× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fcd6c4af5b6565d82319f460b6d26dd99c696caa3ea487814267b522a6e9a97d
File name: QAgent.exe
Detection ratio: 1 / 41
Analysis date: 2012-08-03 10:23:14 UTC ( 6 years, 6 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/RemoteAdmin.RemoteUtilities.A 20120803
AhnLab-V3 20120802
AntiVir 20120803
Antiy-AVL 20120803
Avast 20120803
AVG 20120803
BitDefender 20120803
ByteHero 20120801
CAT-QuickHeal 20120803
ClamAV 20120803
Commtouch 20120803
Comodo 20120803
DrWeb 20120803
Emsisoft 20120803
eSafe 20120802
F-Prot 20120803
F-Secure 20120803
Fortinet 20120803
GData 20120803
Ikarus 20120803
Jiangmin 20120803
K7AntiVirus 20120802
Kaspersky 20120803
McAfee 20120803
McAfee-GW-Edition 20120802
Microsoft 20120803
Norman 20120803
nProtect 20120803
Panda 20120803
Rising 20120803
Sophos AV 20120803
SUPERAntiSpyware 20120803
Symantec 20120803
TheHacker 20120801
TotalDefense 20120802
TrendMicro 20120803
TrendMicro-HouseCall 20120803
VBA32 20120803
VIPRE 20120803
ViRobot 20120803
VirusBuster 20120802
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2012 Usoris LLC. All rights reserved.

Product Remote Utilities
Original name Remote Utilities
File version 5.3
Description Remote Utilities
Signature verification Signed file, verified signature
Signing date 7:56 PM 7/26/2012
Signers
[+] Usoris Systems LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 11/24/2011
Valid to 1:00 PM 11/28/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 5BA5875C00404AED2CF75B2A80DAB9E8563A9F32
Serial number 03 EE 40 D5 6B 7E 36 3E 2E EC C7 05 0C 4C 0A 7E
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 4/4/2012
Valid to 1:00 AM 4/18/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 51AEC7BA27E71A65D36BE1125B6909EE031119AC
Serial number 03 8B 96 F0 70 D9 E2 1E 55 A5 42 67 92 E1 C8 3A
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0FFCEA9938D8B0645EBDFF9580FAF94B543913E7
Serial number 0A 04 DF 21 74 5D 4D 2B 8C EA 33 72 05 00 50 E9
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT 7Z
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-28 11:38:20
Entry Point 0x000121CF
Number of sections 4
PE sections
Overlays
MD5 6917c82ed0d041e5f6ae58f9c72fdb6e
File type data
Offset 143360
Size 3838936
Entropy 8.00
PE imports
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
StretchBlt
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
SetThreadLocale
GetLastError
SetCurrentDirectoryW
GetStdHandle
EnterCriticalSection
TerminateThread
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
SetEvent
MulDiv
FindNextFileW
SystemTimeToFileTime
FindResourceExA
ExpandEnvironmentStringsW
lstrlenW
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetSystemDefaultUILanguage
GetDriveTypeW
SizeofResource
CompareFileTime
GetDiskFreeSpaceExW
GetFileSize
LockResource
SetFileTime
GetCommandLineW
CreateThread
GetSystemDefaultLCID
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetLocaleInfoW
SuspendThread
RemoveDirectoryW
GetModuleHandleA
lstrcpyW
SetFileAttributesW
lstrcmpiA
WideCharToMultiByte
SetEnvironmentVariableW
SetFilePointer
GetSystemDirectoryW
ReadFile
GetTempPathW
ResetEvent
GetSystemTimeAsFileTime
FindFirstFileW
GlobalMemoryStatusEx
lstrcmpW
GetModuleHandleW
LoadLibraryA
LocalFree
FormatMessageW
ResumeThread
GetFileAttributesW
CreateEventW
GetExitCodeThread
lstrcmpiW
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
VirtualFree
FindClose
lstrcatW
Sleep
IsBadReadPtr
SetEndOfFile
CloseHandle
ExitProcess
GetProcAddress
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
_purecall
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
strncmp
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
__getmainargs
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
ClientToScreen
CharUpperW
MessageBoxA
GetSystemMenu
GetWindowDC
GetWindow
GetSysColor
DispatchMessageW
CopyImage
ReleaseDC
GetMenu
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
wsprintfA
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
LoadIconW
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 9
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.3.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0008

CharacterSet
Unicode

InitializedDataSize
71168

EntryPoint
0x121cf

OriginalFileName
Remote Utilities

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012 Usoris LLC. All rights reserved.

FileVersion
5.3

TimeStamp
2011:04:28 12:38:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.3

FileDescription
Remote Utilities

OSVersion
4.0

FileOS
Unknown (0x50004)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Usoris LLC

CodeSize
71680

ProductName
Remote Utilities

ProductVersionNumber
5.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4cce8489bcde6b112b680df037c9c48b
SHA1 f2267570da7f04531da5fc5fa573729f2d3d92ae
SHA256 fcd6c4af5b6565d82319f460b6d26dd99c696caa3ea487814267b522a6e9a97d
ssdeep
98304:V2mRLpMDeBgLiHun6YHoWLfenxxjddz8XWdbdVHfvZpGs:VJR+Sq+yoEGnxxjddgXSfvZpP

authentihash 0337f2f4fb3cc993f63544ca0623b793cf181500466eddbe6150c8c90800bc36
imphash c769210c368165fcb9c03d3f832f55eb
File size 3.8 MB ( 3982296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe armadillo signed overlay

VirusTotal metadata
First submission 2012-08-03 10:23:14 UTC ( 6 years, 6 months ago )
Last submission 2016-06-07 17:36:06 UTC ( 2 years, 8 months ago )
File names QAgent.exe
Remote Utilities
Assistenza3.exe
1343885043-quickconnect.exe
quickconnect.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.