× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c7a3123a5cff9c78e2fd926c6800a6c6431c8bca486ce11319a9a8f6fa83945c
File name: Epvuyf.exe
Detection ratio: 8 / 61
Analysis date: 2017-05-02 11:41:37 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9988 20170502
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170419
Sophos ML virtool.win32.injector.aek 20170413
Palo Alto Networks (Known Signatures) generic.ml 20170502
Qihoo-360 HEUR/QVM20.1.DF3C.Malware.Gen 20170502
SentinelOne (Static ML) static engine - malicious 20170330
Symantec ML.Attribute.HighConfidence 20170501
Ad-Aware 20170502
AegisLab 20170502
AhnLab-V3 20170502
Alibaba 20170502
ALYac 20170502
Antiy-AVL 20170502
Arcabit 20170502
Avast 20170502
AVG 20170502
Avira (no cloud) 20170502
AVware 20170502
BitDefender 20170502
CAT-QuickHeal 20170502
ClamAV 20170502
CMC 20170502
Comodo 20170502
Cyren 20170502
DrWeb 20170502
Emsisoft 20170502
ESET-NOD32 20170502
F-Prot 20170502
F-Secure 20170502
Fortinet 20170502
GData 20170502
Ikarus 20170502
Jiangmin 20170502
K7AntiVirus 20170502
K7GW 20170426
Kaspersky 20170502
Kingsoft 20170502
Malwarebytes 20170502
McAfee 20170502
McAfee-GW-Edition 20170501
Microsoft 20170502
eScan 20170502
NANO-Antivirus 20170502
nProtect 20170502
Panda 20170501
Rising 20170502
Sophos AV 20170502
SUPERAntiSpyware 20170502
Symantec Mobile Insight 20170502
Tencent 20170502
TheHacker 20170429
TotalDefense 20170426
TrendMicro 20170502
TrendMicro-HouseCall 20170502
Trustlook 20170502
VBA32 20170502
VIPRE 20170502
ViRobot 20170502
Webroot 20170502
WhiteArmor 20170502
Yandex 20170428
Zillya 20170428
ZoneAlarm by Check Point 20170502
Zoner 20170502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-17 09:40:44
Entry Point 0x0001B9F0
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetLastError
GetModuleHandleA
lstrcpyW
GetCurrentDirectoryW
lstrcmpA
lstrlenA
SetCurrentDirectoryW
LoadLibraryW
CreateFileW
SleepEx
GetStartupInfoA
GetTickCount
Sleep
lstrcatW
GetModuleHandleW
SetLastError
_except_handler3
__p__fmode
memset
_acmdln
??2@YAPAXI@Z
_exit
__p__commode
__setusermatherr
??3@YAXPAX@Z
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
GetScrollInfo
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
GetSystemMetrics
GetWindowRect
RegisterClassExW
MoveWindow
TranslateMessage
DispatchMessageW
BeginPaint
SendMessageW
GetWindowLongW
GetWindowPlacement
LoadStringW
GetClientRect
GetDC
LoadCursorW
CreateWindowExW
LoadAcceleratorsW
EndPaint
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_ACCELERATOR 1
Number of PE resources by language
FINNISH DEFAULT 9
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:12:17 10:40:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
214016

LinkerVersion
5.0

FileTypeExtension
exe

InitializedDataSize
261632

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1b9f0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 440d284b8c4b85f806b113507dc55004
SHA1 dd7c08b7dfe670ca5e2edec9afa9d6bf56c46955
SHA256 c7a3123a5cff9c78e2fd926c6800a6c6431c8bca486ce11319a9a8f6fa83945c
ssdeep
6144:3oGzPOhz6XO2e+D1LqXElm8AZguTCqHGL3coLe+aV8VvE:3R6hz6jzVqXsCrN+aVW

authentihash 0472d934f00c628c8f86e577e1c0b9fb9a03a1ba2fc29a5227d60871d4942a3a
imphash 7e6ed4c71fe4023d9b394595b8fc09bc
File size 465.5 KB ( 476672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-02 11:41:37 UTC ( 1 year, 8 months ago )
Last submission 2018-05-22 09:04:42 UTC ( 8 months ago )
File names QMjJrcCrHGW9sb6uF.png
440d284b8c4b85f806b113507dc55004.exe
eqdnr.exe
Epvuyf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications