× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5ef5c6ace2b0ec5ec6387b6e7f5baca6b32548ba473d3d16e886fbed93dcd92
File name: QGetServer
Detection ratio: 0 / 57
Analysis date: 2016-05-29 02:07:28 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware 20160529
AegisLab 20160529
AhnLab-V3 20160528
Alibaba 20160527
ALYac 20160528
Antiy-AVL 20160529
Arcabit 20160529
Avast 20160529
AVG 20160529
Avira (no cloud) 20160528
AVware 20160529
Baidu 20160527
Baidu-International 20160528
BitDefender 20160529
Bkav 20160528
CAT-QuickHeal 20160528
ClamAV 20160529
CMC 20160523
Comodo 20160528
Cyren 20160529
DrWeb 20160529
Emsisoft 20160529
ESET-NOD32 20160528
F-Prot 20160529
F-Secure 20160529
Fortinet 20160529
GData 20160529
Ikarus 20160528
Jiangmin 20160529
K7AntiVirus 20160528
K7GW 20160529
Kaspersky 20160529
Kingsoft 20160529
Malwarebytes 20160528
McAfee 20160529
McAfee-GW-Edition 20160529
Microsoft 20160528
eScan 20160529
NANO-Antivirus 20160529
nProtect 20160527
Panda 20160528
Qihoo-360 20160529
Rising 20160529
Sophos AV 20160528
SUPERAntiSpyware 20160528
Symantec 20160529
Tencent 20160529
TheHacker 20160528
TotalDefense 20160529
TrendMicro 20160529
TrendMicro-HouseCall 20160529
VBA32 20160527
VIPRE 20160529
ViRobot 20160528
Yandex 20160528
Zillya 20160528
Zoner 20160529
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2011

Product QGetServer Application
Original name QGetServer.EXE
Internal name QGetServer
File version 2,1,0,907
Description QGetServer MFC Application
Signature verification Signed file, verified signature
Signing date 12:41 PM 9/7/2011
Signers
[+] QNAP Systems
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 11/26/2009
Valid to 12:59 AM 11/28/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 73E080FEC46EB9B2DFB9117088C877F08DE9C671
Serial number 6A F7 D2 74 82 0F 33 7B E1 5E A3 93 32 A6 FD EF
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-09-07 11:41:12
Entry Point 0x001DEADB
Number of sections 5
PE sections
Overlays
MD5 9750e9c7794d2e69d530d3b6e1eff519
File type data
Offset 3112960
Size 6768
Entropy 7.29
PE imports
CryptDestroyKey
RegCreateKeyExW
RegCloseKey
CryptEncrypt
RegOpenKeyExW
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
CryptDeriveKey
DeregisterEventSource
RegEnumKeyW
RegisterEventSourceA
RegQueryValueW
CryptReleaseContext
RegEnumValueW
RegEnumKeyExW
CryptAcquireContextW
CryptDecrypt
CryptDestroyHash
RegDeleteValueW
RegSetValueExW
ReportEventA
ImageList_GetIconSize
GetFileTitleW
GetTextMetricsW
SetMapMode
GetWindowOrgEx
GetPaletteEntries
CombineRgn
GetViewportOrgEx
GetObjectType
GetBoundsRect
SetLayout
SetPixel
SetPaletteEntries
OffsetWindowOrgEx
CreateEllipticRgn
GetTextFaceW
CreatePalette
CreateDIBitmap
SetTextAlign
StretchBlt
ScaleViewportExtEx
SetWindowExtEx
SetBkColor
GetBkColor
SetRectRgn
MoveToEx
GetTextCharsetInfo
TextOutW
CreateFontIndirectW
OffsetRgn
CreateRectRgnIndirect
LPtoDP
GetPixel
GetLayout
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
EnumFontFamiliesW
PtInRegion
BitBlt
FillRgn
FrameRgn
SelectPalette
PtVisible
ExtSelectClipRgn
ScaleWindowExtEx
SetROP2
GetNearestPaletteIndex
SetDIBColorTable
GetTextColor
Escape
SetViewportExtEx
GetWindowExtEx
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
GetSystemPaletteEntries
GetObjectW
CreateDCW
RealizePalette
CreateHatchBrush
CreatePatternBrush
ExtTextOutW
IntersectClipRect
CreateBitmap
RectVisible
GetStockObject
SelectClipRgn
SetWindowOrgEx
SelectObject
GetViewportExtEx
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
GetRgnBox
SaveDC
RestoreDC
CreateDIBSection
SetTextColor
ExtFloodFill
SetPixelV
EnumFontFamiliesExW
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
CreateRectRgn
DeleteObject
SetPolyFillMode
CopyMetaFileW
Ellipse
CreateSolidBrush
Polyline
DPtoLP
CreateCompatibleBitmap
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
DeactivateActCtx
SetEvent
GetDriveTypeA
EncodePointer
GetFileAttributesW
DuplicateHandle
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
InterlockedExchange
FindResourceExW
FormatMessageW
WaitForSingleObject
GetSystemTimeAsFileTime
ReleaseActCtx
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
GetProfileIntW
ResumeThread
CreateEventW
OutputDebugStringW
GlobalHandle
FindClose
TlsGetValue
MoveFileW
GetFullPathNameW
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
PeekNamedPipe
ReadConsoleInputA
GlobalFindAtomW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
LoadLibraryA
HeapSetInformation
CreateActCtxW
SetConsoleCtrlHandler
ActivateActCtx
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetEnvironmentVariableW
GetPrivateProfileStringW
GetModuleHandleA
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
InterlockedDecrement
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetLastError
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
CopyFileW
GlobalSize
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
GetProcessHeap
GetTempFileNameW
GetTimeFormatW
lstrcpyW
GetFileSizeEx
GlobalReAlloc
GetFileInformationByHandle
lstrcmpA
FindFirstFileExA
GetCurrentThreadId
ResetEvent
FindFirstFileW
GlobalMemoryStatus
lstrcmpW
WaitForMultipleObjects
GetProcAddress
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GlobalGetAtomNameW
InitializeCriticalSection
LocalReAlloc
FlushConsoleInputBuffer
LCMapStringW
SetConsoleMode
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
HeapQueryInformation
WideCharToMultiByte
HeapSize
CreateSemaphoreW
GetCurrentThread
SuspendThread
ExpandEnvironmentStringsW
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
IsValidCodePage
HeapCreate
WriteFile
VirtualQuery
Sleep
SetThreadPriority
VirtualAlloc
TransparentBlt
AlphaBlend
CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VarBstrFromDate
VariantClear
SysAllocString
SysFreeString
VariantInit
DragQueryFileW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHAppBarMessage
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
DragFinish
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathIsUNCW
PathFindExtensionW
PathStripToRootW
RedrawWindow
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
MoveWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
GetMessagePos
DrawStateW
SetWindowPos
DdeDisconnect
SetScrollPos
IsWindow
GrayStringW
EndPaint
MessageBoxA
WindowFromPoint
DdeCreateStringHandleW
CharUpperBuffW
SendMessageW
SetActiveWindow
GetDC
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetMenu
GetMenuStringW
UnregisterClassW
GetClassInfoW
DdeInitializeW
DefWindowProcW
DrawTextW
DdeFreeStringHandle
GetNextDlgTabItem
CallNextHookEx
DdeFreeDataHandle
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
DdeQueryStringW
GetTopWindow
MapVirtualKeyExW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
GetKeyState
DestroyWindow
DrawEdge
GetUserObjectInformationW
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
SetClassLongW
GetMenuState
GetWindowTextW
GetMessageW
ShowWindow
DrawFrameControl
GetNextDlgGroupItem
SetPropW
EnumDisplayMonitors
DefMDIChildProcW
GetCursorPos
PeekMessageW
SetWindowsHookExW
InsertMenuItemW
SetWindowPlacement
CharUpperW
LoadIconW
GetMenuCheckMarkDimensions
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
RegisterClassW
GetIconInfo
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
DdeConnect
DrawMenuBar
IsCharLowerW
EnableMenuItem
InvertRect
DrawFocusRect
GetScrollRange
CreateMenu
DdeClientTransaction
GetActiveWindow
GetKeyboardLayout
FillRect
GetWindowRect
MonitorFromPoint
CopyRect
GetSysColorBrush
DdeNameService
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
OpenClipboard
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
LockWindowUpdate
IsIconic
BeginPaint
OffsetRect
EndDialog
GetScrollPos
CopyIcon
KillTimer
MapVirtualKeyW
MapWindowPoints
GetParent
ToUnicodeEx
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
SetScrollRange
DdeGetData
InflateRect
SetMenuDefaultItem
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
GetProcessWindowStation
InvalidateRect
CheckDlgButton
WaitMessage
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
PtInRect
DrawIconEx
GetMessageTime
SetWindowTextW
SetTimer
DdeGetLastError
RemovePropW
BringWindowToTop
ClientToScreen
PostMessageW
DrawIcon
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
BeginDeferWindowPos
ValidateRect
IsDialogMessageW
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetMenuItemID
InsertMenuW
SetForegroundWindow
GetClientRect
NotifyWinEvent
GetMenuItemInfoW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
SetLayeredWindowAttributes
GetScrollInfo
HideCaret
DeferWindowPos
CreateAcceleratorTableW
GetCapture
ScreenToClient
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DdeCreateDataHandle
ShowScrollBar
MessageBoxW
DdeUninitialize
UnhookWindowsHookEx
SetRectEmpty
DdePostAdvise
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
DispatchMessageW
RegisterClipboardFormatW
SetScrollInfo
CopyImage
EndDeferWindowPos
GetWindowRgn
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
DefFrameProcW
ShowOwnedPopups
WinHelpW
GetDesktopWindow
SubtractRect
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
CallWindowProcW
GetClassNameW
TranslateMDISysAccel
ModifyMenuW
IsRectEmpty
IsMenu
GetFocus
EnableWindow
CloseClipboard
GetDlgItem
IsWindowVisible
SetCursor
SetMenu
TranslateAcceleratorW
PlaySoundW
DocumentPropertiesW
ClosePrinter
OpenPrinterW
htonl
shutdown
accept
ioctlsocket
WSAStartup
connect
getsockname
htons
WSASetLastError
select
gethostname
getsockopt
closesocket
ntohl
inet_addr
send
ntohs
WSAGetLastError
gethostbyaddr
listen
__WSAFDIsSet
WSACleanup
gethostbyname
getpeername
recv
setsockopt
socket
bind
recvfrom
sendto
getservbyname
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipDisposeImage
GdipBitmapUnlockBits
GdiplusStartup
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipGetImagePaletteSize
GdipDrawImageI
GdipDrawImageRectI
GdipSetInterpolationMode
GdipFree
GdipGetImageHeight
GdipCloneImage
GdipGetImageGraphicsContext
CreateStreamOnHGlobal
OleLockRunning
OleCreateMenuDescriptor
CoInitialize
CoTaskMemAlloc
CoInitializeEx
ReleaseStgMedium
CoCreateGuid
OleTranslateAccelerator
CoCreateInstance
CoLockObjectExternal
OleDestroyMenuDescriptor
DoDragDrop
IsAccelerator
CoUninitialize
RevokeDragDrop
OleGetClipboard
OleDuplicateData
CoTaskMemFree
RegisterDragDrop
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 14
RT_ICON 4
RT_DIALOG 3
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 52
CHINESE TRADITIONAL 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.0.907

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
926720

EntryPoint
0x1deadb

OriginalFileName
QGetServer.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2011

FileVersion
2,1,0,907

TimeStamp
2011:09:07 12:41:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
QGetServer

ProductVersion
2,1,0,0

FileDescription
QGetServer MFC Application

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
2185216

ProductName
QGetServer Application

ProductVersionNumber
2.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c68cde9aeea2f663ea407e14d196c5f6
SHA1 1bfdf411711b19b272cc524c19f3056ddad84100
SHA256 f5ef5c6ace2b0ec5ec6387b6e7f5baca6b32548ba473d3d16e886fbed93dcd92
ssdeep
49152:QHt5rS3TicXSsE2PyE6I7SkEtrMAMn92oNPJVBbzkOOnC7ldeemC0LHRmnKt2lK/:YToVXSmyrIQtrMAC2oNPJVBbzkOOnCBM

authentihash 3810d735586cbb4a22c5b608d7b588e80b32eb091f774e3744a120d559bb2ca8
imphash d5d1465ff7b0e1c171488f7d65d68aee
File size 3.0 MB ( 3119728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-07-25 10:36:05 UTC ( 3 years, 9 months ago )
Last submission 2015-07-25 10:36:05 UTC ( 3 years, 9 months ago )
File names QGetServer.EXE
QGetServer.exe
QGetServer
QGetServer.exe
QGetServer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.