× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bda60d94fd4092faf98918f64a1dfcc2deac79e6e3b7e928b554467a553ab36e
File name: qkY5ijY.exe
Detection ratio: 12 / 64
Analysis date: 2017-07-07 10:17:26 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AegisLab W32.Xpaj.lGvi 20170707
Bkav W32.eHeur.Malware03 20170706
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cylance Unsafe 20170707
Endgame malicious (high confidence) 20170706
Sophos ML heuristic 20170607
Palo Alto Networks (Known Signatures) generic.ml 20170707
Qihoo-360 HEUR/QVM07.1.5234.Malware.Gen 20170707
SentinelOne (Static ML) static engine - malicious 20170516
Symantec ML.Attribute.HighConfidence 20170707
TrendMicro BKDR_HPTRICKBOT.SM 20170707
TrendMicro-HouseCall BKDR_HPTRICKBOT.SM 20170707
Ad-Aware 20170707
AhnLab-V3 20170707
Alibaba 20170707
ALYac 20170707
Antiy-AVL 20170707
Arcabit 20170707
Avast 20170707
AVG 20170707
Avira (no cloud) 20170707
AVware 20170707
Baidu 20170707
BitDefender 20170707
CAT-QuickHeal 20170707
ClamAV 20170707
CMC 20170707
Comodo 20170707
Cyren 20170707
DrWeb 20170707
Emsisoft 20170707
ESET-NOD32 20170707
F-Prot 20170707
F-Secure 20170707
Fortinet 20170629
GData 20170707
Ikarus 20170707
Jiangmin 20170707
K7AntiVirus 20170707
K7GW 20170707
Kaspersky 20170707
Kingsoft 20170707
Malwarebytes 20170707
MAX 20170707
McAfee 20170707
McAfee-GW-Edition 20170706
Microsoft 20170707
eScan 20170707
NANO-Antivirus 20170707
nProtect 20170707
Panda 20170706
Rising 20170707
Sophos AV 20170707
SUPERAntiSpyware 20170707
Symantec Mobile Insight 20170707
Tencent 20170707
TheHacker 20170704
TotalDefense 20170707
Trustlook 20170707
VBA32 20170707
VIPRE 20170707
ViRobot 20170707
Webroot 20170707
WhiteArmor 20170706
Yandex 20170706
Zillya 20170707
ZoneAlarm by Check Point 20170707
Zoner 20170707
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-22 18:04:46
Entry Point 0x0001A300
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitCommonControlsEx
GetLastError
HeapFree
GetStdHandle
SetHandleCount
lstrlenA
GetOEMCP
HeapDestroy
ExitProcess
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetCurrentDirectoryW
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetCommandLineA
lstrcatW
GetCPInfo
GetModuleHandleA
lstrcmpA
WriteFile
GetStartupInfoA
GetACP
GetProcAddress
TerminateProcess
HeapCreate
CreateFileW
VirtualFree
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
CommandLineToArgvW
PostQuitMessage
LoadCursorW
DefWindowProcW
GetMessageW
SetWindowPos
SetWindowLongW
MessageBoxW
RegisterClassExW
MoveWindow
TranslateMessage
SetDlgItemTextW
DispatchMessageW
GetCursorPos
ReleaseDC
ShowCaret
SendMessageW
SetWindowTextW
LockWindowUpdate
LoadIconW
CreateWindowExW
LoadAcceleratorsW
wsprintfW
TranslateAcceleratorW
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_ICON 2
RT_BITMAP 2
RT_CURSOR 2
RT_DIALOG 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
FINNISH DEFAULT 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:03:22 19:04:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
200704

LinkerVersion
6.2

FileTypeExtension
exe

InitializedDataSize
270336

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1a300

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8a2bf45a22c53e556f092553ee278717
SHA1 13c7dd0fac3c52bb2c65ae936b61b0ff49b95a0f
SHA256 bda60d94fd4092faf98918f64a1dfcc2deac79e6e3b7e928b554467a553ab36e
ssdeep
6144:FtxhE23quGytZeuiLwOHfUHxIoWKcBeG4OWYd/HeWmcCiyx:hhP6NyzecOHMHCeG4sde4a

authentihash 32d00d74d4f1c98eb913a6b50e67a7d91db03459202d2e43aa0ff9fbfab7fac0
imphash fb8b75313551f05a6b8d07681045554a
File size 464.0 KB ( 475136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe installshield

VirusTotal metadata
First submission 2017-07-07 10:17:26 UTC ( 1 year, 7 months ago )
Last submission 2017-09-24 14:07:48 UTC ( 1 year, 5 months ago )
File names bda60d94fd4092faf98918f64a1dfcc2deac79e6e3b7e928b554467a553ab36e.exe
grandsergiostalls.png
grandsergiostalls.png.exe
8a2bf45a22c53e556f092553ee278717.exe
qkY5ijY.exe
qkY5ijY.exe
pjX4hiX.exe
Malware 25.exe
grandsergiostalls.png.exe
pjX4hiX.exe
grandsergiostalls.png.exe
qkY5ijY.exe
8a2bf45a22c53e556f092553ee278717.exe.vir
bda60d94fd4092faf98918f64a1dfcc2deac79e6e3b7e928b554467a553ab36e.exe
WVu2I_Fi.ps1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications