× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e84c8a5ca758ee756edeb1f07a9fc5686937d58a2df673d83cb5a1cee565bf37
File name: uhtnocvh.exe
Detection ratio: 31 / 55
Analysis date: 2016-02-08 15:19:22 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3023725 20160208
AegisLab Backdoor.W32.Androm!c 20160208
AhnLab-V3 Trojan/Win32.Cryptolocker 20160208
ALYac Trojan.Ransom.cryptolocker 20160209
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160208
Arcabit Trojan.Generic.D2E236D 20160208
Avast Win32:Malware-gen 20160208
AVG FileCryptor.GOB 20160208
Avira (no cloud) TR/Crypt.ZPACK.192542 20160208
BitDefender Trojan.GenericKD.3023725 20160208
Emsisoft Trojan.GenericKD.3023725 (B) 20160208
ESET-NOD32 a variant of Win32/Injector.CRJA 20160208
F-Secure Trojan.GenericKD.3023725 20160208
Fortinet W32/Injector.CRIZ!tr 20160208
GData Trojan.GenericKD.3023725 20160208
Ikarus Trojan.Win32.Injector 20160208
K7AntiVirus Trojan ( 004dd47d1 ) 20160208
K7GW Trojan ( 004dd47d1 ) 20160208
Kaspersky Backdoor.Win32.Androm.jcei 20160208
Malwarebytes Ransom.TorrentLocker.Generic 20160208
McAfee Artemis!D2EBAFE203A9 20160208
Microsoft Ransom:Win32/Teerac 20160208
eScan Trojan.GenericKD.3023725 20160208
nProtect Trojan.GenericKD.3023725 20160205
Panda Generic Suspicious 20160207
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160208
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160208
Sophos AV Mal/Generic-S 20160208
Tencent Win32.Trojan.Inject.Auto 20160208
TrendMicro TROJ_GEN.R047C0DB416 20160208
VIPRE Trojan.Win32.Generic!BT 20160208
Yandex 20160206
Alibaba 20160204
Baidu-International 20160208
Bkav 20160204
ByteHero 20160208
CAT-QuickHeal 20160208
ClamAV 20160206
CMC 20160205
Comodo 20160208
Cyren 20160208
DrWeb 20160208
F-Prot 20160129
Jiangmin 20160208
McAfee-GW-Edition 20160209
NANO-Antivirus 20160208
SUPERAntiSpyware 20160208
Symantec 20160207
TheHacker 20160206
TotalDefense 20160208
TrendMicro-HouseCall 20160208
VBA32 20160208
ViRobot 20160208
Zillya 20160208
Zoner 20160208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-07-16 09:29:18
Entry Point 0x0000E0E6
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
LookupPrivilegeValueA
SetNamedSecurityInfoA
RegCloseKey
GetSidLengthRequired
SetEntriesInAclW
IsTokenRestricted
RegSetValueA
RegCreateKeyW
LookupAccountSidA
LookupPrivilegeValueW
RegOpenKeyExW
RegCreateKeyExA
RegSetValueW
RegCreateKeyA
GetAclInformation
RegQueryValueExW
EqualPrefixSid
LsaOpenPolicy
SetSecurityDescriptorDacl
LookupAccountNameA
RegReplaceKeyA
GetSidSubAuthority
RegQueryValueA
MakeAbsoluteSD
ClearEventLogW
SetFileSecurityW
AreAnyAccessesGranted
RegisterEventSourceA
SetTokenInformation
LookupAccountNameW
RegReplaceKeyW
LsaRetrievePrivateData
SetSecurityDescriptorSacl
RegQueryValueW
GetTokenInformation
LookupPrivilegeNameW
LsaLookupNames
GetNamedSecurityInfoW
IsValidSid
GetSidIdentifierAuthority
ImpersonateSelf
CreateProcessAsUserA
GetSecurityDescriptorDacl
RegEnumValueW
GetPrivateObjectSecurity
LsaAddAccountRights
GetSecurityDescriptorSacl
CreateRestrictedToken
EncryptFileW
GetSidSubAuthorityCount
GetLengthSid
DeleteAce
RegQueryInfoKeyA
InitializeSid
AccessCheckAndAuditAlarmA
BuildSecurityDescriptorW
RegSetKeySecurity
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
BuildTrusteeWithSidA
MakeSelfRelativeSD
AllocateAndInitializeSid
RegConnectRegistryA
RegQueryMultipleValuesW
MapGenericMask
ReadEventLogW
RegUnLoadKeyW
FreeSid
SetThreadToken
RegEnumKeyExA
GetEffectiveRightsFromAclW
SetNamedSecurityInfoW
BuildTrusteeWithSidW
CallNamedPipeW
GetQueuedCompletionStatus
EnumTimeFormatsW
BuildCommDCBAndTimeoutsA
GetSystemInfo
GetModuleHandleA
Beep
GetStartupInfoA
CreateTapePartition
EscapeCommFunction
Ord(324)
Ord(3825)
Ord(3147)
Ord(2124)
Ord(5302)
Ord(4425)
Ord(4627)
Ord(3597)
Ord(3738)
Ord(4853)
Ord(4353)
Ord(3136)
Ord(2982)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(1033)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(3259)
Ord(641)
Ord(3081)
Ord(2648)
Ord(5280)
Ord(4407)
Ord(2446)
Ord(1016)
Ord(3830)
Ord(4079)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(1005)
Ord(1727)
Ord(1168)
Ord(1075)
Ord(2985)
Ord(4998)
Ord(2385)
Ord(815)
Ord(1014)
Ord(4486)
Ord(5300)
Ord(4698)
Ord(1056)
Ord(5163)
Ord(3922)
Ord(2976)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(1011)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(1038)
Ord(5731)
_adjust_fdiv
__p__fmode
_acmdln
_lfind
__CxxFrameHandler
__p__commode
__setusermatherr
_CIsin
__dllonexit
_scwprintf
_setmbcp
_onexit
putc
__getmainargs
_initterm
ceil
_controlfp
__set_app_type
SendInput
Number of PE resources by type
RT_DIALOG 10
RT_RCDATA 6
RT_ICON 3
RT_GROUP_ICON 3
OH11iEyW4 1
sp55baPO 1
OcCdw 1
IA10E2 1
RT_MENU 1
q0v55mo 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 20
GERMAN LUXEMBOURG 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.156.242.121

