× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 835f545c8bc48fb85aed1ea5608dc975195628755e54b3d8472a22adea6e4e28
Dateiname: chinese_ransomware.exe
Erkennungsrate: 11 / 56
Analyse-Datum: 2016-05-06 16:25:31 UTC ( vor 2 Jahre, 2 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Gen:Trojan.Heur.PT.hKW@b8ol!nmb 20160506
AegisLab Troj.W32.Swisyn.mBPi 20160506
Arcabit Trojan.Heur.PT.E76A2A 20160506
Avast Win32:Evo-gen [Susp] 20160506
BitDefender Gen:Trojan.Heur.PT.hKW@b8ol!nmb 20160506
Emsisoft Gen:Trojan.Heur.PT.hKW@b8ol!nmb (B) 20160503
F-Secure Gen:Trojan.Heur.PT.hKW@b8ol!nmb 20160506
GData Gen:Trojan.Heur.PT.hKW@b8ol!nmb 20160506
McAfee-GW-Edition BehavesLike.Win32.Virut.ct 20160506
eScan Gen:Trojan.Heur.PT.hKW@b8ol!nmb 20160506
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20160506
AhnLab-V3 20160506
Alibaba 20160506
ALYac 20160506
Antiy-AVL 20160506
AVG 20160506
Avira (no cloud) 20160506
AVware 20160506
Baidu 20160505
Baidu-International 20160506
Bkav 20160506
CAT-QuickHeal 20160506
ClamAV 20160506
CMC 20160506
Comodo 20160506
Cyren 20160506
DrWeb 20160506
ESET-NOD32 20160506
F-Prot 20160506
Fortinet 20160506
Ikarus 20160506
Jiangmin 20160506
K7AntiVirus 20160506
K7GW 20160506
Kaspersky 20160506
Kingsoft 20160506
Malwarebytes 20160506
McAfee 20160506
Microsoft 20160506
NANO-Antivirus 20160506
nProtect 20160504
Panda 20160506
Rising 20160506
Sophos AV 20160506
SUPERAntiSpyware 20160506
Symantec 20160506
Tencent 20160506
TheHacker 20160505
TrendMicro 20160506
TrendMicro-HouseCall 20160506
VBA32 20160505
VIPRE 20160506
ViRobot 20160506
Yandex 20160506
Zillya 20160506
Zoner 20160506
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-12 16:45:29
Entry Point 0x00004D22
Number of sections 9
PE sections
PE imports
CreateSolidBrush
wsprintfA
GetSystemMetrics
LoadIconA
GetWindowRect
EnableWindow
LoadStringA
DrawIcon
SendMessageA
LoadStringW
GetClientRect
IsIconic
MessageBoxA
InitCommonControlsEx
GetLastError
HeapCreate
WaitForSingleObject
SetEvent
lstrlen
CopyFileA
VirtualProtect
GetModuleFileNameA
FlushViewOfFile
LoadLibraryA
GetStartupInfoA
GetFileSize
DeleteFileA
lstrcat
GetWindowsDirectoryA
WaitForMultipleObjects
GetModuleHandleA
GetTempPathA
CreateThread
MapViewOfFile
SetFilePointer
lstrcpy
WriteFile
FindFirstFileA
ReadFile
GetSystemTimeAsFileTime
CreateFileMappingA
FindNextFileA
MoveFileExA
GetProcAddress
GetDriveTypeA
lstrcmpi
GetLogicalDriveStringsA
UnmapViewOfFile
VirtualFree
CreateEventA
FindClose
Sleep
IsBadReadPtr
SetEndOfFile
CreateFileA
VirtualAlloc
SetCurrentDirectoryA
CloseHandle
Ord(1775)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(2486)
Ord(1679)
Ord(3876)
Ord(2124)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3721)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(6215)
Ord(4441)
Ord(795)
Ord(815)
Ord(641)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5300)
Ord(1011)
Ord(5199)
Ord(567)
Ord(4003)
Ord(609)
Ord(258)
Ord(4476)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(4234)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(3574)
Ord(4424)
Ord(2623)
Ord(1134)
Ord(2554)
Ord(6376)
Ord(4224)
Ord(1727)
Ord(1776)
Ord(2379)
Ord(2725)
Ord(656)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(6375)
Ord(3953)
Ord(2116)
Ord(3262)
Ord(1576)
Ord(3873)
Ord(4299)
Ord(5065)
Ord(4407)
Ord(2876)
Ord(1016)
Ord(6117)
Ord(3346)
Ord(2396)
Ord(6374)
Ord(5280)
Ord(2078)
Ord(4486)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4376)
Ord(3402)
Ord(324)
Ord(3830)
Ord(2385)
Ord(4396)
Ord(2089)
Ord(2055)
Ord(4837)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(1816)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4698)
Ord(5163)
Ord(6199)
Ord(4673)
Ord(5302)
Ord(5731)
rand
__p__fmode
??1type_info@@UAE@XZ
srand
__dllonexit
strtoul
_except_handler3
_onexit
exit
_XcptFilter
strrchr
__setusermatherr
_controlfp
_adjust_fdiv
_acmdln
memset
__p__commode
??3@YAXPAX@Z
memcpy
__getmainargs
_exit
_setmbcp
_initterm
__set_app_type
LdrAccessResource
LdrFindResource_U
SHGetSpecialFolderPathA
ShellExecuteA
PathFileExistsA
Number of PE resources by type
RT_DIALOG 2
RT_BITMAP 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:12:12 17:45:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
17408

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
29696

SubsystemVersion
5.0

EntryPoint
0x4d22

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 19d18ad30421a1386d8a600f53d331de
SHA1 0d73ab927fb7490c42945bc836e8a53ddf0218b8
SHA256 835f545c8bc48fb85aed1ea5608dc975195628755e54b3d8472a22adea6e4e28
ssdeep
1536:6Md7Or8JJrXZzMTeTHwTs9S4AT4NOWQtuxnpOc3Rp:6Md7OQTZzHwTnyNE2p

authentihash f103fbecb528adcb1309b037fb909ecdaf7ce08b1d081f1c5e02396f89d368ea
imphash 2ee6e31c0ab988cc34a7ef001abba3e4
File size 116.5 KB ( 119260 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-06 16:25:31 UTC ( vor 2 Jahre, 2 Monate )
Last submission 2016-05-17 15:50:28 UTC ( vor 2 Jahre, 1 Monat )
Dateinamen chinese_ransomware.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications