× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ec52bc159b12ec20621cc6842a16ba4f726919c48ec2e8882f9b5a34c6710763
File name: unknown4.exe
Detection ratio: 47 / 65
Analysis date: 2017-08-01 00:17:43 UTC ( 2 weeks, 1 day ago )
Antivirus Result Update
Ad-Aware Adware.Generic.1762753 20170731
AhnLab-V3 PUP/Win32.PornTool.R195571 20170731
ALYac Adware.Generic.1762753 20170801
Antiy-AVL Trojan/Win32.TSGeneric 20170801
Arcabit Adware.Generic.D1AE5C1 20170801
Avast Win32:Adware-gen [Adw] 20170801
AVG Win32:Adware-gen [Adw] 20170801
Avira (no cloud) PUA/Agent.42889 20170731
AVware Trojan.Win32.Generic!BT 20170801
BitDefender Adware.Generic.1762753 20170801
CAT-QuickHeal Porntool.Guagua 20170731
ClamAV Win.Trojan.Generic-5718281-0 20170731
Comodo Application.Win32.GuaGua.~A 20170731
Cylance Unsafe 20170801
Cyren W32/S-ca1b5162!Eldorado 20170731
DrWeb Adware.PornTool.14 20170801
Emsisoft Application.PornTool (A) 20170731
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/PornTool.GuaGua.A potentially unsafe 20170731
F-Prot W32/S-ca1b5162!Eldorado 20170801
F-Secure Adware.Generic.1762753 20170731
Fortinet Riskware/PornTool_GuaGua 20170801
GData Win32.Application.GuaGua.A 20170801
Ikarus not-a-virus:Porn-Tool.Win32.GuaGua 20170731
Sophos ML heuristic 20170607
Jiangmin Porn-Tool.GuaGua.a 20170801
K7AntiVirus Unwanted-Program ( 004bae261 ) 20170731
K7GW Unwanted-Program ( 004bae261 ) 20170731
Malwarebytes Adware.Agent 20170731
MAX malware (ai score=100) 20170731
McAfee PUP-XAA-VW 20170731
McAfee-GW-Edition PUP-XAA-VW 20170731
eScan Adware.Generic.1762753 20170731
NANO-Antivirus Riskware.Win32.PornTool.eigall 20170731
Palo Alto Networks (Known Signatures) generic.ml 20170801
Panda Trj/CI.A 20170731
Rising Malware.Undefined!8.C (cloud:zwnw16vvIsL) 20170731
Sophos AV Generic PUA CB (PUA) 20170731
SUPERAntiSpyware Trojan.Agent/Gen-PornTool 20170731
Symantec Trojan.Gen.2 20170731
TrendMicro PUA_PornTool 20170731
TrendMicro-HouseCall PUA_PornTool 20170731
VIPRE Trojan.Win32.Generic!BT 20170731
ViRobot Adware.Guagua.1314400 20170731
Webroot W32.Adware.Gen 20170801
Yandex Riskware.GuaGua! 20170728
Zillya Tool.GuaGua.Win32.11 20170731
AegisLab 20170731
Alibaba 20170731
Baidu 20170728
Bkav 20170731
CMC 20170731
CrowdStrike Falcon (ML) 20170710
Kaspersky 20170731
Kingsoft 20170801
Microsoft 20170801
nProtect 20170731
Qihoo-360 20170801
SentinelOne (Static ML) 20170718
Symantec Mobile Insight 20170801
Tencent 20170801
TheHacker 20170730
TotalDefense 20170731
Trustlook 20170801
VBA32 20170731
WhiteArmor 20170731
ZoneAlarm by Check Point 20170731
Zoner 20170731
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2016 ZheJiang QiJu Technology CO.,LTD

Product GirlShow
Original name GirlShow.exe
Internal name GirlShow
File version 1.2.0.0
Description GirlShow
Comments ????????
Signature verification Signed file, verified signature
Signing date 10:09 AM 4/25/2016
Signers
[+] ??????????
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer WoSign Class 3 Code Signing CA
Valid from 9:59 AM 11/5/2015
Valid to 9:59 AM 2/5/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 757F4BEC83A1C2D74E8EBA90E1A5AB943F41054D
Serial number 44 36 73 F6 2C 8D 81 95 2B 12 36 8E 02 D3 C6 B7
[+] WoSign Class 3 Code Signing CA
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2024
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 1C554F5B2042DF153C43E156C56F08EED0973EC7
Serial number 46 BB B3 40 FA B9 C1 79 28 93 8C 93 DA 10 86 79
[+] WoSign
Status Valid
Issuer Certification Authority of WoSign
Valid from 2:00 AM 8/8/2009
Valid to 2:00 AM 8/8/2039
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint B94294BF91EA8FB64BE61097C7FB001359B676CB
Serial number 5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-25 09:08:02
Entry Point 0x00031171
Number of sections 4
PE sections
Overlays
MD5 3244ced822bb8a07291f598b8b3331eb
File type data
Offset 1306624
Size 7776
Entropy 7.52
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
Ord(17)
_TrackMouseEvent
GetWindowExtEx
SetMapMode
GetRgnBox
SaveDC
TextOutA
CreateRectRgnIndirect
GetClipBox
GetPixel
Rectangle
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SetPixel
SelectObject
BitBlt
SetTextColor
GetObjectA
RectVisible
CreateBitmap
CreateFontA
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
ExtSelectClipRgn
CreateCompatibleDC
GetBkColor
ScaleViewportExtEx
SetViewportExtEx
GetTextExtentPoint32A
GetMapMode
SetWindowExtEx
GetTextColor
DPtoLP
Escape
GetViewportExtEx
DeleteObject
CreateCompatibleBitmap
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
DebugBreak
DuplicateHandle
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDiskFreeSpaceExA
GetLocaleInfoA
LocalAlloc
lstrcatA
Module32First
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
FatalExit
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
GlobalFindAtomA
HeapAlloc
GetVersionExA
RemoveDirectoryA
GlobalHandle
GetVolumeInformationA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
SetFilePointer
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
OpenProcess
CreateDirectoryA
DeleteFileA
GlobalLock
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
FindNextFileA
Process32First
lstrcmpW
WaitForMultipleObjects
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
GetModuleFileNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
FreeResource
SizeofResource
CreateProcessA
HeapCreate
VirtualQuery
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
OleCreateFontIndirect
SafeArrayGetLBound
SysStringLen
SystemTimeToVariantTime
SafeArrayCreate
SafeArrayGetUBound
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayUnlock
VariantCopy
SafeArrayLock
SafeArrayGetVartype
SafeArrayRedim
SysFreeString
SafeArrayCopy
SysAllocStringByteLen
VariantInit
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
PathFindExtensionA
PathIsUNCA
PathAddBackslashA
PathQuoteSpacesA
PathRemoveBackslashA
PathCanonicalizeA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathRemoveFileSpecA
PathFileExistsA
MapWindowPoints
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
CopyRect
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
CopyAcceleratorTableA
GetTopWindow
GetActiveWindow
GetWindowTextA
InvalidateRgn
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
GetClassInfoExA
ShowWindow
GetPropA
GetNextDlgGroupItem
GetDesktopWindow
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
CharNextA
GetSysColorBrush
ReleaseDC
PtInRect
IsChild
IsDialogMessageA
SetFocus
PostMessageA
BeginPaint
OffsetRect
DrawIcon
KillTimer
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
SetCapture
ReleaseCapture
SetWindowLongA
IsRectEmpty
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
GetDC
SetForegroundWindow
PostThreadMessageA
MapDialogRect
IntersectRect
SetLayeredWindowAttributes
EndDialog
SetWindowContextHelpId
GetCapture
ScreenToClient
MessageBeep
DrawTextExA
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
SetRect
InvalidateRect
wsprintfA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
HttpSendRequestA
InternetSetStatusCallback
InternetQueryDataAvailable
HttpAddRequestHeadersA
InternetWriteFile
HttpOpenRequestA
InternetReadFile
InternetCanonicalizeUrlA
InternetCloseHandle
InternetOpenA
InternetGetLastResponseInfoA
InternetConnectA
InternetSetOptionExA
HttpQueryInfoA
InternetSetFilePointer
InternetGetCookieExA
InternetCrackUrlA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
WSAStartup
GetFileTitleA
GdipSetImageAttributesColorKeys
GdipAlloc
GdipCreateImageAttributes
GdipCreateFromHDC
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipDisposeImage
GdipGetImageWidth
GdipLoadImageFromStreamICM
GdipFree
GdipCloneImage
GdiplusStartup
GdipGetImageHeight
GdipDrawImageRectI
GdiplusShutdown
GdipDrawImageRectRectI
GdipDeleteGraphics
CoInitializeEx
OleUninitialize
CoTaskMemFree
CoInitialize
CoRevokeClassObject
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoCreateInstance
CLSIDFromProgID
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
CoTaskMemAlloc
OleIsCurrentClipboard
OleInitialize
CLSIDFromString
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
CoGetClassObject
Number of PE resources by type
IMAGE 20
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 9
RT_DIALOG 8
RT_BITMAP 2
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 87
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
999424

ImageVersion
0.0

ProductName
GirlShow

FileVersionNumber
1.2.0.0

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Windows, Chinese (Simplified)

LinkerVersion
7.1

PrivateBuild
1.2.0.0

FileTypeExtension
exe

OriginalFileName
GirlShow.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.2.0.0

TimeStamp
2016:04:25 10:08:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GirlShow

ProductVersion
1.2.0.0

FileDescription
GirlShow

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2016 ZheJiang QiJu Technology CO.,LTD

MachineType
Intel 386 or later, and compatibles

CodeSize
323584

FileSubtype
0

ProductVersionNumber
1.2.0.0

EntryPoint
0x31171

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f1db409bf1ff8f356cffb4a5546c34a4
SHA1 2179d4d0cb9bc3b1afaac59d05d0b1682108efa9
SHA256 ec52bc159b12ec20621cc6842a16ba4f726919c48ec2e8882f9b5a34c6710763
ssdeep
24576:aHVXCwzorO85QrktYOBRezSU4vCVHmg74P8BEu2cddRYbhlSG0YdDeMGXXCugvi9:6orO8MktYuRezSU4vCVHmg74P8BJ20R7

authentihash 3260b79dc938eb3f69f2530a0ec487830e47fb37ef5f06d0efd13a9591b6c3d0
imphash 947657cd2068523662abc1f0c10e44fa
File size 1.3 MB ( 1314400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (38.7%)
Win64 Executable (generic) (34.3%)
Windows screen saver (16.2%)
Win32 Executable (generic) (5.6%)
Generic Win/DOS Executable (2.4%)
Tags
peexe overlay signed via-tor

VirusTotal metadata
First submission 2016-04-27 03:31:27 UTC ( 1 year, 3 months ago )
Last submission 2017-08-01 00:17:43 UTC ( 2 weeks, 1 day ago )
File names r1868d9d.exe
qixi_22080000013.exe
guagua_21100064544.exe
guagua_23132006116.exe
unknown4.exe
31..exe
guagua_70731111111.exe
guagua_23133404650.exe
948718
guagua_2313340675terHQ.0f70f2f5555e402ea2732509a1868d9d.exe
guagua_23103028500.exe
guagua_21100075838.exe
GirlShow.exe
ff1f8ca8-3fd3-11e7-976a-80e65024849a.file
fa003835-3670-11e7-83bd-80e65024849a.file
guagua_23103413527.exe
d11cbb40-210c-11e7-b949-80e65024849a.file
guagua_23133601176.exe
guagua_23132006153.exe
guagua_23132010351.exe
e7f55bb5-4041-11e7-9321-80e65024849a.file
guagua_23103510024.exe
df496926-2654-11e7-8108-80e65024849a.file
guagua_23132012054.exe
df496926-2654-11e7-8108-80e65024849a.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications