× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c91439319df61808e8fc4b4cf259b4ddd40dd09da9e90947d80eb417d32a7949
File name: ytnyfFoj.exe
Detection ratio: 0 / 67
Analysis date: 2018-11-08 04:10:58 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20181108
AegisLab 20181108
AhnLab-V3 20181107
Alibaba 20180921
ALYac 20181108
Antiy-AVL 20181108
Arcabit 20181107
Avast 20181108
Avast-Mobile 20181107
AVG 20181108
Avira (no cloud) 20181107
Babable 20180918
Baidu 20181107
BitDefender 20181108
Bkav 20181107
CAT-QuickHeal 20181105
ClamAV 20181107
CMC 20181108
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181108
Cyren 20181108
DrWeb 20181108
eGambit 20181108
Emsisoft 20181108
Endgame 20180730
ESET-NOD32 20181108
F-Prot 20181108
F-Secure 20181108
Fortinet 20181108
GData 20181108
Ikarus 20181107
Sophos ML 20180717
Jiangmin 20181107
K7AntiVirus 20181107
K7GW 20181107
Kaspersky 20181108
Kingsoft 20181108
Malwarebytes 20181108
MAX 20181108
McAfee 20181108
McAfee-GW-Edition 20181108
Microsoft 20181108
eScan 20181108
NANO-Antivirus 20181108
Palo Alto Networks (Known Signatures) 20181108
Panda 20181107
Qihoo-360 20181108
Rising 20181108
SentinelOne (Static ML) 20181011
Sophos AV 20181108
SUPERAntiSpyware 20181107
Symantec 20181107
Symantec Mobile Insight 20181105
TACHYON 20181108
Tencent 20181108
TheHacker 20181107
TotalDefense 20181107
TrendMicro 20181108
TrendMicro-HouseCall 20181108
Trustlook 20181108
VBA32 20181106
ViRobot 20181107
Webroot 20181108
Yandex 20181107
Zillya 20181107
ZoneAlarm by Check Point 20181108
Zoner 20181108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows Installer - Unicode
Original name msiexec.exe
Internal name msiexec
File version 5.0.7601.24052 (win7sp1_ldr.180202-0600)
Description Windows® installer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-02 17:46:16
Entry Point 0x00003DB0
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
GetAce
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
DeleteService
RegQueryValueExW
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
CloseServiceHandle
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
QueryServiceStatus
MakeAbsoluteSD
AddAccessAllowedAce
RegOpenKeyExW
GetSecurityDescriptorOwner
CreateServiceW
GetTokenInformation
RegGetKeySecurity
SetServiceStatus
RegisterServiceCtrlHandlerW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegDeleteValueW
RevertToSelf
RegSetValueExW
FreeSid
MakeSelfRelativeSD
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
EqualSid
SetThreadToken
SetSecurityDescriptorGroup
GetLastError
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
LoadLibraryW
GlobalFree
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
CompareStringW
ExitProcess
lstrcmpiW
lstrlenW
GetACP
DeleteCriticalSection
GetCurrentProcess
SetConsoleCtrlHandler
GetCurrentProcessId
OpenProcess
GetCommandLineW
CreateThread
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
LeaveCriticalSection
GetSystemDefaultLangID
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
GetSystemDirectoryW
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
lstrcmpW
GetModuleHandleW
SetEvent
FormatMessageW
TerminateProcess
CreateEventW
InitializeCriticalSection
OutputDebugStringW
OpenEventW
GlobalAlloc
CreateProcessW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
GetCurrentThreadId
GetVersion
GetLocaleInfoW
GetEnvironmentVariableW
SetLastError
InterlockedIncrement
IsCharAlphaNumericW
PeekMessageW
PostThreadMessageW
GetMessageW
MsgWaitForMultipleObjects
TranslateMessage
PostQuitMessage
DispatchMessageW
Ord(280)
Ord(131)
Ord(148)
Ord(78)
Ord(190)
Ord(240)
Ord(197)
Ord(141)
Ord(88)
Ord(70)
Ord(169)
Ord(228)
Ord(136)
Ord(196)
Ord(175)
Ord(8)
Ord(184)
Ord(222)
Ord(199)
__p__fmode
memset
__dllonexit
_cexit
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
_lock
_onexit
exit
_XcptFilter
__setusermatherr
_controlfp
_acmdln
_wcsicmp
_ismbblead
_unlock
__p__commode
memcpy
__getmainargs
_initterm
_vsnprintf
wcsrchr
_exit
__set_app_type
RtlNtStatusToDosError
RtlUnwind
NtQueryInformationProcess
CoUninitialize
CoRegisterClassObject
CoInitialize
StgOpenStorage
CoRevokeClassObject
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
MUI 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
5.0.7601.24052

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows installer

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
20992

EntryPoint
0x3db0

OriginalFileName
msiexec.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.0.7601.24052 (win7sp1_ldr.180202-0600)

TimeStamp
2018:02:02 18:46:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
msiexec

ProductVersion
5.0.7601.24052

SubsystemVersion
5.0

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
52736

ProductName
Windows Installer - Unicode

ProductVersionNumber
5.0.7601.24052

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 06983c58f6d1cae00a72ce5091715c79
SHA1 75ef26fdca12a29c37fe070065f7ee6712eca247
SHA256 c91439319df61808e8fc4b4cf259b4ddd40dd09da9e90947d80eb417d32a7949
ssdeep
1536:ccZap6iJJBG5XHobBth3P3NtSxM6LxGWnD29fBv:ccZtiJJBG5XHobBth3PdtSxM6LznD29f

authentihash a90a948d46333ec0de1f1a1d6fcf40782c58428a7e3755c38465faf1de0d8abd
imphash d978d78f24d00067ae727581cca0b391
File size 71.5 KB ( 73216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (60.5%)
Win32 Executable MS Visual C++ (generic) (16.2%)
Win64 Executable (generic) (14.3%)
Win32 Dynamic Link Library (generic) (3.4%)
Win32 Executable (generic) (2.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-13 18:36:25 UTC ( 10 months, 2 weeks ago )
Last submission 2019-01-24 07:00:29 UTC ( 2 hours, 11 minutes ago )
File names derY.exe
IQuuAtzIbx.exe
ZDliSGvqITxO.exe
ICGyywJcyE.exe
MyyA.exe
YiGzTCAgkFIiF.exe
msiexec
msiexec.exe
7yka5yn1knbkywszy3vzju5mo0p0lmcy
xBbYZi.exe
ayXws.exe
jaur.exe
iiaeaono.exe
LlaaJjM.exe
rctKyQuYvDNnH.exe
msiexec.exe
PAYlO.exe
aEVXx.exe
ytnyfFoj.exe
IwAzIqEZeyuN.exe
yyoUOHofo.exe
riQJX.exe
DrMiAtnotO.exe
rOllyGjlEoPjb.exe
lXwvEAaYag.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs