× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff88fed3096a378e8090713732e4f7ba9cafaa05cbfe66599e75ad0acbb3f481
File name: ff88fed3096a378e8090713732e4f7ba9cafaa05cbfe66599e75ad0acbb3f481
Detection ratio: 19 / 67
Analysis date: 2019-04-11 20:55:40 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190409
AegisLab Hacktool.Win32.Krap.lKMc 20190411
Avast Win32:Trojan-gen 20190411
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.82a6da 20190403
DrWeb Trojan.Emotet.678 20190411
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GPCF 20190411
FireEye Generic.mg.b078476f36b16e53 20190411
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 005187d11 ) 20190411
K7GW Trojan ( 005187d11 ) 20190411
Microsoft Trojan:Win32/Emotet.LK!ml 20190411
Qihoo-360 HEUR/QVM20.1.75E3.Malware.Gen 20190411
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgOvXLOKhGl1XQ) 20190411
SentinelOne (Static ML) DFI - Malicious PE 20190407
Sophos AV Mal/Emotet-Q 20190411
Trapmine malicious.high.ml.score 20190325
VBA32 Malware-Cryptor.General.3 20190411
Ad-Aware 20190411
AhnLab-V3 20190411
Alibaba 20190402
ALYac 20190411
Antiy-AVL 20190411
Arcabit 20190411
Avast-Mobile 20190411
AVG 20190411
Avira (no cloud) 20190411
Babable 20180918
Baidu 20190318
BitDefender 20190411
Bkav 20190410
CAT-QuickHeal 20190411
ClamAV 20190411
CMC 20190321
Comodo 20190411
Cyren 20190411
eGambit 20190411
Emsisoft 20190411
F-Secure 20190411
Fortinet 20190411
GData 20190411
Ikarus 20190411
Jiangmin 20190411
Kaspersky 20190411
Kingsoft 20190411
Malwarebytes 20190411
MAX 20190411
McAfee 20190411
McAfee-GW-Edition 20190411
eScan 20190411
NANO-Antivirus 20190411
Palo Alto Networks (Known Signatures) 20190411
Panda 20190411
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190411
Tencent 20190411
TheHacker 20190411
TotalDefense 20190411
TrendMicro-HouseCall 20190411
Trustlook 20190411
VIPRE 20190411
ViRobot 20190411
Yandex 20190411
Zillya 20190410
ZoneAlarm by Check Point 20190411
Zoner 20190411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

Product 360 Total Security
Original name QHSafeTray.exe
Internal name QHSafeTray
File version 9,0,0,1006
Description 360 Total Security
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 11:51 PM 4/13/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-11 20:49:56
Entry Point 0x00001160
Number of sections 4
PE sections
Overlays
MD5 89774d81c3bb27037f85d294cb9dc710
File type data
Offset 283136
Size 3384
Entropy 7.35
PE imports
RegOpenKeyA
RegQueryValueExA
_TrackMouseEvent
SetThreadLocale
GetComputerNameExW
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
lstrcmpA
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
SetEvent
GetDriveTypeA
FindFirstFileW
HeapDestroy
DebugBreak
SetFileTime
IsValidLocale
QueueUserAPC
GetFileAttributesW
lstrcmpW
GetLocalTime
GetStdHandle
VirtualAllocEx
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
Module32First
SetErrorMode
UnhandledExceptionFilter
WritePrivateProfileStringW
FreeEnvironmentStringsW
MultiByteToWideChar
lstrcatW
lstrcpyA
GetLocaleInfoW
SetFileAttributesA
GetFileTime
GetTempPathA
lstrcpynW
lstrcmpiA
GetCPInfo
GetOverlappedResult
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
BackupRead
FindResourceExW
GetTimeZoneInformation
WaitForSingleObject
GetSystemTimeAsFileTime
SetThreadAffinityMask
SizeofResource
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
GetLogicalDriveStringsA
SetWaitableTimer
GetEnvironmentVariableA
LoadResource
GlobalHandle
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
QueueUserWorkItem
EncodePointer
OutputDebugStringA
VirtualQuery
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
InitializeCriticalSection
CopyFileW
SystemTimeToFileTime
WriteProcessMemory
ReadFile
OutputDebugStringW
GetModuleFileNameW
TryEnterCriticalSection
SetConsoleCursorPosition
SetHandleInformation
CopyFileA
ExitProcess
GetVersionExA
lstrcpyW
GetModuleFileNameA
FlushViewOfFile
LoadLibraryA
RaiseException
HeapSetInformation
EnumSystemLocalesA
LockFileEx
Process32FirstW
SetConsoleCtrlHandler
GetUserDefaultLCID
SetHandleCount
GetVolumeInformationW
LoadLibraryExW
GetTempFileNameA
SetEnvironmentVariableW
SetProcessAffinityMask
FlushInstructionCache
GetPrivateProfileStringW
MoveFileW
CreateMutexA
GetModuleHandleA
SetFileAttributesW
InterlockedExchangeAdd
CreateThread
GetSystemDirectoryW
MoveFileExW
GetSystemDefaultUILanguage
DeleteCriticalSection
GetExitCodeThread
SetNamedPipeHandleState
GlobalAddAtomA
CreateSemaphoreW
CreateMutexW
MulDiv
IsProcessorFeaturePresent
SetThreadExecutionState
GetFileInformationByHandle
ExitThread
DecodePointer
SetEnvironmentVariableA
SetPriorityClass
Module32Next
MoveFileA
GetDiskFreeSpaceExA
SearchPathW
WriteConsoleA
GetVersion
SetCurrentDirectoryW
lstrlenW
GlobalAlloc
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
BackupSeek
GetCurrentThreadId
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
CloseHandle
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
Process32First
TerminateThread
lstrcpynA
LoadLibraryW
OpenThread
GetVersionExW
FreeLibrary
QueryPerformanceCounter
ReadConsoleInputA
GetTickCount
IsBadWritePtr
TlsAlloc
ReadConsoleOutputCharacterA
VirtualProtect
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
GetSystemDirectoryA
Process32Next
GlobalFindAtomW
GlobalSize
UnlockFileEx
GetStartupInfoA
GetDateFormatA
FlushConsoleInputBuffer
GetWindowsDirectoryW
MoveFileExA
GetFileSize
LCMapStringW
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetConsoleScreenBufferInfo
GetProcessHeap
GetTempFileNameW
CreateWaitableTimerW
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
RemoveDirectoryW
ExpandEnvironmentStringsW
Toolhelp32ReadProcessMemory
FindFirstFileExA
FindNextFileW
WaitForSingleObjectEx
WaitNamedPipeA
LocalSize
WaitForMultipleObjectsEx
HeapValidate
CompareStringA
FreeConsole
GetComputerNameA
FindNextFileA
GlobalMemoryStatus
DuplicateHandle
SearchPathA
ExpandEnvironmentStringsA
CreateFileMappingW
SetVolumeLabelW
GetTempPathW
GetProcessAffinityMask
CreateEventW
CreateFileW
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetNativeSystemInfo
GetLastError
IsValidCodePage
DosDateTimeToFileTime
GetComputerNameW
GetShortPathNameW
SetConsoleMode
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
WideCharToMultiByte
LCMapStringA
HeapReAlloc
GetTimeFormatW
IsDebuggerPresent
GetThreadLocale
RedrawWindow
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetMenu
UnregisterClassA
UnregisterClassW
GetClassInfoW
SetWindowContextHelpId
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetTopWindow
GetWindowTextW
GetActiveWindow
GetMenuItemID
PtInRect
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
GetWindowPlacement
LoadStringW
SetWindowLongW
IsIconic
GetSubMenu
SetTimer
IsDialogMessageW
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
MapWindowPoints
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcW
ReleaseCapture
KillTimer
GetParent
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
SetCapture
DrawIcon
IntersectRect
SendDlgItemMessageW
PostMessageW
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
LoadCursorA
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
DispatchMessageW
SetForegroundWindow
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
EndDialog
ModifyMenuW
GetCapture
MessageBeep
SetFocus
GetWindowThreadProcessId
MessageBoxW
SendMessageW
UnhookWindowsHookEx
MoveWindow
GetWindowDC
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpW
SystemParametersInfoW
SetRect
CallWindowProcW
GetClassNameW
DestroyWindow
GetClientRect
ValidateRect
GetFocus
wsprintfW
SetCursor
RemovePropW
Number of PE resources by type
RT_ICON 26
RT_GROUP_ICON 8
RT_VERSION 5
RT_RCDATA 2
RT_MENU 1
FILE 1
Number of PE resources by language
ENGLISH US 39
TURKISH DEFAULT 1
CHINESE TRADITIONAL 1
PORTUGUESE BRAZILIAN 1
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.0.0.1006

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x003f

FileDescription
360 Total Security

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
273920

EntryPoint
0x1160

OriginalFileName
QHSafeTray.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017

FileVersion
9,0,0,1006

TimeStamp
2019:04:11 22:49:56+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
QHSafeTray

ProductVersion
9,0,0,1006

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
QIHU 360 SOFTWARE CO. LIMITED

CodeSize
8192

ProductName
360 Total Security

ProductVersionNumber
9.0.0.1006

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b078476f36b16e532a03a99117312e59
SHA1 580309982a6da710b2a526dd4a0c04a1adc4ab94
SHA256 ff88fed3096a378e8090713732e4f7ba9cafaa05cbfe66599e75ad0acbb3f481
ssdeep
6144:jKECmx7H9i7+iNINAS+S/9M4Fea4qZAU0rZpXm:xCmx7Hg7+jW4o2AU0rZVm

authentihash 02ea459dc6b8a74445cf3c9fa7ae9218babfdcd7939f42a8d0fd507c2605da33
imphash 4de8a2bb8ebdd10447711935e84b7cf2
File size 279.8 KB ( 286520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-04-11 20:55:40 UTC ( 1 month, 1 week ago )
Last submission 2019-04-11 20:55:40 UTC ( 1 month, 1 week ago )
File names QHSafeTray.exe
QHSafeTray
1OUPp3hPgZ.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections