× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e7256e31532804df57cc0911ec85f43184f4db8e07ba8210950c1c08fb0c2622
File name: nwQ8hj
Detection ratio: 49 / 57
Analysis date: 2016-12-29 09:28:25 UTC ( 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.ManBat.1 20161229
AegisLab Troj.Ransom.W32.Gimemo.onr!c 20161229
AhnLab-V3 Dropper/Win32.Injector.R22678 20161228
Antiy-AVL Trojan[Ransom]/Win32.Gimemo 20161229
Arcabit Trojan.ManBat.1 20161229
Avast Win32:Evo-gen [Susp] 20161229
AVG Generic27.BIUB 20161229
Avira (no cloud) TR/Crypt.ULPM.Gen 20161229
AVware Trojan.Win32.Generic!BT 20161229
BitDefender Gen:Heur.ManBat.1 20161229
Bkav W32.HfsAutoA.C428 20161228
ClamAV Win.Trojan.Gimemo-429 20161229
Comodo UnclassifiedMalware 20161229
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
DrWeb Trojan.Winlock.5413 20161229
Emsisoft Gen:Heur.ManBat.1 (B) 20161229
ESET-NOD32 a variant of Win32/Injector.POF 20161229
F-Secure Gen:Heur.ManBat.1 20161229
Fortinet W32/Gimemo.ONH!tr 20161229
GData Gen:Heur.ManBat.1 20161229
Ikarus Trojan.Win32.Refroso 20161229
Invincea dialer.win32.adialer.c 20161216
Jiangmin Trojan/Gimemo.fmv 20161229
K7AntiVirus Backdoor ( 04c4c35b1 ) 20161229
K7GW Backdoor ( 04c4c35b1 ) 20161229
Kaspersky Trojan-Ransom.Win32.Gimemo.onr 20161228
Malwarebytes Trojan.Agent 20161229
McAfee W32/Worm-FCF!4ECA1CC46A3F 20161229
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20161229
Microsoft Trojan:Win32/VB.AJD 20161229
eScan Gen:Heur.ManBat.1 20161229
NANO-Antivirus Trojan.Win32.Gimemo.ndquw 20161229
nProtect Trojan/W32.Agent.254464.EU 20161229
Panda Trj/Genetic.gen 20161228
Qihoo-360 Win32/Trojan.IM.493 20161229
Rising Malware.Generic!aQNMEwykr5F@5 (thunder) 20161229
Sophos Mal/VBCheMan-A 20161229
SUPERAntiSpyware Trojan.Agent/Gen-Falofn 20161229
Symantec Trojan.Gen 20161229
Tencent Win32.Trojan.Gimemo.bdvu 20161229
TheHacker Trojan/Gimemo.onr 20161226
TotalDefense Win32/VBInject.U!generic 20161229
TrendMicro TROJ_INJECTION.JS 20161229
TrendMicro-HouseCall TROJ_INJECTION.JS 20161229
VBA32 SScope.Malware-Cryptor.VBCR.2841 20161228
VIPRE Trojan.Win32.Generic!BT 20161229
ViRobot Trojan.Win32.A.Gimemo.254464.A[UPX][h] 20161229
Yandex Trojan.Gimemo!VoOYcXjp9RA 20161228
Zillya Trojan.Gimemo.Win32.1879 20161229
Alibaba 20161223
ALYac 20161229
Baidu 20161207
CAT-QuickHeal 20161229
CMC 20161229
Cyren 20161229
F-Prot 20161229
Kingsoft 20161229
Trustlook 20161229
WhiteArmor 20161221
Zoner 20161229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product YuHVD
Original name nwQ8hj.exe
Internal name nwQ8hj
File version 7.03.0014
Comments KjYVP
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-29 05:39:04
Entry Point 0x00023F00
Number of sections 4
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(581)
SystemParametersInfoW
Number of PE resources by type
RT_ICON 9
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
crLew

UninitializedDataSize
118784

Comments
KjYVP

InitializedDataSize
20480

ImageVersion
7.3

FileSubtype
0

FileVersionNumber
7.3.0.14

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x23f00

OriginalFileName
nwQ8hj.exe

MIMEType
application/octet-stream

FileVersion
7.03.0014

TimeStamp
2012:03:29 06:39:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nwQ8hj

ProductVersion
7.03.0014

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
nJin

CodeSize
28672

ProductName
YuHVD

ProductVersionNumber
7.3.0.14

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4eca1cc46a3f4a83089771a3cecb2ce9
SHA1 c1465f7eb22349342095f4659806ee6bb56bcbf8
SHA256 e7256e31532804df57cc0911ec85f43184f4db8e07ba8210950c1c08fb0c2622
ssdeep
6144:PK02qh0f6dLINn9P4fgMHNlcPuY8lQ8Ez9OpzTYFz3f:S0IfqS+ft6L8TpA93

authentihash 3e7c77a3e5374c377fd9e87210a794ffc932fcfc6104fe1dde4785f21eb912b8
imphash ee25e5c7874786b7f0a1c64e40d09917
File size 248.5 KB ( 254464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (43.5%)
Win32 EXE Yoda's Crypter (42.7%)
Win32 Executable (generic) (7.2%)
Generic Win/DOS Executable (3.2%)
DOS Executable Generic (3.2%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-03-29 18:52:18 UTC ( 5 years, 2 months ago )
Last submission 2014-03-24 20:55:45 UTC ( 3 years, 2 months ago )
File names nwQ8hj.exe
4eca1cc46a3f4a83089771a3cecb2ce9
ediv.exe
file-3730285_exe
nwQ8hj
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!