× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ee319599a46f917ea5fca664b355863b4569463de6aaa22bef8f07c789cbf1d3
File name: msqvNKQWQA05.exe
Detection ratio: 9 / 67
Analysis date: 2017-11-06 05:55:46 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20171103
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171106
eGambit Unsafe.AI_Score_100% 20171106
Endgame malicious (high confidence) 20171024
Fortinet W32/GenKryptik.BBIH!tr 20171106
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM20.1.FFAF.Malware.Gen 20171106
SentinelOne (Static ML) static engine - malicious 20171019
Ad-Aware 20171106
AegisLab 20171106
AhnLab-V3 20171105
Alibaba 20170911
ALYac 20171104
Antiy-AVL 20171103
Arcabit 20171106
Avast 20171106
Avast-Mobile 20171105
AVG 20171106
Avira (no cloud) 20171105
AVware 20171106
BitDefender 20171106
Bkav 20171104
CAT-QuickHeal 20171106
ClamAV 20171103
CMC 20171104
Comodo 20171106
Cybereason 20171030
Cyren 20171106
DrWeb 20171106
Emsisoft 20171106
ESET-NOD32 20171106
F-Prot 20171106
F-Secure 20171106
GData 20171106
Ikarus 20171105
Jiangmin 20171105
K7AntiVirus 20171105
K7GW 20171106
Kaspersky 20171106
Kingsoft 20171106
Malwarebytes 20171106
MAX 20171106
McAfee 20171031
McAfee-GW-Edition 20171106
Microsoft 20171106
eScan 20171106
NANO-Antivirus 20171106
nProtect 20171106
Palo Alto Networks (Known Signatures) 20171106
Panda 20171105
Rising 20171106
Sophos AV 20171106
SUPERAntiSpyware 20171106
Symantec 20171106
Symantec Mobile Insight 20171103
Tencent 20171106
TheHacker 20171102
TotalDefense 20171105
TrendMicro 20171106
TrendMicro-HouseCall 20171106
Trustlook 20171106
VBA32 20171104
VIPRE 20171106
ViRobot 20171106
Webroot 20171106
WhiteArmor 20171104
Yandex 20171102
ZoneAlarm by Check Point 20171106
Zoner 20171106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2001

Product JhonPr
Original name JhonPr.EXE
Internal name JhonPr
File version 1,0,0,0
Description JhonGame Proffes
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-01-16 19:05:03
Entry Point 0x00001850
Number of sections 8
PE sections
PE imports
OpenServiceA
CryptInstallOIDFunctionAddress
GetFontLanguageInfo
GetTextAlign
SetColorAdjustment
GetTickCount64
GetFileTime
OpenSemaphoreW
LocalFree
QueryPerformanceFrequency
FileTimeToSystemTime
lstrlenA
HeapUnlock
WritePrivateProfileStructA
GetCommandLineW
GetLocaleInfoEx
GetSystemDefaultLocaleName
GetNumberOfConsoleInputEvents
Sleep
CloseHandle
CreateFileA
GetCommandLineA
GetModuleFileNameA
GetDiskFreeSpaceA
SystemTimeToTzSpecificLocalTime
MprAdminPortDisconnect
LPSAFEARRAY_UserUnmarshal
RasGetSubEntryPropertiesA
CommandLineToArgvW
SystemParametersInfoA
CreateDesktopA
GetMenuContextHelpId
GetWindowContextHelpId
timeGetTime
_searchenv
isalpha
_wstrdate
_vsnprintf
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
12.2

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
German

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
77824

EntryPoint
0x1850

OriginalFileName
JhonPr.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright 2001

FileVersion
1,0,0,0

TimeStamp
1999:01:16 20:05:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
JhonPr

ProductVersion
FX

FileDescription
JhonGame Proffes

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Jhon

CodeSize
16384

ProductName
JhonPr

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 77e10e1e48ebdea95e8a175bea3bbc21
SHA1 5f35531cdc065abb3d425a7087ec196832514a2e
SHA256 ee319599a46f917ea5fca664b355863b4569463de6aaa22bef8f07c789cbf1d3
ssdeep
1536:+f8wKJmOXfIM8FP358Z+9HhSoY/xfuBBcTDUL++t9FPdAU8uWFax+i0Zo:jrPOR889BS52cAL++7Vf8BFewo

authentihash b2a53a5e9a16501d40e01b656e2a77d1fc2f1415e974b1f5fdfe202b0b89928f
imphash 81adff3cb51fb8c4db820d739d4e42c8
File size 96.0 KB ( 98304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-06 05:55:46 UTC ( 10 months, 3 weeks ago )
Last submission 2017-12-14 13:25:43 UTC ( 9 months, 2 weeks ago )
File names msqvNKQWQA05.exe
JhonPr
JhonPr.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!