× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc8473d3b3421fcb4bd5ea1c548a938c5026d10169b011868806b07dca915db0
File name: I91QPCtexebhh.exe
Detection ratio: 27 / 68
Analysis date: 2018-09-15 04:27:34 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Arcabit Trojan.Generic.D1DC4221 20180915
BitDefender Trojan.GenericKD.31212065 20180915
CAT-QuickHeal Trojan.Emotet.X4 20180912
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180915
Cyren W32/Trojan.PTHL-8243 20180915
Emsisoft Trojan.GenericKD.31212065 (B) 20180915
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CLDD 20180915
GData Win32.Trojan-Spy.Emotet.QJBQ97 20180915
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180915
Malwarebytes Trojan.Emotet 20180915
McAfee RDN/Generic.grp 20180915
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fm 20180915
Microsoft Trojan:Win32/Emotet.AC!bit 20180915
eScan Trojan.GenericKD.31212065 20180915
Palo Alto Networks (Known Signatures) generic.ml 20180915
Qihoo-360 HEUR/QVM20.1.DD35.Malware.Gen 20180915
Rising Spyware.Ursnif!8.1DEF (CLOUD) 20180915
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/EncPk-ANX 20180914
Symantec Packed.Generic.517 20180914
TrendMicro TROJ_FRS.VSN0EI18 20180915
TrendMicro-HouseCall TROJ_FRS.VSN0EI18 20180915
Webroot W32.Trojan.Emotet 20180915
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bdqi 20180915
Ad-Aware 20180913
AegisLab 20180915
AhnLab-V3 20180914
Alibaba 20180713
ALYac 20180915
Antiy-AVL 20180915
Avast 20180915
Avast-Mobile 20180915
AVG 20180915
Avira (no cloud) 20180914
AVware 20180915
Babable 20180907
Baidu 20180914
Bkav 20180914
ClamAV 20180915
CMC 20180914
Comodo 20180915
Cybereason 20180225
DrWeb 20180915
eGambit 20180915
F-Prot 20180915
F-Secure 20180915
Fortinet 20180915
Ikarus 20180914
Jiangmin 20180915
K7AntiVirus 20180914
K7GW 20180914
Kingsoft 20180915
MAX 20180915
NANO-Antivirus 20180915
Panda 20180914
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180915
Tencent 20180915
TheHacker 20180914
TotalDefense 20180914
Trustlook 20180915
VBA32 20180914
VIPRE 20180915
ViRobot 20180915
Yandex 20180914
Zillya 20180914
Zoner 20180914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name QllZd.dll
File version 91.333.22.1
Description QllZad
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-15 01:33:07
Entry Point 0x0001C885
Number of sections 6
PE sections
PE imports
RegSetKeySecurity
RegEnumKeyExW
CreateServiceW
PrintDlgExW
CertGetNameStringW
Rectangle
Process32NextW
SetFileCompletionNotificationModes
GetFileSize
GetModuleHandleA
GetCommandLineW
SetEndOfFile
CopyFileExW
SetHandleInformation
NetUserEnum
NetSessionDel
NetUserGetGroups
NetGroupAddUser
SafeArrayGetDim
RpcMgmtSetCancelTimeout
RpcMgmtInqComTimeout
NdrConvert2
StrRChrIA
PathSetDlgItemPathW
StrChrNW
PathIsUNCServerShareW
GetScrollInfo
SetWindowContextHelpId
EnumDisplaySettingsExW
SetThreadDesktop
IsCharLowerW
WindowFromDC
midiOutGetDevCapsA
AddPrinterDriverExW
DeletePrinterConnectionW
connect
HDC_UserUnmarshal
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
SLOVENIAN DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
1006425862

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
QllZad

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
0

EntryPoint
0x1c885

MIMEType
application/octet-stream

FileVersion
91.333.22.1

TimeStamp
2018:09:14 18:33:07-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
QllZd.dll

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fatal Enterprice

CodeSize
118784

FileSubtype
0

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 192d156343bedc844973ddec98bd5633
SHA1 5b532b77c14dd8f26b70f8911e93510e08ab6339
SHA256 dc8473d3b3421fcb4bd5ea1c548a938c5026d10169b011868806b07dca915db0
ssdeep
6144:YZI46Eb6WiohJs/DeTQIa/7Ekqj4+KPi/d7Feo4TrvD2d6q:YK4iWiohMqTQb7EkqjBaMMq

authentihash 0bac34544a504303c9f84dcd9c7e3c3be9735c901fd3e244d2fdc47a5ac230e2
imphash 0e7b23c8537cf2dbd58fb7f30d72fbe8
File size 348.0 KB ( 356352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-14 18:35:36 UTC ( 5 months, 1 week ago )
Last submission 2018-09-15 23:49:38 UTC ( 5 months, 1 week ago )
File names 9wtXvUrOo8.exe
lSINSCngT.exe
aeDvQXT4YLz.exe
IoeLCZRvc.exe
M7ODu85m.exe
hivmmcp4qtg2.exe
D1FgGwsDp.exe
o9d08pG3nC.exe
CWxrPrgkz.exe
UmyasAqhSbcb.exe
xJaPahMq4xR.exe
I91QPCtexebhh.exe
gOHU16KlB.exe
VxdxYnPiz.exe
A7APxngBDk4.exe
hpwUUog3yNj.exe
7wGgSfZbwCwc.exe
OUEb6KD9P.exe
wMWAvWbjk.exe
352qFB4isf.exe
GVkeHvZha.exe
CxQd8NixAgcU.exe
QllZd.dll
vq66CEFd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!