× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de519cd2ac49e2d608f4785fb2434fbd0075e39ecfd482edab5b60524376cd12
File name: qvzyux09.exe
Detection ratio: 29 / 59
Analysis date: 2017-03-06 21:07:02 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4516397 20170306
ALYac Trojan.GenericKD.4516397 20170306
Arcabit Trojan.Generic.D44EA2D 20170306
AVG Downloader.Generic14.BMGN 20170306
Avira (no cloud) TR/Crypt.Xpack.dobxk 20170306
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20170306
BitDefender Trojan.GenericKD.4516397 20170306
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb Trojan.PWS.Papras.2401 20170306
Emsisoft Trojan.GenericKD.4516397 (B) 20170306
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/GenKryptik.WVE 20170306
F-Secure Trojan.GenericKD.4516397 20170306
Fortinet W32/GenKryptik.WVE!tr 20170306
GData Trojan.GenericKD.4516397 20170306
Ikarus Trojan.Win32.Krypt 20170306
Sophos ML virus.win32.virut.bn 20170203
K7AntiVirus Trojan ( 0050791d1 ) 20170306
K7GW Trojan ( 0050791d1 ) 20170306
Kaspersky Trojan-Downloader.Win32.Upatre.fwij 20170306
Malwarebytes Trojan.MalPack 20170306
McAfee Artemis!D201CB29FEBE 20170306
McAfee-GW-Edition BehavesLike.Win32.Trojan.fc 20170306
eScan Trojan.GenericKD.4516397 20170306
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170306
Rising Malware.Heuristic!ET#80% (cloud:iYqk8PwVVaO) 20170306
Symantec Infostealer.Limitail 20170306
Yandex Trojan.DL.Upatre! 20170306
ZoneAlarm by Check Point Trojan-Downloader.Win32.Upatre.fwij 20170306
AegisLab 20170306
AhnLab-V3 20170306
Alibaba 20170228
Antiy-AVL 20170306
Avast 20170306
AVware 20170306
Bkav 20170306
CAT-QuickHeal 20170306
ClamAV 20170306
CMC 20170306
Comodo 20170306
Cyren 20170306
F-Prot 20170306
Jiangmin 20170306
Kingsoft 20170306
Microsoft 20170306
NANO-Antivirus 20170306
nProtect 20170306
Panda 20170306
Sophos AV 20170306
SUPERAntiSpyware 20170306
Tencent 20170306
TheHacker 20170305
TrendMicro 20170306
TrendMicro-HouseCall 20170306
Trustlook 20170306
VBA32 20170306
VIPRE 20170306
ViRobot 20170306
Webroot 20170306
WhiteArmor 20170303
Zillya 20170304
Zoner 20170306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-03 13:45:14
Entry Point 0x00001526
Number of sections 4
PE sections
PE imports
SetBoundsRect
BeginPath
AnimatePalette
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
GetEnvironmentStringsW
IsDebuggerPresent
ExitProcess
TlsAlloc
VirtualProtect
ScrollConsoleScreenBufferW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
LCMapStringA
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
WritePrivateProfileSectionA
GetCommandLineA
GetProcAddress
GetStringTypeA
QueryPerformanceFrequency
GetCPInfo
TlsFree
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
FormatMessageW
TerminateProcess
QueryPerformanceCounter
IsValidCodePage
ResetWriteWatch
GlobalAlloc
VirtualFree
CreateEventA
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
DdeCreateStringHandleW
CreateCursor
Number of PE resources by type
RT_BITMAP 4
RT_DIALOG 3
RT_ICON 2
RT_MENU 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:03:03 14:45:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
26112

LinkerVersion
9.0

EntryPoint
0x1526

InitializedDataSize
322560

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 d201cb29febef2fdd70ef0182ef460e7
SHA1 6947f28453bdbdf0d5ebdb0126feaafe70da50f2
SHA256 de519cd2ac49e2d608f4785fb2434fbd0075e39ecfd482edab5b60524376cd12
ssdeep
6144:BjDTzBqsW8zdBtEHswuzv7AOxNmaPnyq7TnCg634:BXXK+YH+r7r3mD

authentihash 316bd05a03abfa0552a33a24946caa506c508599aa27ab8493287ad6d60b34e4
imphash 22a8a6606e65a46189e404917e9d3ee0
File size 341.5 KB ( 349696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-04 13:36:39 UTC ( 1 year, 10 months ago )
Last submission 2017-03-06 21:07:02 UTC ( 1 year, 10 months ago )
File names qvzyux09.exe
32bm7nag.exe
qvzyux09.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications