× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: def413c41d6b9b36d793847df7e5e811dcefc9b2ede961d7d0ca16a5b298484f
File name: uyi.exe
Detection ratio: 52 / 66
Analysis date: 2018-06-20 12:37:46 UTC ( 4 weeks, 1 day ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.129346 20180620
AegisLab Gen.Variant.Razy!c 20180620
AhnLab-V3 Trojan/Win32.Injector.C2553037 20180620
ALYac Gen:Variant.Razy.129346 20180620
Antiy-AVL Trojan[PSW]/Win32.AGeneric 20180620
Arcabit Trojan.Razy.D1F942 20180620
Avast Win32:Malware-gen 20180620
AVG Win32:Malware-gen 20180620
Avira (no cloud) TR/Dropper.Gen 20180620
AVware Trojan.Win32.Generic!BT 20180618
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20180620
BitDefender Gen:Variant.Razy.129346 20180620
CAT-QuickHeal Trojan.Injector 20180620
Comodo TrojWare.MSIL.Injector.REZ 20180620
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.8bc4ef 20180225
Cylance Unsafe 20180620
Cyren W32/Ransom.AY.gen!Eldorado 20180620
DrWeb Trojan.Nanocore.23 20180620
Emsisoft Gen:Variant.Razy.129346 (B) 20180620
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of MSIL/Injector.REK 20180620
F-Prot W32/Ransom.AY.gen!Eldorado 20180620
F-Secure Gen:Variant.Razy.129346 20180620
Fortinet MSIL/Kryptik.NZA!tr 20180620
GData Gen:Variant.Razy.129346 20180620
Ikarus Trojan.MSIL.Injector 20180620
Sophos ML heuristic 20180601
Jiangmin Trojan.PSW.Generic.avk 20180620
K7AntiVirus Trojan ( 0050322e1 ) 20180620
K7GW Trojan ( 0050322e1 ) 20180620
Kaspersky HEUR:Trojan-PSW.Win32.Generic 20180620
Malwarebytes Spyware.PasswordStealer 20180620
MAX malware (ai score=100) 20180620
McAfee Packed-FFH!76902CA8BC4E 20180620
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20180620
Microsoft VirTool:MSIL/Subti.N 20180620
eScan Gen:Variant.Razy.129346 20180620
NANO-Antivirus Trojan.Win32.Nanocore.fdoood 20180620
Palo Alto Networks (Known Signatures) generic.ml 20180620
Panda Trj/GdSda.A 20180619
Qihoo-360 Win32/Trojan.PSW.2ff 20180620
SentinelOne (Static ML) static engine - malicious 20180618
Sophos AV Mal/Generic-S 20180620
Symantec Trojan.Gen.2 20180620
Tencent Win32.Trojan-qqpass.Qqrob.Aiia 20180620
TrendMicro BKDR_NOANCOOE.THFOGAH 20180620
TrendMicro-HouseCall BKDR_NOANCOOE.THFOGAH 20180620
VBA32 TScope.Trojan.MSIL 20180620
Webroot Trojan.Msil.Coinminer.Gen 20180620
Yandex Trojan.Injector!CGlcLLu53KY 20180620
ZoneAlarm by Check Point HEUR:Trojan-PSW.Win32.Generic 20180620
Avast-Mobile 20180620
Babable 20180406
Bkav 20180620
ClamAV 20180620
CMC 20180620
eGambit 20180620
Kingsoft 20180620
Rising 20180620
SUPERAntiSpyware 20180620
Symantec Mobile Insight 20180619
TACHYON 20180620
TheHacker 20180619
Trustlook 20180620
VIPRE 20180620
ViRobot 20180620
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name uyi.exe
Internal name uyi.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-03 06:06:51
Entry Point 0x0004C46E
Number of sections 3
.NET details
Module Version ID 8c1eacb6-9f83-4b9d-90ca-9672d921b3b9
PE sections
Overlays
MD5 bf619eac0cdf3f68d496ea9344137e8b
File type ASCII text
Offset 309760
Size 512
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0x4c46e

OriginalFileName
uyi.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2018:06:03 07:06:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
uyi.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
304640

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

Compressed bundles
File identification
MD5 76902ca8bc4ef01a002df0cbf047c0d4
SHA1 d757ec3ce9fc6e49ff790e0eb7a7b455938a875e
SHA256 def413c41d6b9b36d793847df7e5e811dcefc9b2ede961d7d0ca16a5b298484f
ssdeep
6144:lvCgIegDyQNdE4B5MTOu/9uJ/JN9gO9ET01KQkE+wA2IwA3xK:MuNgdE4B5lu/4qr0UKA2c3xK

authentihash 925a779d485f0e3b819fe329e34c352e1e8d7301ee77444267165a9cf80e4c38
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 303.0 KB ( 310272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-06-05 13:23:31 UTC ( 1 month, 2 weeks ago )
Last submission 2018-06-08 02:23:17 UTC ( 1 month, 1 week ago )
File names output.113403029.txt
uyi(1).exe
C$~Program Files (x86)~Akpd0q~certmgrlzj.exe
f0ecfb3e8d7746f5090e928b6063d8c9bac3ce85
uyi.exe
uyi.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!