× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b71bfe5a5dc62e183e0798fc8ebf4fd3656103a502043df1781a87c32a6acc05
File name: 90c959a2491c048ea638e5ab787aa9f8
Detection ratio: 39 / 50
Analysis date: 2014-03-11 18:54:09 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.37326 20140311
Yandex Trojan.Agent!aenx8Rxkz6k 20140311
AhnLab-V3 Trojan/Win32.Zbot 20140311
AntiVir TR/Symmi.37326.1 20140311
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140311
Avast Win32:Malware-gen 20140311
AVG PSW.Generic12.VHU 20140311
Baidu-International Trojan.Win32.Zbot.Aqqt 20140311
BitDefender Gen:Variant.Symmi.37326 20140311
CAT-QuickHeal TrojanSpy.Zbot.Y 20140311
Comodo UnclassifiedMalware 20140311
DrWeb Trojan.PWS.Panda.2401 20140311
Emsisoft Gen:Variant.Symmi.37326 (B) 20140311
ESET-NOD32 Win32/Spy.Zbot.AAO 20140311
F-Secure Gen:Variant.Symmi.37326 20140311
Fortinet W32/Zbot.PKDP!tr 20140311
GData Gen:Variant.Symmi.37326 20140311
Ikarus Trojan-PWS.Win32.Zbot 20140311
Jiangmin TrojanSpy.Zbot.gggj 20140311
K7AntiVirus Riskware ( 0040eff71 ) 20140311
K7GW Riskware ( 0040eff71 ) 20140311
Kaspersky Trojan-Spy.Win32.Zbot.rcep 20140311
Kingsoft Win32.Troj.Zbot.rc.(kcloud) 20140311
Malwarebytes Trojan.Agent.ED 20140311
McAfee RDN/Generic PWS.y!ya 20140311
McAfee-GW-Edition RDN/Generic PWS.y!ya 20140311
Microsoft PWS:Win32/Zbot 20140311
eScan Gen:Variant.Symmi.37326 20140311
NANO-Antivirus Trojan.Win32.Zbot.csjfam 20140311
Norman Troj_Generic.SBFHK 20140311
Panda Generic Malware 20140311
Qihoo-360 Win32/Trojan.b8d 20140311
Sophos AV Mal/Generic-S 20140311
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20140311
Symantec WS.Reputation.1 20140311
TrendMicro TROJ_SPNR.15BA14 20140311
TrendMicro-HouseCall TROJ_SPNR.15BA14 20140311
VBA32 TrojanSpy.Zbot 20140311
VIPRE Trojan.Win32.Generic.pak!cobra 20140311
Bkav 20140311
ByteHero 20140311
ClamAV 20140310
CMC 20140307
Commtouch 20140311
F-Prot 20140311
nProtect 20140311
Rising 20140311
TheHacker 20140311
TotalDefense 20140311
ViRobot 20140311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 InvertDev Software

Publisher InvertDev Software
Product Query Mva Policy Serializator
Original name QMEsa Serializator
Internal name QMEsa Serializator
File version 5.5.1.1
Description Query Mva Policy Serializator
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-28 16:55:26
Entry Point 0x000019BC
Number of sections 5
PE sections
PE imports
TextOutA
SetMapMode
SelectObject
CreatePen
GetStockObject
SetViewportOrgEx
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
RoundRect
DeleteObject
Rectangle
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
FileTimeToSystemTime
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetCurrentProcess
FileTimeToLocalFileTime
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
SetFilePointer
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
SetStdHandle
GetTimeFormatW
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetModuleHandleA
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InterlockedIncrement
SetFocus
EnumDisplayMonitors
CreateWindowExA
IsWindow
GetParent
GetWindowRect
SetWindowTextA
EndDialog
MoveWindow
GetDlgItemTextA
MessageBoxA
GetDlgItem
SetWindowPos
ReleaseDC
LoadAcceleratorsA
InvalidateRect
RegisterClassA
GetDC
LoadIconA
CoTaskMemFree
CoCreateInstance
Number of PE resources by type
RT_ICON 3
RT_STRING 3
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.5.1.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
326656

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 InvertDev Software

FileVersion
5.5.1.1

TimeStamp
2013:12:28 17:55:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
QMEsa Serializator

FileAccessDate
2014:03:13 04:13:01+01:00

ProductVersion
5.5.1.1

FileDescription
Query Mva Policy Serializator

OSVersion
5.1

FileCreateDate
2014:03:13 04:13:01+01:00

OriginalFilename
QMEsa Serializator

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
InvertDev Software

CodeSize
58368

ProductName
Query Mva Policy Serializator

ProductVersionNumber
5.5.1.1

EntryPoint
0x19bc

ObjectFileType
Executable application

File identification
MD5 90c959a2491c048ea638e5ab787aa9f8
SHA1 059274c9e860b8f53dc7e12968f6de9a684b6143
SHA256 b71bfe5a5dc62e183e0798fc8ebf4fd3656103a502043df1781a87c32a6acc05
ssdeep
6144:jClmHH9HgdDcHU0Sd5yvfdxLSHO7qZun0iSyV40IQ9tmJ/pe4EmnhCQ7C:jCIH9Hgdg0YvfzsqoM04V4sM/Q4EmnP

imphash e5c9b923077a6f105b9d25fd2630fdde
File size 377.0 KB ( 386048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-09 00:08:24 UTC ( 5 years, 4 months ago )
Last submission 2014-03-13 03:16:35 UTC ( 5 years, 2 months ago )
File names file-6708020_
VcoLNQPcb.hta
QMEsa Serializator
90c959a2491c048ea638e5ab787aa9f8
2.exe
e0849c81d2d5d6d5d6d88b6f454c019418060f03
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!