× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e79fc0f192c4de0bccc58ada24e80f4dd9952d86d81c35fdb9672f301ad4b6d5
File name: ulcyrscnxcep.exe
Detection ratio: 4 / 55
Analysis date: 2016-03-01 02:00:17 UTC ( 2 ปี, 10 เดือน ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gc 20160301
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160301
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160225
Tencent Win32.Trojan.Bp-ransomware.Ejqz 20160301
Ad-Aware 20160229
AegisLab 20160229
Yandex 20160228
AhnLab-V3 20160229
Alibaba 20160229
ALYac 20160229
Antiy-AVL 20160229
Arcabit 20160301
Avast 20160301
AVG 20160301
Avira (no cloud) 20160301
AVware 20160301
Baidu-International 20160229
BitDefender 20160301
Bkav 20160229
ByteHero 20160301
CAT-QuickHeal 20160229
ClamAV 20160301
CMC 20160225
Comodo 20160229
Cyren 20160301
DrWeb 20160301
Emsisoft 20160229
ESET-NOD32 20160301
F-Prot 20160301
F-Secure 20160301
Fortinet 20160229
GData 20160301
Ikarus 20160229
Jiangmin 20160301
K7AntiVirus 20160229
K7GW 20160301
Kaspersky 20160229
Malwarebytes 20160301
McAfee 20160301
Microsoft 20160229
eScan 20160301
NANO-Antivirus 20160301
nProtect 20160229
Panda 20160229
Sophos AV 20160229
SUPERAntiSpyware 20160301
Symantec 20160229
TheHacker 20160227
TrendMicro 20160301
TrendMicro-HouseCall 20160301
VBA32 20160229
VIPRE 20160301
ViRobot 20160229
Zillya 20160229
Zoner 20160229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-01 01:45:08
Entry Point 0x00005000
Number of sections 8
PE sections
PE imports
OpenCluster
ImmDestroyContext
CreateThread
GetTapeStatus
GetFirmwareEnvironmentVariableA
SetFirmwareEnvironmentVariableA
DeleteTimerQueue
SetFilePointerEx
GlobalMemoryStatusEx
GetModuleFileNameA
HeapWalk
DsFreeSpnArrayA
VarCyFromI1
SetupBackupErrorA
wsprintfW
ChooseColorA
PageSetupDlgW
wcstoul
memcpy
isalnum
HMENU_UserUnmarshal
PdhGetCounterInfoW
CoInternetCombineUrl
Number of PE resources by type
RT_ICON 4
RT_STRING 4
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:03:01 02:45:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
9.0

EntryPoint
0x5000

InitializedDataSize
684032

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.1

UninitializedDataSize
0

File identification
MD5 45e37cc903d5ad72b5f12742aff2c4a8
SHA1 24fae0b1a1511bc1663bbee6e50ee6099701dff2
SHA256 e79fc0f192c4de0bccc58ada24e80f4dd9952d86d81c35fdb9672f301ad4b6d5
ssdeep
12288:0eqoU302QoF0hppS6R+kodLHblCJxfS6:0oAQJS6ckoJOR1

authentihash b43206a9f0b015129338087c39c79897555ccf2382ab2bcb4b8a947ec36e1eb8
imphash e272a8764d627c636f48efa5ad0b52af
File size 424.0 KB ( 434176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-01 02:00:17 UTC ( 2 ปี, 10 เดือน ago )
Last submission 2016-03-02 12:09:28 UTC ( 2 ปี, 10 เดือน ago )
File names lrfxnkuqenqk.exe
appqylesyxwx.exe
ulcyrscnxcep.exe
eeddrnhswuks.exe
poxgknkiiess.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications