× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e188e1d47c493b5845887d1bb124603818dcbb1c13e3cd39f0116f7920e5890f
File name: e188e1d47c493b5845887d1bb124603818dcbb1c13e3cd39f0116f7920e5890f(...
Detection ratio: 36 / 55
Analysis date: 2014-10-06 08:34:44 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.11690596 20141006
AegisLab W32.W.Fipp 20141006
Yandex Trojan.Injector!hth9OWi9xIA 20141005
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141006
Avast Win32:Injector-CAE [Trj] 20141006
Avira (no cloud) BDS/Androm.bxjk 20141006
AVware Trojan.Win32.Generic!BT 20141004
Baidu-International Trojan.Win32.Zbot.afgg 20141006
BitDefender Trojan.Generic.11690596 20141006
Cyren W32/Trojan.HJRY-2248 20141006
Emsisoft Trojan.Generic.11690596 (B) 20141006
ESET-NOD32 a variant of MSIL/Injector.FHY 20141006
F-Secure Packed:MSIL/GatedeIL.A 20141005
Fortinet W32/Zbot.UCAC!tr 20141006
GData Trojan.Generic.11690596 20141006
Ikarus Backdoor.Win32.Androm 20141006
Kaspersky Trojan-Spy.Win32.Zbot.ucac 20141006
Kingsoft Win32.Troj.Zbot.uc.(kcloud) 20141006
Malwarebytes Trojan.MSIL.Gen.D 20141006
McAfee RDN/Spybot.bfr!n 20141006
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dh 20141006
Microsoft PWS:Win32/Zbot 20141006
eScan Trojan.Generic.11690596 20141006
NANO-Antivirus Trojan.Win32.Zbot.dffxus 20141006
Norman Troj_Generic.VVAYV 20141005
Panda Trj/CI.A 20141005
Qihoo-360 Win32/Trojan.Spy.241 20141006
Rising PE:Trojan.Win32.Generic.174D1F3A!390930234 20141005
Sophos AV Mal/MSIL-KC 20141006
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20141005
Symantec Infostealer.Banker.C 20141006
Tencent Win32.Trojan-spy.Zbot.Hwcp 20141006
TrendMicro TROJ_GEN.R072C0DII14 20141006
TrendMicro-HouseCall TROJ_GEN.R072C0DII14 20141006
VBA32 TScope.Trojan.MSIL 20141004
VIPRE Trojan.Win32.Generic!BT 20141006
AhnLab-V3 20141006
AVG 20141006
Bkav 20141003
ByteHero 20141006
CAT-QuickHeal 20141004
ClamAV 20141004
CMC 20141004
Comodo 20141006
DrWeb 20141004
F-Prot 20141005
Jiangmin 20141005
K7AntiVirus 20141004
K7GW 20141004
nProtect 20141005
TheHacker 20141001
TotalDefense 20141005
ViRobot 20141006
Zillya 20141005
Zoner 20140929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
QFtBufygHLo Inc

Original name QFtBufygHLo.exe
Internal name QFtBufygHLo.exe
File version 0.3.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-15 10:34:52
Entry Point 0x0003E4FE
Number of sections 3
.NET details
Module Version ID 11edeb24-fe6d-44ba-8884-c25894ffd35a
TypeLib ID 16492168-1649-4924-b1e2-16b1dd1ccb3e
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:09:15 11:34:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
247296

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
2048

SubsystemVersion
4.0

EntryPoint
0x3e4fe

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 96e3150eb781157efbd4d490e7441bc5
SHA1 19b98e5722d0e0c672f93f85c24b95d251a30ebb
SHA256 e188e1d47c493b5845887d1bb124603818dcbb1c13e3cd39f0116f7920e5890f
ssdeep
6144:O+ta8feWGECPP42Hq1ZzzgwDJqv/9+ihPk30:fUECPw2HiwoqvAihPe

authentihash 1ab47714c25f7eab3038de4f0ae96361a6e17b15157027968de7ebb095b238ca
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-09-17 16:14:08 UTC ( 4 years, 8 months ago )
Last submission 2016-02-01 07:53:42 UTC ( 3 years, 3 months ago )
File names e188e1d47c493b5845887d1bb124603818dcbb1c13e3cd39f0116f7920e5890f(1).bin
QFtBufygHLo.exe
96e3150eb781157efbd4d490e7441bc5
e188e1d47c493b5845887d1bb124603818dcbb1c13e3cd39f0116f7920e5890f(1).bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications