× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb9e8338bbba02b9208bc97d3ae485ffec3996ae75d690b13155290ff571b0b1
File name: Rbqynx6auk4o.exe
Detection ratio: 52 / 57
Analysis date: 2016-09-07 16:08:11 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.AAK 20160907
AegisLab Troj.Ransom.W32.Blocker.bbco!c 20160907
AhnLab-V3 Trojan/Win32.Blocker.N835859986 20160907
ALYac Trojan.Ransom.AAK 20160907
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20160907
Arcabit Trojan.Ransom.AAK 20160907
Avast Win32:Downloader-TAI [Trj] 20160907
AVG SHeur4.BGPG 20160907
Avira (no cloud) WORM/Dorkbot.I.560 20160907
AVware Worm.Win32.Dorkbot 20160907
BitDefender Trojan.Ransom.AAK 20160907
Bkav W32.FaregLTQ.Trojan 20160907
CAT-QuickHeal Worm.Dorkbot.rw3 20160907
ClamAV Win.Trojan.Dorkbot-494 20160907
Comodo TrojWare.Win32.Kryptik.AZJH 20160907
Cyren W32/Dorkbot.VYUD-0883 20160907
DrWeb BackDoor.IRC.NgrBot.42 20160907
Emsisoft Trojan.Ransom.AAK (B) 20160907
ESET-NOD32 Win32/Dorkbot.B 20160907
F-Prot W32/Dorkbot.GC 20160907
F-Secure Trojan.Ransom.AAK 20160907
Fortinet W32/Blocker.B!tr 20160907
GData Trojan.Ransom.AAK 20160907
Ikarus Worm.Win32.Dorkbot 20160907
Invincea dialer.win32.porndialer.g 20160830
Jiangmin Trojan/Blocker.ear 20160907
K7AntiVirus Trojan ( 0040f3181 ) 20160907
K7GW Trojan ( 0040f3181 ) 20160907
Kaspersky Trojan-Ransom.Win32.Blocker.bbco 20160907
McAfee Ainslot.b 20160907
McAfee-GW-Edition Ainslot.b 20160907
Microsoft Worm:Win32/Dorkbot.I 20160907
eScan Trojan.Ransom.AAK 20160907
NANO-Antivirus Trojan.Win32.NgrBot.crswdx 20160907
nProtect Trojan/W32.Blocker.132096.D 20160907
Panda Generic Malware 20160907
Qihoo-360 HEUR/Malware.QVM18.Gen 20160907
Rising Malware.Generic!2tSkXtz9obS@5 (thunder) 20160907
Sophos Troj/Zbot-ETH 20160907
SUPERAntiSpyware Trojan.Agent/Gen-Symmi 20160907
Symantec Trojan.Gen.2 20160907
Tencent Win32.Trojan.Blocker.Eanu 20160907
TheHacker Posible_Worm32 20160905
TotalDefense Win32/Dorkbot.TN 20160907
TrendMicro WORM_DORKBOT.NG 20160907
TrendMicro-HouseCall WORM_DORKBOT.NG 20160907
VBA32 BScope.Trojan.MTA.0661 20160907
VIPRE Worm.Win32.Dorkbot 20160907
ViRobot Trojan.Win32.Blocker.132096[h] 20160907
Yandex Trojan.Blocker!AELVgzB0wAo 20160907
Zillya Trojan.Blocker.Win32.7242 20160907
Zoner I-Worm.Dorkbot.B 20160907
Alibaba 20160907
Baidu 20160907
CMC 20160907
Kingsoft 20160907
Malwarebytes 20160907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Hako
Original name Rbqynx6auk4o.exe
Description Enukoqe Bybuxu Xucep
Packers identified
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-29 22:47:28
Entry Point 0x0004A280
Number of sections 3
PE sections
PE imports
RegDeleteKeyW
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
IsChild
Number of PE resources by type
RT_ACCELERATOR 11
RT_DIALOG 11
RT_BITMAP 9
RT_GROUP_ICON 4
RT_VERSION 1
Number of PE resources by language
SPANISH VENEZUELA 36
PE resources
ExifTool file metadata
qFb8deJYaeBG2A
oJebxJdiKp6y7jGPX

w3WDr5ujseFbAS52
oTBywfOk6qNmv3CP2ik

PYbLP8ELVkCp4Hp
uBAa31qalKsjphf

InitializedDataSize
8192

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

EhUcekvvIOY7
4lVFVQ8osqTWXvm

LbCquVUPS7FR2B
vnbam48Pv6djQedqr

FileDescription
Enukoqe Bybuxu Xucep

SXckrT5Ey1L3sf66XJeE
JUusk6bNtMER

CharacterSet
Unicode

oIxnSsWsIRr
hC1DT3OhcUJi2kp5EG

esqeDoJoJiplTCrMX3
ar8tCQcK6vo

LinkerVersion
4.0

POYOrWWd5OCwEbJ
AJJBXlYwK7r1CyKuu6

R72ER2TAOEH
GMQhqjkAi1VXWMIA4y7Y

FileOS
Windows NT 32-bit

EntryPoint
0x4a280

LXGtkUQrBkwJAQTNTF
5aJ8xeh8oQCRMq

OriginalFileName
Rbqynx6auk4o.exe

MIMEType
application/octet-stream

P26kAkNt5ruRq5JAN1B
EjjT3myBy8McXKObW

lqWmOHIm4i5Dl6Nab
rCocL7CXjFL4puujTP

TimeStamp
2011:04:29 23:47:28+01:00

W2nkbreUKQA
OftDYtGFhX4gXoIMtG

PEType
PE32

LOQGdU8c4Q
w82vqLjmcj8xB4A8

SubsystemVersion
4.0

UninitializedDataSize
176128

MachineType
Intel 386 or later, and compatibles

OSVersion
4.0

Tag4uC18GtbOqOrj2qF
ErYLoIhAFOJjYT3

PUclfw4Y8l2H
N6aB2AQ2bWSLNeT

Subsystem
Windows GUI

aITmwoMg31bB6U
3M3hT2MsmW

blTYYtFQnxVTIq
4o3GRCApvXTrNyda6PI

FileType
Win32 EXE

CodeSize
126976

ProductName
Hako

ProductVersionNumber
6.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

eaJ47NtHaoehoqdrJ
mdmEVMVCRP2S7jSVw

Compressed bundles
File identification
MD5 1c86232aeea8f270432facb1b4f36830
SHA1 ead70669bdca4e25fa7be5d3ca3e482d266710cc
SHA256 eb9e8338bbba02b9208bc97d3ae485ffec3996ae75d690b13155290ff571b0b1
ssdeep
3072:pL451Tf09OrazZFSJQuHFNE8IcaCsiiRUKHwG8wkCWa:pL451LJBH/E8sCniRUKHywU

authentihash edeef3793b17a43dcc040315f4ff33c33deff61848ac195657fa05485abca481
imphash 512ff7be03c87a534b27aea5fa545aa0
File size 129.0 KB ( 132096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx usb-autorun

VirusTotal metadata
First submission 2013-04-17 07:29:23 UTC ( 3 years, 11 months ago )
Last submission 2015-06-12 10:47:31 UTC ( 1 year, 9 months ago )
File names WL-564ecf16c80c19e69798f57baedd498d-0.ex$
cbEtsVjxwUoxryy.exe_
Rbqynx6auk4o.exe
Jrokot.exe
WL-564ecf16c80c19e69798f57baedd498d-0
B2586.exe
WfVdAHsisnFVCyM.exe
yleseq.exe
7384FUDXX-.exe
vt-upload-oethQ
e2a38afd.pif
MTudrjeWvITQpHe.exe
file-5409744_exe
1c86232aeea8f270432facb1b4f36830
005402542
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!