× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: e9981527fade0266ec18c73bf3cb066738ed12c3c3530a30a2e56a790d180107
Име на файла: eusukll.exe
Съотношение на разпознаване: 15 / 65
Дата на анализиране: 2017-09-07 11:35:48 UTC (преди 1 година, 8 месеци) Преглед на последния
Антивирусен софтуер Резултат Версия на обновление
Avast FileRepMetagen [Malware] 20170907
AVG FileRepMetagen [Malware] 20170907
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170907
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170907
Endgame malicious (high confidence) 20170821
GData Win32.Trojan-Ransom.Locky.DO 20170907
Sophos ML heuristic 20170822
McAfee-GW-Edition BehavesLike.Win32.Ransomware.jc 20170907
Palo Alto Networks (Known Signatures) generic.ml 20170907
Qihoo-360 HEUR/QVM20.1.AF53.Malware.Gen 20170907
Symantec ML.Attribute.HighConfidence 20170907
TrendMicro Ransom_CERBER.SMALY0 20170907
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170907
WhiteArmor Malware.HighConfidence 20170829
Ad-Aware 20170907
AegisLab 20170907
AhnLab-V3 20170907
ALYac 20170907
Antiy-AVL 20170907
Arcabit 20170907
Avira (no cloud) 20170907
AVware 20170906
BitDefender 20170907
Bkav 20170907
CAT-QuickHeal 20170907
ClamAV 20170907
CMC 20170902
Comodo 20170907
Cyren 20170907
DrWeb 20170907
Emsisoft 20170907
ESET-NOD32 20170907
F-Prot 20170907
F-Secure 20170907
Fortinet 20170907
Ikarus 20170907
Jiangmin 20170907
K7AntiVirus 20170907
K7GW 20170907
Kaspersky 20170907
Kingsoft 20170907
Malwarebytes 20170907
MAX 20170907
McAfee 20170907
Microsoft 20170907
eScan 20170907
NANO-Antivirus 20170907
nProtect 20170907
Panda 20170906
Rising 20170901
SentinelOne (Static ML) 20170806
Sophos AV 20170907
SUPERAntiSpyware 20170907
Symantec Mobile Insight 20170907
Tencent 20170907
TheHacker 20170904
TotalDefense 20170907
Trustlook 20170907
VBA32 20170907
VIPRE 20170907
ViRobot 20170907
Webroot 20170907
Yandex 20170906
Zillya 20170907
ZoneAlarm by Check Point 20170907
Zoner 20170907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-24 11:48:16
Entry Point 0x0000A59A
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegReplaceKeyA
RegLoadKeyA
OpenEventLogA
ClearEventLogA
LogonUserA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
InitializeSid
CryptSignHashA
CAEnumFirstCA
CADeleteCA
CAEnumNextCA
CACloseCA
CACloseCertType
CryptHashMessage
CertFreeCTLContext
CertGetNameStringA
CertOpenStore
CertDuplicateStore
CryptMemRealloc
CryptSignMessage
CryptMsgUpdate
CryptDecodeMessage
CertFindExtension
CryptProtectData
CertDuplicateCTLContext
CryptFindOIDInfo
CertFindCTLInStore
CertCreateCRLContext
InterlockedExchange
GetTempPathA
GetConsoleAliasA
MapViewOfFile
Heap32First
GetModuleHandleA
GetProfileSectionW
WaitForSingleObject
OpenEventW
GetOEMCP
LoadLibraryExW
OpenWaitableTimerW
CreateFileMappingA
GetProcAddress
MoveFileExA
MprInfoBlockAdd
MprAdminConnectionEnum
MprAdminBufferFree
MprInfoBlockFind
PathCommonPrefixW
PathAppendA
PathIsURLA
UrlCompareA
PathIsRootA
UrlCombineA
UrlIsNoHistoryA
UrlHashA
UrlCanonicalizeW
UrlGetPartA
UrlGetLocationA
PathCombineW
GetMessageA
LoadMenuA
LoadCursorA
wsprintfA
DrawStateA
LoadBitmapW
PostMessageA
LoadStringW
PeekMessageA
InsertMenuW
DialogBoxParamA
GetDlgItemTextW
GetPropA
CreateDesktopW
GetClassLongA
CharToOemA
Number of PE resources by type
RT_RCDATA 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:24 12:48:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
59392

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xa59a

InitializedDataSize
609280

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 94e09df541b09800a69d6fde7d33714e
SHA1 d0e569b13c24e90e089b34eaa7205737187e18eb
SHA256 e9981527fade0266ec18c73bf3cb066738ed12c3c3530a30a2e56a790d180107
ssdeep
12288:njmKoJ9Lv7w9/X/cqujXisFagbSn7Iu+Oyj6IS4fGY9+HcmH:nxobS/XfuDisAgbeUup4OY9+F

authentihash b3bad1701ed7a5916926cee244f58ddc96d09a00c2f0725a30c247e85221b3ad
imphash 11655b86788e0a31e09187487014ca31
File size 654.0 KB ( 669696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-07 11:35:48 UTC (преди 1 година, 8 месеци)
Last submission 2018-05-22 16:51:55 UTC (преди 1 година)
Имена на файла lxkrroc.exe
eusukll.exe
2017-09-07-Locky-binary-AppData-Roaming-scareGT.exe
eusukll.exe
94e09df541b09800a69d6fde7d33714e.vir
e9981527fade0266ec18c73bf3cb066738ed12c3c3530a30a2e56a790d180107
94e09df541b09800a69d6fde7d33714e.vir
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections