× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e9d961d3534cc59942922dac068cb0b7259b7499fe1fd8bf65ea914aa632c0d4
File name: Qoeg.exe
Detection ratio: 1 / 54
Analysis date: 2015-07-10 19:25:15 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Spy.Zbot.ACB 20150710
Ad-Aware 20150710
AegisLab 20150710
Yandex 20150710
AhnLab-V3 20150710
Alibaba 20150710
ALYac 20150710
Antiy-AVL 20150710
Arcabit 20150710
Avast 20150710
AVG 20150710
Avira (no cloud) 20150710
AVware 20150710
Baidu-International 20150710
BitDefender 20150710
Bkav 20150708
ByteHero 20150710
CAT-QuickHeal 20150710
ClamAV 20150710
Comodo 20150710
Cyren 20150710
DrWeb 20150710
Emsisoft 20150710
F-Prot 20150710
F-Secure 20150710
Fortinet 20150710
GData 20150710
Ikarus 20150710
Jiangmin 20150710
K7AntiVirus 20150710
K7GW 20150710
Kaspersky 20150710
Kingsoft 20150710
Malwarebytes 20150710
McAfee 20150710
McAfee-GW-Edition 20150710
Microsoft 20150710
NANO-Antivirus 20150710
nProtect 20150710
Panda 20150710
Qihoo-360 20150710
Rising 20150709
Sophos AV 20150710
SUPERAntiSpyware 20150710
Symantec 20150710
Tencent 20150710
TheHacker 20150709
TrendMicro 20150710
TrendMicro-HouseCall 20150710
VBA32 20150710
VIPRE 20150710
ViRobot 20150710
Zillya 20150710
Zoner 20150710
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2009-2015 AccessData Group

Product ExactClimb
Original name mightcatch.exe
Internal name ExactClimb
File version 6.8.8904.6974
Description ExactClimb
Comments Degree should ExactClimb
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-10 09:32:58
Entry Point 0x0000F1A0
Number of sections 4
PE sections
PE imports
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetUserDefaultLCID
SetSystemTimeAdjustment
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
IsValidLocale
lstrcmpW
GlobalLock
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
StrStrIA
PathRemoveBackslashA
PathRemoveBlanksA
PathUnquoteSpacesA
PathStripPathA
UrlEscapeA
MapWindowPoints
SetForegroundWindow
GetMessagePos
GetParent
ReleaseDC
SetPropA
SetMenuItemBitmaps
DestroyWindow
GetCapture
GetMenuState
GetClassInfoExA
DestroyMenu
PostQuitMessage
DefWindowProcA
SetWindowTextA
GetPropA
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
IsIconic
IsWindow
GetWindowRect
DispatchMessageA
RegisterClassA
UnhookWindowsHookEx
PostMessageA
GrayStringA
MessageBoxA
PeekMessageA
GetTopWindow
SetWindowLongA
AdjustWindowRectEx
IsWindowEnabled
GetWindow
GetSysColor
GetDC
GetKeyState
SystemParametersInfoA
GetDlgCtrlID
GetClassInfoA
CheckMenuItem
GetMenu
UnregisterClassA
GetLastActivePopup
GetForegroundWindow
GetWindowPlacement
SendMessageA
GetMessageTime
GetClientRect
GetDlgItem
GetMenuCheckMarkDimensions
DrawTextExA
WinHelpA
RemovePropA
EnableMenuItem
ClientToScreen
GetClassLongA
CallNextHookEx
TabbedTextOutA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
SetWindowsHookExA
RegisterWindowMessageA
GetMenuItemCount
GetSubMenu
CopyRect
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
GetMenuItemID
EnableWindow
GetWindowTextA
ModifyMenuA
PtInRect
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Degree should ExactClimb

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.8.8904.6974

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
ExactClimb

CharacterSet
Unicode

InitializedDataSize
184320

EntryPoint
0xf1a0

OriginalFileName
mightcatch.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2009-2015 AccessData Group

FileVersion
6.8.8904.6974

TimeStamp
2015:07:10 10:32:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ExactClimb

ProductVersion
6.8.8904.6974

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AccessData Group

CodeSize
270336

ProductName
ExactClimb

ProductVersionNumber
6.8.8904.6974

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 caa5924982b658c2b6859662c8616dab
SHA1 f712d0acffb79c87ebb32030cef49a782aefb296
SHA256 e9d961d3534cc59942922dac068cb0b7259b7499fe1fd8bf65ea914aa632c0d4
ssdeep
6144:0Da7dkTEhAbYviWMdI/bBcKbDCpWxUWLZ4GXqN3V941KZtPV1JrrS:0WB8bY3Mi/BDCwU8dCV97tPVm

authentihash f0336137d23b043ed1015d22139568f66356693c0c9cb69952347586ceb75b05
imphash 6891879349d3df3b0f5c30cb1e26c038
File size 384.0 KB ( 393216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-10 19:25:15 UTC ( 3 years, 8 months ago )
Last submission 2017-10-13 01:39:13 UTC ( 1 year, 5 months ago )
File names Udqyha.exe
Qoeg.exe
mightcatch.exe
ExactClimb
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00JC0DGF15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs