× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01d3becf7f1abe4599b8c2f5153443d8b5e3ede50f65889939323b223ee2944a
File name: chrome.exe
Detection ratio: 47 / 68
Analysis date: 2017-11-28 16:34:37 UTC ( 5 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.ANL 20171128
AegisLab Troj.Ransom.Js!c 20171128
AhnLab-V3 Trojan/Win32.Ransom32.C1316158 20171128
ALYac Trojan.Ransom.Filecoder 20171128
Arcabit Trojan.Ransom.ANL 20171128
Avast BV:Ransom-M [Trj] 20171128
AVG BV:Ransom-M [Trj] 20171128
AVware Trojan.Win32.Generic.pak!cobra 20171128
BitDefender Trojan.Ransom.ANL 20171128
CAT-QuickHeal Ransom.Ransom32.G8 20171127
Comodo TrojWare.Win32.Ransom32.~I 20171128
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171128
Cyren W32/Ransom.WPWK-0798 20171128
DrWeb Trojan.Encoder.3463 20171128
Emsisoft Trojan.Ransom.ANL (B) 20171128
Endgame malicious (moderate confidence) 20171024
ESET-NOD32 Win32/Filecoder.NFR 20171128
F-Secure Trojan:W32/NomadSnore.A 20171128
Fortinet W32/Agent.944A!tr 20171128
GData Win32.Trojan-Ransom.Ransom32.A 20171128
Ikarus Trojan-Ransom.Win32.Ransom32 20171128
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 004db1d41 ) 20171128
K7GW Trojan ( 004db1d41 ) 20171128
Kaspersky Trojan-Ransom.JS.Ransom32.a 20171128
MAX malware (ai score=100) 20171128
McAfee Ransom-Node 20171128
McAfee-GW-Edition Ransom-Node 20171128
Microsoft Ransom:JS/Enrume.A 20171128
eScan Trojan.Ransom.ANL 20171128
NANO-Antivirus Trojan.Raw.Mlw.ebqwiu 20171128
nProtect Ransom/W32.Ransom32.47393225 20171128
Palo Alto Networks (Known Signatures) generic.ml 20171128
Panda Trj/CI.A 20171128
Qihoo-360 Win32/Sorter.AVE.Certificate.A 20171128
Sophos AV Troj/Ransom-BXH 20171128
Symantec Ransom.Ransom32 20171128
Tencent Win32.Trojan.Filecoder.Ambz 20171128
TrendMicro Ransom_CRYPTRITU.A 20171128
TrendMicro-HouseCall Ransom_CRYPTRITU.A 20171128
VBA32 Hoax.JS.Ransom32 20171128
VIPRE Trojan.Win32.Generic.pak!cobra 20171128
ViRobot Trojan.Win32.S.Ransom.47393225 20171128
Webroot W32.Trojan.Gen 20171128
Yandex Trojan.Filecoder!yCHUV5I3ums 20171120
ZoneAlarm by Check Point Trojan-Ransom.JS.Ransom32.a 20171128
Alibaba 20171128
Antiy-AVL 20171128
Avast-Mobile 20171128
Avira (no cloud) 20171128
Baidu 20171127
Bkav 20171128
ClamAV 20171128
CMC 20171126
CrowdStrike Falcon (ML) 20171016
eGambit 20171128
F-Prot 20171128
Jiangmin 20171128
Kingsoft 20171128
Malwarebytes 20171128
Rising 20171128
SentinelOne (Static ML) 20171113
SUPERAntiSpyware 20171128
Symantec Mobile Insight 20171124
TheHacker 20171126
TotalDefense 20171128
Trustlook 20171128
WhiteArmor 20171104
Zillya 20171128
Zoner 20171128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-29 06:30:17
Entry Point 0x01C9A552
Number of sections 8
PE sections
Overlays
MD5 e868b9ff06a00f7e588df8cef3f076d6
File type application/zip
Offset 46507008
Size 886217
Entropy 7.88
PE imports
RegCreateKeyExW
CryptDestroyKey
RegCloseKey
RegDeleteKeyW
ImpersonateAnonymousToken
CopySid
RegQueryValueExA
CryptSetHashParam
ReportEventW
GetTraceEnableFlags
InitializeAcl
LookupPrivilegeValueW
RegNotifyChangeKeyValue
GetSecurityInfo
RegDisablePredefinedCache
RegisterTraceGuidsW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
StartTraceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
DeregisterEventSource
DuplicateToken
RegOpenKeyExW
CreateProcessAsUserW
SystemFunction036
SetTokenInformation
CryptDestroyHash
RegOpenKeyExA
ControlTraceW
CryptGenKey
ConvertSidToStringSidW
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
GetTraceEnableLevel
CloseTrace
UnregisterTraceGuids
RegQueryInfoKeyW
SetEntriesInAclW
RegEnumKeyExW
CryptAcquireContextW
GetSecurityDescriptorSacl
CreateRestrictedToken
GetLengthSid
ConvertStringSidToSidW
TraceEvent
SetSecurityInfo
ProcessTrace
RegisterEventSourceW
RegDeleteValueW
RevertToSelf
RegSetValueExW
CryptSignHashW
CryptGetHashParam
RegEnumValueW
InitializeSecurityDescriptor
RegSetValueExA
CryptGenRandom
EqualSid
SetThreadToken
OpenTraceW
GetTraceLoggerHandle
InitCommonControlsEx
PrintDlgExW
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
CertEnumCertificatesInStore
CryptAcquireCertificatePrivateKey
CertFreeCertificateContext
CertCloseStore
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertSetCertificateContextProperty
CryptEncodeObjectEx
CryptExportPublicKeyInfoEx
CertFreeCertificateChainEngine
CertFindExtension
CryptSignAndEncodeCertificate
CertGetCertificateChain
CertOpenStore
CertAddEncodedCertificateToStore
CryptQueryObject
CertRDNValueToStrW
CryptDecodeObjectEx
CertCreateCertificateChainEngine
CertCompareCertificateName
CryptUnprotectData
CertAddSerializedElementToStore
CryptProtectData
CertFreeCertificateChain
CryptFindOIDInfo
CertGetPublicKeyLength
CryptHashCertificate
SetDIBits
PlayEnhMetaFileRecord
GetCharABCWidthsW
GetTextMetricsW
SetMapMode
SetTextAlign
PathToRegion
GetTextExtentPointI
StretchBlt
SetWorldTransform
GetTextFaceW
EqualRgn
AddFontMemResourceEx
GetDIBits
SetPixelFormat
GetEnhMetaFileBits
GdiAlphaBlend
StretchDIBits
SwapBuffers
GetGlyphIndicesW
SetBkColor
GetBkColor
SetRectRgn
DeleteEnhMetaFile
CombineRgn
CreateFontIndirectW
SetDCBrushColor
CreateRectRgnIndirect
EndPath
ExcludeClipRect
SetBkMode
ChoosePixelFormat
BitBlt
GetICMProfileW
CreateEnhMetaFileW
SetAbortProc
GetFontData
GetOutlineTextMetricsW
GetFontUnicodeRanges
CloseEnhMetaFile
SetROP2
ExtEscape
EnumEnhMetaFile
CancelDC
BeginPath
DeleteObject
SetGraphicsMode
SetStretchBltMode
GetDeviceCaps
CreateDCA
DeleteDC
EndDoc
GetWorldTransform
StartPage
GetObjectW
CreateDCW
ExtTextOutW
CreateBitmap
GetStockObject
PlayEnhMetaFile
GdiFlush
SelectClipRgn
EndPage
GetEnhMetaFileHeader
GetTextExtentPoint32W
GetGlyphOutlineW
GetRgnBox
SaveDC
RemoveFontMemResourceEx
SetEnhMetaFileBits
ModifyWorldTransform
SetDCPenColor
SetDIBitsToDevice
CreateDIBSection
SetTextColor
GetCurrentObject
EnumFontFamiliesExW
AbortPath
SetArcDirection
CreateCompatibleDC
CreateFontW
PolyBezier
SetBrushOrgEx
CreateRectRgn
SelectObject
SetPolyFillMode
RestoreDC
CreateSolidBrush
StartDocW
CreateCompatibleBitmap
ImmGetConversionStatus
ImmSetCompositionWindow
ImmNotifyIME
ImmSetConversionStatus
ImmAssociateContextEx
ImmGetContext
ImmDisableTextFrameService
ImmSetCandidateWindow
ImmGetIMEFileNameW
ImmReleaseContext
ImmSetOpenStatus
ImmGetCompositionStringW
GetAdaptersAddresses
CancelIPChangeNotify
NotifyAddrChange
GetVolumePathNameW
GetStdHandle
GetDriveTypeW
ReleaseMutex
InterlockedPopEntrySList
CreateFileMappingA
GetOverlappedResult
WaitForSingleObject
PurgeComm
CreateJobObjectW
EncodePointer
ReplaceFileW
SetConsoleCursorPosition
GetFileAttributesW
GetCommandLineW
DuplicateHandle
GetLocalTime
GetProcessId
GetFileSize
DeleteCriticalSection
HeapReAlloc
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
GetConsoleTitleW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetFilePointer
SetErrorMode
GetSystemDirectoryW
VerifyVersionInfoW
GetLogicalDrives
GetFileInformationByHandle
SetCommTimeouts
InitializeSListHead
FileTimeToSystemTime
GetLocaleInfoW
WaitCommEvent
SetStdHandle
GetCommModemStatus
GetTempPathA
lstrcmpiA
GetCPInfo
GetFileAttributesA
GetDiskFreeSpaceW
WriteFile
FormatMessageW
GetSystemTimeAsFileTime
SetConsoleCursorInfo
GetThreadTimes
GlobalMemoryStatusEx
GetDiskFreeSpaceA
GetStringTypeW
ConnectNamedPipe
GetFullPathNameA
SetEvent
LocalFree
MoveFileA
ResumeThread
GetExitCodeProcess
InterlockedPushEntrySList
GetEnvironmentVariableA
OutputDebugStringW
GetConsoleCursorInfo
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
QueueUserWorkItem
SignalObjectAndWait
OutputDebugStringA
VirtualQuery
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
ReadConsoleInputA
CopyFileW
WriteProcessMemory
LoadResource
GetModuleFileNameW
TryEnterCriticalSection
WaitNamedPipeW
RegisterWaitForSingleObject
HeapAlloc
FillConsoleOutputAttribute
GetModuleFileNameA
FillConsoleOutputCharacterW
QueryPerformanceFrequency
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
PeekNamedPipe
SetThreadPriority
DefineDosDeviceW
ReleaseSemaphore
CreateSemaphoreW
AllocConsole
SetInformationJobObject
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
TerminateJobObject
SetFilePointerEx
GlobalMemoryStatus
GetSystemPowerStatus
FlushInstructionCache
GetPrivateProfileStringW
MoveFileW
UnregisterWait
CreateRemoteThread
GetModuleHandleA
SetFileAttributesW
LockFileEx
CreateSemaphoreA
CreateThread
SetEnvironmentVariableW
MoveFileExW
TlsSetValue
RtlCaptureStackBackTrace
SetNamedPipeHandleState
SetUnhandledExceptionFilter
GetCurrentProcess
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ClearCommError
GetSystemDirectoryA
SetHandleInformation
DecodePointer
SetEnvironmentVariableA
GetNumberOfConsoleInputEvents
TerminateProcess
FindCloseChangeNotification
SearchPathW
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
VirtualQueryEx
WriteConsoleInputW
SetEndOfFile
GetUserGeoID
GetCurrentThreadId
GetProcAddress
GetModuleHandleExA
GetNumberFormatW
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetTimeZoneInformation
LoadLibraryW
SetConsoleMode
GetVersionExW
GetOEMCP
QueryPerformanceCounter
AttachConsole
GetTickCount
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
FreeLibrary
GlobalSize
UnlockFile
FlushConsoleInputBuffer
GetWindowsDirectoryW
IsProcessInJob
TzSpecificLocalTimeToSystemTime
AssignProcessToJobObject
GetUserDefaultLangID
OpenProcess
DeleteFileA
GetDateFormatW
SetCommMask
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetConsoleScreenBufferInfo
VirtualProtectEx
DebugBreak
GetProcessHeap
GetTempFileNameW
CreateWaitableTimerW
GetTimeFormatW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
GetSystemInfo
ResetEvent
GetTempFileNameA
GetComputerNameA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GlobalLock
EscapeCommFunction
ReadConsoleW
QueryInformationJobObject
GetNamedPipeHandleStateW
GetTempPathW
GetProcessAffinityMask
CreateEventW
ReadDirectoryChangesW
SetCommState
GetNamedPipeInfo
CreateFileW
GetThreadContext
IsDebuggerPresent
GetFileType
SetFileTime
CreateFileA
ExitProcess
GetCurrencyFormatW
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
InitializeCriticalSection
LCMapStringW
SystemTimeToFileTime
CreateFileMappingW
GetShortPathNameW
VirtualAllocEx
CreateNamedPipeW
GlobalFree
GetConsoleCP
FindResourceW
UnregisterWaitEx
CompareStringW
GetProcessTimes
GetThreadLocale
GetVolumeInformationW
GetEnvironmentStringsW
GlobalUnlock
GetCommState
CreateNamedPipeA
Sleep
FindFirstChangeNotificationW
Process32NextW
CreateProcessW
GetQueuedCompletionStatus
LockFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
ReadConsoleInputW
CreateIoCompletionPort
ProcessIdToSessionId
lstrlenW
WideCharToMultiByte
CancelIo
HeapSize
SetThreadAffinityMask
FindFirstFileExW
VerSetConditionMask
Process32FirstW
GetCurrentThread
SuspendThread
SetConsoleTitleW
RaiseException
GetDiskFreeSpaceExW
MapViewOfFile
TlsFree
GetGeoInfoA
ReadFile
GetComputerNameExW
RtlCaptureContext
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
SetThreadExecutionState
SwitchToThread
GetFileAttributesExW
GetLongPathNameW
DeviceIoControl
GetProcessHandleCount
lstrcmpiW
IsValidCodePage
UnmapViewOfFile
OpenEventW
PostQueuedCompletionStatus
VirtualFree
TransactNamedPipe
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
VirtualAlloc
CreateHardLinkW
LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject
VarUI4FromStr
SysStringLen
LoadRegTypeLib
VariantClear
SysAllocString
LoadTypeLib
SysFreeString
VariantInit
QueryWorkingSet
GetProcessMemoryInfo
EnumProcessModules
UuidCreateSequential
RpcStringFreeW
UuidToStringW
SHStrDupW
PathRemoveExtensionW
PathFindExtensionW
PathGetCharTypeW
PathFindFileNameW
InitializeSecurityContextA
CompleteAuthToken
AcquireCredentialsHandleA
DeleteSecurityContext
AcquireCredentialsHandleW
FreeContextBuffer
InitializeSecurityContextW
QuerySecurityPackageInfoW
FreeCredentialsHandle
CreateEnvironmentBlock
GetProfileType
DestroyEnvironmentBlock
ScriptPlace
ScriptFreeCache
ScriptStringAnalyse
ScriptStringFree
ScriptLayout
ScriptStringOut
ScriptXtoCP
ScriptGetFontProperties
ScriptShape
ScriptCPtoX
ScriptItemize
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinHttpGetIEProxyConfigForCurrentUser
midiOutLongMsg
timeKillEvent
waveOutReset
waveInOpen
waveOutUnprepareHeader
midiInOpen
waveOutPause
timeSetEvent
waveOutGetDevCapsW
timeBeginPeriod
timeEndPeriod
midiOutShortMsg
waveOutOpen
waveInPrepareHeader
midiInStart
waveInMessage
waveOutGetNumDevs
midiInReset
midiOutReset
waveInGetDevCapsW
midiOutGetDevCapsW
midiInGetDevCapsW
waveOutClose
midiInClose
waveInAddBuffer
timeGetTime
midiOutOpen
waveInClose
midiInGetNumDevs
waveOutRestart
midiInUnprepareHeader
waveInGetNumDevs
midiOutClose
midiInAddBuffer
midiOutGetNumDevs
midiOutPrepareHeader
midiInStop
waveOutPrepareHeader
waveInUnprepareHeader
midiOutUnprepareHeader
waveInStart
waveOutWrite
waveInReset
midiInPrepareHeader
DeviceCapabilitiesW
GetPrinterDriverW
DocumentPropertiesW
Ord(203)
EnumPrintersW
GetPrinterW
ClosePrinter
OpenPrinterW
getaddrinfo
htonl
getsockname
WSARecvFrom
WSARecv
accept
ioctlsocket
WSAStartup
freeaddrinfo
WSAWaitForMultipleEvents
shutdown
WSADuplicateSocketW
WSCEnumProtocols
htons
WSASetLastError
WSAGetLastError
gethostname
getsockopt
FreeAddrInfoW
closesocket
WSACloseEvent
ntohl
inet_addr
send
getservbyport
ntohs
select
WSALookupServiceEnd
WSASetServiceW
gethostbyaddr
listen
WSASocketW
__WSAFDIsSet
GetNameInfoW
WSAEventSelect
WSAGetOverlappedResult
gethostbyname
inet_ntoa
WSACreateEvent
recv
WSALookupServiceNextW
WSAIoctl
GetAddrInfoW
setsockopt
WSASetEvent
socket
WSALookupServiceBeginW
getpeername
bind
WSASendTo
recvfrom
WSAEnumNetworkEvents
WSAResetEvent
sendto
getservbyname
WSASend
connect
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
DhcpRequestParams
DhcpCApiInitialize
CoInitializeEx
OleUninitialize
CoUninitialize
OleInitialize
CreateStreamOnHGlobal
ReleaseStgMedium
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
DoDragDrop
GetHGlobalFromStream
RevokeDragDrop
PropVariantClear
OleDuplicateData
CLSIDFromString
CoTaskMemFree
RegisterDragDrop
CoTaskMemAlloc
CoInternetCreateSecurityManager
PE exports
Number of PE resources by type
RT_CURSOR 22
RT_GROUP_CURSOR 20
RT_ICON 9
RT_DIALOG 4
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 42
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:07:29 07:30:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36639232

LinkerVersion
12.0

EntryPoint
0x1c9a552

InitializedDataSize
10343424

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 e8a30ccef9157ba2ee04ba95cf782b4d
SHA1 59a7469ae77d719108f82eb36a0157d93c9555a2
SHA256 01d3becf7f1abe4599b8c2f5153443d8b5e3ede50f65889939323b223ee2944a
ssdeep
786432:IMdG8pjFcBosy6d6JmAwUg6V36SNNB7jffzbDlYmwXlxH:bfjFcBosPgJmARg6V6wNB7jffPBYhH

authentihash c57ec1e8573b6270e007a601cb5c65be61cca8626c9463f7b10933f4b68f911e
imphash ad47c169488b62977d3e607ba10a534f
File size 45.2 MB ( 47393225 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (83.0%)
Win32 Executable (generic) (9.0%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Tags
peexe overlay via-tor

VirusTotal metadata
First submission 2015-12-31 13:28:45 UTC ( 2 years, 4 months ago )
Last submission 2017-11-08 01:21:20 UTC ( 6 months, 2 weeks ago )
File names ai_downloaded_temp_file_dd5o7ros.exe
ai_downloaded_temp_file_ik0b3our.exe
ai_downloaded_temp_file_74qlmmxm.exe
ai_downloaded_temp_file_4gvzab9v.exe
ai_downloaded_temp_file_eosi36f9.exe
ai_downloaded_temp_file_qzto9faz.exe
ai_downloaded_temp_file_nsjhcv1p.exe
ai_downloaded_temp_file_gfw4swbc.exe
ai_downloaded_temp_file_evkaeiyh.exe
ai_downloaded_temp_file_vx9ig4dt.exe
ai_downloaded_temp_file_k68ku4fv.exe
ai_downloaded_temp_file_wrz565wq.exe
ai_downloaded_temp_file_cwtof6ia.exe
ai_downloaded_temp_file_r1myv3ny.exe
ai_downloaded_temp_file_hked7lkr.exe
ai_downloaded_temp_file_l4rdfdwj.exe
ai_downloaded_temp_file_boeyki7h.exe
ai_downloaded_temp_file_gypckeuq.exe
ai_downloaded_temp_file_0kxkh8bl.exe
ai_downloaded_temp_file_ealwpznl.exe
ai_downloaded_temp_file_lsjqe5wf.exe
ai_downloaded_temp_file_ouhbfkrh.exe
ai_downloaded_temp_file_5j34lim2.exe
ai_downloaded_temp_file_yr32guwj.exe
ai_downloaded_temp_file_tddfmv3e.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!