× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f529a4648d2a6fbf81101abe03c89de94a283a8eaf1b859a0a95c91e2a40711e
File name: yatqa-setup_3.6.1.exe
Detection ratio: 55 / 56
Analysis date: 2016-10-21 16:40:59 UTC ( 5 months, 1 week ago )
Antivirus Result Update
Ad-Aware Win32.Jeefo.B 20161021
AegisLab W32.W.Runouce.liJO 20161021
AhnLab-V3 Win32/Hidrag 20161021
ALYac Win32.Jeefo.B 20161021
Antiy-AVL Virus/Win32.Hidrag.a 20161021
Arcabit Win32.Jeefo.B 20161021
Avast Win32:Gardih 20161021
AVG Win32/Hidrag.A 20161021
Avira (no cloud) W32/Jeefo.A 20161021
AVware Virus.Win32.Jeefo.a (v) 20161021
Baidu Win32.Virus.Hidrag.a 20161021
BitDefender Win32.Jeefo.B 20161021
Bkav W32.SplitFileLTB.PE 20161021
CAT-QuickHeal W32.Jeefo.A 20161021
ClamAV Win.Trojan.Jeefo-3 20161021
CMC Virus.Win32.Hidrag!O 20161021
Comodo Win32.Jeefo.A 20161021
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Jeefo.OYRV-0749 20161021
DrWeb Win32.HLLP.Jeefo.36352 20161021
Emsisoft Win32.Jeefo.B (B) 20161021
ESET-NOD32 Win32/Jeefo.A 20161021
F-Prot W32/Jeefo.A 20161021
F-Secure Win32.Jeefo.B 20161021
Fortinet W32/Jeefo.A 20161021
GData Win32.Jeefo.B 20161021
Ikarus Virus.Win32.Hidrag 20161021
Invincea virus.win32.jeefo.a 20161018
Jiangmin Win32/Jeefo 20161021
K7AntiVirus Virus ( 00001b701 ) 20161021
K7GW Virus ( 00001b701 ) 20161021
Kaspersky Virus.Win32.Hidrag.a 20161021
Kingsoft Win32.HiDrag.a.363008 20161021
Malwarebytes Virus.Jeefo 20161021
McAfee W32/Jeefo.e 20161021
McAfee-GW-Edition BehavesLike.Win32.Jeefo.tc 20161021
Microsoft Virus:Win32/Jeefo.A 20161021
eScan Win32.Jeefo.B 20161021
NANO-Antivirus Virus.Win32.Hidrag.clfcen 20161021
nProtect Virus/W32.Hidrag 20161021
Panda Generic Malware 20161021
Qihoo-360 Virus.Win32.Jeefo.A 20161021
Sophos W32/Jeefo-A 20161021
Symantec W32.Jeefo 20161021
Tencent Virus.Win32.Jeefo.b 20161021
TheHacker W32/Jeefo.gen 20161020
TotalDefense Win32/Jeefo.A 20161021
TrendMicro PE_JEEFO.E 20161021
TrendMicro-HouseCall PE_JEEFO.E 20161021
VBA32 Virus.Jeefo 20161021
VIPRE Virus.Win32.Jeefo.a (v) 20161021
ViRobot Win32.Hidrag[h] 20161021
Yandex Win32.Hidrag 20161021
Zillya Virus.Jeefo.Win32.1 20161021
Zoner Win32.Jeefo.A 20161021
Alibaba 20161021
Rising 20161021
SUPERAntiSpyware 20161021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD W32.Jeefo (PE File Infector)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-24 15:00:00
Entry Point 0x000011F0
Number of sections 5
PE sections
Overlays
MD5 150b08937fd1032b6f0a92d4c243d3e7
File type data
Offset 54272
Size 1275189
Entropy 8.00
PE imports
CloseServiceHandle
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
RegSetValueExA
StartServiceA
RegCreateKeyExA
DeleteService
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetLastError
ReadFile
GetFileAttributesA
CreateMutexA
WaitForSingleObject
GetDriveTypeA
CopyFileA
ExitProcess
TlsAlloc
GetVersionExA
FlushFileBuffers
LoadLibraryA
GetModuleFileNameA
GetStartupInfoA
GetCurrentDirectoryA
SetFileTime
GetWindowsDirectoryA
GetCommandLineA
GetProcAddress
GetFileTime
SetFilePointer
GetTempPathA
SetEndOfFile
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
FindNextFileA
SetFileAttributesA
CreateProcessA
FindClose
TlsGetValue
Sleep
ReleaseMutex
TlsSetValue
CreateFileA
InterlockedIncrement
rand
malloc
__p__environ
memset
strcat
atexit
abort
_setmode
_assert
_fmode
_cexit
_fileno
srand
free
__getmainargs
memcpy
signal
strcpy
time
fprintf
__set_app_type
strcmp
_fpreset
_iob
Number of PE resources by type
RT_ICON 7
RT_DIALOG 6
RT_BITMAP 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2001:08:24 16:00:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
33280

LinkerVersion
2.55

FileTypeExtension
exe

InitializedDataSize
4608

SubsystemVersion
4.0

EntryPoint
0x11f0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
1024

PE resource-wise parents
File identification
MD5 2f60f54139b37a1d4e29e426da811bcb
SHA1 a7b455fdb0ffb90da00cf8729ccbdf32b17fbcab
SHA256 f529a4648d2a6fbf81101abe03c89de94a283a8eaf1b859a0a95c91e2a40711e
ssdeep
24576:2a3IEzHQirLetWMb2Uu1v29Z6hf9T5elM6/S06EZftwUwVvcVxCn+KPqPd:tHQeUb4s6hdMM6aiZmVvUxCn+cql

authentihash 7737151975a02ecaef8144b092bc30671a19927610f033d2861a1be107176c1f
imphash d7401947d3623a2199a2114d62923cd5
File size 1.3 MB ( 1329461 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID MinGW32 C/C++ Executable (76.3%)
Win32 Executable MS Visual C++ (generic) (9.7%)
Win64 Executable (generic) (8.5%)
Win32 Dynamic Link Library (generic) (2.0%)
Win32 Executable (generic) (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-21 16:40:59 UTC ( 5 months, 1 week ago )
Last submission 2016-10-21 16:40:59 UTC ( 5 months, 1 week ago )
File names yatqa-setup_3.6.1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications