× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: d44a5f262ccb43f72ee2afde3e3ff2a55bbb3db5837bfa8aac2e8d7195014d8b
Dateiname: hidden-tear.exe
Erkennungsrate: 53 / 60
Analyse-Datum: 2017-06-07 00:07:36 UTC ( vor 1 Jahr, 7 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Trojan.Ransom.HiddenTear.H 20170607
AegisLab Troj.Ransom.Msil!c 20170606
AhnLab-V3 Trojan/Win32.Agent.C951401 20170606
ALYac Trojan.Ransom.HiddenTear 20170607
Arcabit Trojan.Ransom.HiddenTear.H 20170606
Avast MSIL:Filecoder-W [Trj] 20170606
AVG Ransom.HiddenTear 20170606
Avira (no cloud) TR/Strictor.211968.6 20170607
AVware Trojan.Win32.Generic!BT 20170606
BitDefender Trojan.Ransom.HiddenTear.H 20170606
Bkav W32.Clodd7f.Trojan.3e6c 20170606
CAT-QuickHeal Ransom.Ryzerlo.A3 20170606
Comodo TrojWare.MSIL.Ransom.Filecoder.~S 20170606
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/S-9f9d40c6!Eldorado 20170607
DrWeb Trojan.Encoder.10598 20170607
Emsisoft Trojan.Ransom.HiddenTear.H (B) 20170607
Endgame malicious (high confidence) 20170515
ESET-NOD32 a variant of MSIL/Filecoder.Y 20170606
F-Prot W32/S-9f9d40c6!Eldorado 20170606
F-Secure Trojan.Ransom.HiddenTear.H 20170606
Fortinet MSIL/Filecoder.Y!tr 20170606
GData MSIL.Trojan-Ransom.Cryptear.A 20170606
Ikarus Trojan-Ransom.HiddenTear 20170606
Jiangmin Trojan/MSIL.gitt 20170606
K7AntiVirus Trojan ( 004cd5d01 ) 20170606
K7GW Trojan ( 004cd5d01 ) 20170606
Kaspersky Trojan-Ransom.MSIL.Tear.a 20170607
Malwarebytes Ransom.HiddenTear 20170607
McAfee Ransomware-FAL!412F1B66437E 20170606
McAfee-GW-Edition Ransomware-FAL!412F1B66437E 20170606
Microsoft Ransom:MSIL/Ryzerlo.A 20170606
eScan Trojan.Ransom.HiddenTear.H 20170606
NANO-Antivirus Trojan.Win32.Ransom.dvobti 20170606
Palo Alto Networks (Known Signatures) generic.ml 20170607
Panda Trj/CI.A 20170606
Qihoo-360 Trojan.Generic 20170607
Rising Trojan.Generic (cloud:hsTyAY9hrYR) 20170606
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Troj/HTRansom-B 20170606
SUPERAntiSpyware Ransom.HT/Variant 20170606
Symantec Ransom.HiddenTear 20170606
Tencent Win32.Trojan.Fakedoc.Auto 20170607
TheHacker Trojan/Filecoder.y 20170605
TrendMicro Ransom_CRYPTEAR.A 20170606
TrendMicro-HouseCall Ransom_CRYPTEAR.A 20170606
VBA32 Hoax.MSIL.Tear 20170606
VIPRE Trojan.Win32.Generic!BT 20170606
ViRobot Trojan.Win32.Z.Filecoder.211968.C[h] 20170606
Webroot Trojan.Drpoper.Gen 20170607
Yandex Trojan.Filecoder!BuE+SO+hpQc 20170606
Zillya Trojan.Filecoder.Win32.679 20170606
ZoneAlarm by Check Point Trojan-Ransom.MSIL.Tear.a 20170607
Alibaba 20170606
Baidu 20170601
ClamAV 20170606
CMC 20170606
Sophos ML 20170604
Kingsoft 20170607
nProtect 20170606
Symantec Mobile Insight 20170606
Trustlook 20170607
WhiteArmor 20170601
Zoner 20170606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2015

Product hidden-tear
Original name hidden-tear.exe
Internal name hidden-tear.exe
File version 1.0.0.0
Description hidden-tear
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-16 13:57:58
Entry Point 0x0001CB6E
Number of sections 3
.NET details
Module Version ID c05a2dd3-8fd1-4a54-b0b9-37cdbff98202
TypeLib ID 7ab0dd04-43e0-4d89-be59-60a30b766467
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 8
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
hidden-tear

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
101888

EntryPoint
0x1cb6e

OriginalFileName
hidden-tear.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015

FileVersion
1.0.0.0

TimeStamp
2015:08:16 14:57:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hidden-tear.exe

ProductVersion
1.0.0.0

SubsystemVersion
6.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
109568

ProductName
hidden-tear

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 412f1b66437e5159fbd54cb7bb0c526e
SHA1 6cd761bda9dfb23f40c3d54c522c9f859c7fd308
SHA256 d44a5f262ccb43f72ee2afde3e3ff2a55bbb3db5837bfa8aac2e8d7195014d8b
ssdeep
3072:9M+lmsolAIrRuw+mqv9j1MWLQuktM+lmsolAIrRuw+mqv9j1MWLQ:W+lDAA9z+lDAA

authentihash 50d1ce34863c2f1dfed6f93d3da7d379f9b7b71839df2e7a737bb7a5966ae397
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 207.0 KB ( 211968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly via-tor

VirusTotal metadata
First submission 2015-08-17 14:14:35 UTC ( vor 3 Jahre, 5 Monate )
Last submission 2019-01-02 21:05:04 UTC ( vor 1 Woche, 6 Tage )
Dateinamen 1t1a5zvy.hk5
cpa1evdc.vd4
Colder.exe
HIDDEN-TEAR.EXE
zcku3k0t.1kf
Lembar.pdf.exe
xomtnt0t.cdy
p0ohebed.dl4
vk4reyvr.emc
lcq4wexg.umy
5xzeuwlx.udz
atuck3ck.e2t
3cz34kdw.jpo
x4m5m5jd.dng
erq44gud.5ah
knonweik.qug
3jdnz5ax.upa
gl1mquix.pjy
ot0svv4f.gjc
505owl51.ols
44amcvte.b0a
hidden-tear.exe
wogiptwy.cjo
n25esgim.ixu
d0ivw2jc.vgk
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!