UninitializedDataSize
0

LanguageCode
Unknown (TREM)

FileFlagsMask
0x003f

CharacterSet
Unknown (BLES)

InitializedDataSize
126976

EntryPoint
0xe0e6

MIMEType
application/octet-stream

LegalCopyright
2014 (C) 2010

FileVersion
Bricklayer 0,138,27,65

TimeStamp
2004:07:16 10:29:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Unbending

ProductVersion
0,2,141,252

FileDescription
Unseeing Chances Unspoken

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
WRQ, Inc.

CodeSize
57344

ProductName
Unleaded Transformational

ProductVersionNumber
0.10.76.15

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d2ebafe203a926bdbdfcc8eb18892fa7
SHA1 df562e640d55c2c79a53352e49ffb67a62667244
SHA256 e84c8a5ca758ee756edeb1f07a9fc5686937d58a2df673d83cb5a1cee565bf37
ssdeep
3072:wCwQAT+KkmCiZljFk71TMVWa6vQXYjCudMcTHmdxKHv/Ca30:wbQAT+JmCiZljC/a6KYjVdMcTHw+vL0

authentihash 862599be6e3037362d527c4dff2cf0d3ffcdff2e0ee2b7cc78a9496278485eda
imphash 9f473d6058e91165a16a8e7454052739
File size 184.0 KB ( 188416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-01 12:34:38 UTC ( 3 years ago )
Last submission 2016-02-16 03:39:29 UTC ( 3 years ago )
File names skunufaj.exe
ilabnfdl.exe
bguzuvfm.exe
TMP1061.tmp
uhtnocvh.exe
ulukazoz.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!