializedDataSize
9650176

ImageVersion
0.0

ProductName
AgainstQuotient

FileVersionNumber
6.0.4299.3825

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
racedescribe.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.0.4299.3825

TimeStamp
2015:07:03 17:10:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AgainstQuotient

SubsystemVersion
4.0

ProductVersion
6.0.4299.3825

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2002-2013 Caterpillar

MachineType
Intel 386 or later, and compatibles

CompanyName
Caterpillar

CodeSize
188416

FileSubtype
0

ProductVersionNumber
6.0.4299.3825

EntryPoint
0x1ed47

ObjectFileType
Dynamic link library

File identification
MD5 ca0235ae745fecd88463e6ecb6e48a05
SHA1 3d0f3b4544ec71a800033e69fc212aa5c4a0806b
SHA256 aeeed580e5d6e69a97557d6c324ec238aa17652d19e6ed52704e86c42a6b4c1c
ssdeep
6144:S8cyHpPOoqQgfqpVxMvttViaAPIwb2Whto5hM8pO802g+2X1NhvRL:SoJPMqpjInfwb2Wht7wn3g7X1Nhvd

authentihash 375d272851d1435365a8db590e340bd5757526e3ed451e4f9ae1f64b563582f5
imphash b43e676cb842729f2f4468c2a8e1fd94
File size 364.0 KB ( 372736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-06 01:04:41 UTC ( 3 years, 8 months ago )
Last submission 2015-07-06 01:04:41 UTC ( 3 years, 8 months ago )
File names racedescribe.exe
AgainstQuotient
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs