× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db001675033574e5291b1717b7b704d43d9bd676604b623f781d2f4cde60590a
File name: LABEL-ID-56753547-GFK72.exe
Detection ratio: 7 / 46
Analysis date: 2013-04-26 09:13:33 UTC ( 6 years ago ) View latest
Antivirus Result Update
Commtouch W32/Trojan.GNAF-6198 20130426
Emsisoft PWS.Win32.Zbot.AMN (A) 20130426
Fortinet W32/ZeroAccess.NDY!tr 20130426
Kaspersky Worm.Win32.Luder.rlh 20130426
McAfee Dropper-FEB!DF81B21E9526 20130426
Microsoft PWS:Win32/Zbot.gen!AM 20130426
Panda Suspicious file 20130426
Yandex 20130426
AhnLab-V3 20130425
AntiVir 20130426
Antiy-AVL 20130426
Avast 20130426
AVG 20130425
BitDefender 20130426
ByteHero 20130425
CAT-QuickHeal 20130426
ClamAV 20130426
Comodo 20130426
DrWeb 20130426
eSafe 20130423
ESET-NOD32 20130426
F-Prot 20130426
F-Secure 20130426
GData 20130426
Ikarus 20130426
Jiangmin 20130426
K7AntiVirus 20130425
K7GW 20130426
Kingsoft 20130422
Malwarebytes 20130426
McAfee-GW-Edition 20130425
eScan 20130426
NANO-Antivirus 20130424
Norman 20130426
nProtect 20130426
PCTools 20130426
Sophos AV 20130426
SUPERAntiSpyware 20130426
Symantec 20130426
TheHacker 20130425
TotalDefense 20130425
TrendMicro 20130426
TrendMicro-HouseCall 20130426
VBA32 20130425
VIPRE 20130426
ViRobot 20130426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Uqejupy
Original name Q1bamsgneu.exe
Description Qydati Tag Avekova
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-03 20:40:36
Entry Point 0x0002D5E8
Number of sections 5
PE sections
Overlays
MD5 7c01b4e9ebc52fa210947f500693d37b
File type data
Offset 297472
Size 512
Entropy 7.62
PE imports
PeekNamedPipe
GetPrivateProfileSectionNamesA
CreateJobObjectA
UpdateResourceW
lstrlenA
RemoveDirectoryW
RequestDeviceWakeup
Beep
QueryPerformanceCounter
ExitProcess
lstrlenW
FoldStringA
PurgeComm
CreateDirectoryExW
MapViewOfFileEx
GetCurrentDirectoryA
GetVolumeInformationW
FatalAppExitA
MapViewOfFile
BackupWrite
SetThreadAffinityMask
ReadFileScatter
WaitCommEvent
lstrcpyW
RaiseException
lstrcpynA
WaitNamedPipeW
GlobalReAlloc
EnumDateFormatsExA
FindFirstFileA
_hwrite
GetProfileStringA
ResetEvent
QueryInformationJobObject
GetCommConfig
IsValidLanguageGroup
SetVolumeLabelW
GetFileAttributesExW
LocalFree
GetLogicalDriveStringsA
FreeUserPhysicalPages
InitializeCriticalSection
HeapCreate
TlsGetValue
Sleep
FormatMessageA
IsBadStringPtrA
FindFirstVolumeW
ShellHookProc
InternalExtractIconListW
SHAppBarMessage
DragQueryFileA
SHGetPathFromIDListA
DoEnvironmentSubstW
SendMessageCallbackA
EnumDesktopsA
SetWindowRgn
DdeAccessData
BroadcastSystemMessageA
EnableScrollBar
PostQuitMessage
WINNLSGetIMEHotkey
LoadBitmapA
OemToCharBuffA
OpenIcon
DdeGetData
RegisterShellHookWindow
CreateDesktopW
MapDialogRect
SendMessageW
GetClientRect
ToAscii
DdeFreeDataHandle
DdeQueryStringW
GetTopWindow
MapVirtualKeyExW
LockWindowUpdate
UserHandleGrantAccess
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
CopyImage
MapVirtualKeyW
DrawEdge
GetClassInfoExW
CheckRadioButton
CreateCaret
ExcludeUpdateRgn
GetMessageW
SetClassWord
GetCaretPos
FlashWindowEx
GetNextDlgGroupItem
IMPGetIMEW
EnumDisplayMonitors
IsCharAlphaW
SetMessageQueue
CharUpperW
PeekMessageA
IsCharAlphaA
SetThreadDesktop
GetWindow
ActivateKeyboardLayout
GetMenuBarInfo
CreateIconFromResourceEx
EditWndProc
LoadStringA
EnumDisplayDevicesA
IsWindow
IsHungAppWindow
IsIconic
OpenDesktopA
GetSubMenu
GetDCEx
ShowOwnedPopups
CreateAcceleratorTableW
WaitForInputIdle
EnumPropsW
DialogBoxIndirectParamA
GetWindowInfo
GetMenuItemInfoW
SetFocus
SendNotifyMessageA
OpenInputDesktop
GetMessageA
SwitchDesktop
BeginPaint
TrackMouseEvent
ClipCursor
DefWindowProcA
CheckMenuRadioItem
SendDlgItemMessageA
GetSystemMetrics
SetScrollRange
ReleaseCapture
SetKeyboardState
SetDlgItemTextA
ShowCaret
DrawIconEx
InsertMenuA
FindWindowExA
DdeFreeStringHandle
IsDlgButtonChecked
GetDesktopWindow
CreateIconFromResource
FindWindowExW
InsertMenuW
PostThreadMessageA
WindowFromDC
GetScrollBarInfo
DdeUnaccessData
GetScrollRange
GetShellWindow
wvsprintfW
FreeDDElParam
BeginDeferWindowPos
GetKBCodePage
SetMenu
RegisterClipboardFormatA
LoadCursorFromFileA
LoadKeyboardLayoutW
DdePostAdvise
MessageBoxIndirectW
RegisterClipboardFormatW
SetScrollInfo
GetMenuItemInfoA
GetProcessDefaultLayout
GetDoubleClickTime
DestroyIcon
GetKeyNameTextA
WinHelpW
SetDoubleClickTime
SetRect
DeleteMenu
CharNextW
GetClassNameW
DragObject
CallWindowProcA
TranslateAcceleratorW
AddPrintProcessorA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NORWEGIAN NYNORSK 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

SubsystemVersion
4.0

LinkerVersion
4.0

JCok5jQ1Fjyqc
YcXNE4TTYx

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.0.0

xomgibTUyrVyCYIoEDwX
PSR4UVVBaMFUw

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

Tag3xdEp2QRNIufWSJadmA8
fn3ixLEXts3BHkv

FileDescription
Qydati Tag Avekova

CharacterSet
Unicode

InitializedDataSize
297984

DK1LT3KLo5bv34WhPYCh
SEghmUgjudOF

MoJqSC71FxKa
FsFB2Y1eIcQool4H

RiNUmOsvroA
4pd1GtxAhuwpgd

EntryPoint
0x2d5e8

OriginalFileName
Q1bamsgneu.exe

W8suJFx3MkRHKqGm
utQpcVYXnGe

TimeStamp
2011:01:03 21:40:36+01:00

FileType
Win32 EXE

PEType
PE32

RSgPHRWCdlsmr
jKQN5328EMISl5

UninitializedDataSize
0

if7MEorLKqrCr4bihrd
t3UWhOrnm7hDw18Qmpw4

OSVersion
4.0

FileOS
Windows NT 32-bit

ojbjwSSLrpEtA
pn2iJeiqnXUPuJkeFrF5

Subsystem
Windows GUI

YkujmJ34do2cVv
XjK2bsiUKGFIDOBAPq

MachineType
Intel 386 or later, and compatibles

r57H3KiLeD
ripP87Sg3WccKd7cU2y

CompanyName
Microsoft Corporation

giujPckU7vBr
BwmyvCAUdpb3ggK

A6xYxwjYV2
3fkrR1NbrJPG5AB

uIoKePuyPwoaNj3p
n2KMkdJxUiKBaO4

CodeSize
182272

ProductName
Uqejupy

ProductVersionNumber
6.3.0.0

r7vNxfN4FTNMy8ykO
Ht6vGdiguudUpF6

FileTypeExtension
exe

ObjectFileType
Executable application

NruQMvckSDMG28uIYL
xsV8QvXajuhOIALOi

AIWHWpqHIqs3vp4w
tMHyyoObjA8vsrR1

File identification
MD5 df81b21e9526c571d03bc1fb189f233c
SHA1 dd2fe390e3f16a7f12786799af927f62df6754c4
SHA256 db001675033574e5291b1717b7b704d43d9bd676604b623f781d2f4cde60590a
ssdeep
6144:DN2RB9J34fDasTVmTagPdnuRIbcsQFW7DnvB8mM4b25wK:eh4fDasgaMdnuRIcgkT

authentihash 2b5958ef42fb71277b162f124ebb6c1774834929458c7815cddd869e8fc95acb
imphash 172f5691fdb0e253f9f21f05ab5e0192
File size 291.0 KB ( 297984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-04-26 07:51:50 UTC ( 6 years, 1 month ago )
Last submission 2017-12-06 19:00:18 UTC ( 1 year, 5 months ago )
File names LABEL-ID-56753547-GFK72.exe
005834533
df81b21e9526c571d03bc1fb189f233c.virus
file-5422685_ex_
df81b21e9526c571d03bc1fb189f233c
LABEL-ID-56753547-GFK72.ex
vt-upload-SegFU
2
LABELID56753547GFK72.exe
Q1bamsgneu.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!