Executive Overview — What We’re Dealing With
This specimen has persisted long enough to matter. Human experts classified it as Malware, and the telemetry confirms a capable, evasive Trojan with real impact potential.
File
uj2qe.exe
Type
DOS Executable Borland Pascal 7.0x
SHA‑1
483a36fb9e4aef9704aa1e4edfb88c492dfe4140
MD5
3e7066e44132e64360a30974b6ea3671
First Seen
2026-06-05 16:47:45.704118
Last Analysis
2026-06-05 17:27:52.586061
Dwell Time
40 minutes
Extended Dwell Time Impact
For 40+ minutes, this malware was rapidly detected — demonstrating excellent security controls that intercepted the threat during initial execution phases, severely limiting adversary capabilities.
Comparative Context
Industry studies report a median dwell time closer to 21–24 days. This case represents extremely rapid detection within minutes.
Why It Matters
Every additional day of dwell time is not just an abstract number — it is attacker opportunity. Each day equates to more time for lateral movement, stealth persistence, and intelligence gathering.
Global Detection Posture — Who Caught It, Who Missed It
VirusTotal engines: 70. Detected as malicious: 52. Missed: 18. Coverage: 74.3%.
Detected Vendors
- Xcitium
- +51 additional vendors (names not provided)
List includes Xcitium plus an additional 18 vendors per the provided summary.
Missed Vendors
- Acronis
- CMC
- DrWeb
- google_safebrowsing
- Gridinsoft
- Jiangmin
- MaxSecure
- NANO-Antivirus
- Panda
- SentinelOne
- SUPERAntiSpyware
- TACHYON
- tehtris
- Trapmine
- VirIT
- Yandex
- ZoneAlarm
- Zoner
Why it matters: if any endpoint relies solely on a missed engine, this malware can operate with zero alerts. Prevention‑first controls close that gap regardless of signature lag.
MITRE ATT&CK Mapping
- T1083 – enumerate files on Windows
- T1129 – link function at runtime on Windows
- T1082 – query environment variable
- T1129 – parse PE header
