× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01ee6a4aa5ed27141a18b5655d192ef849f676b85412472ac063beaa2962cbcb
File name: 4891c331c986dda2faf54dd5a735c867.virus
Detection ratio: 38 / 62
Analysis date: 2017-03-15 16:23:09 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.223405 20170315
AhnLab-V3 Trojan/Win32.Injector.R195727 20170315
ALYac Gen:Variant.Zusy.223405 20170315
Antiy-AVL Trojan[Ransom]/Win32.Crusis 20170315
Arcabit Trojan.Zusy.D368AD 20170315
Avast Win32:Rootkit-gen [Rtk] 20170315
AVG Inject3.BXKZ 20170315
Avira (no cloud) TR/Crypt.ZPACK.ikczf 20170315
BitDefender Gen:Variant.Zusy.223405 20170315
CAT-QuickHeal Ransom.Genasom 20170314
CrowdStrike Falcon (ML) malicious_confidence_89% (D) 20170130
DrWeb BackDoor.Andromeda.1593 20170315
Emsisoft Gen:Variant.Zusy.223405 (B) 20170315
Endgame malicious (moderate confidence) 20170222
ESET-NOD32 a variant of Win32/Injector.DLQE 20170315
F-Secure Gen:Variant.Zusy.223405 20170315
Fortinet W32/Injector.DLUW!tr 20170315
GData Gen:Variant.Zusy.223405 20170315
Sophos ML trojan.win32.dorv.a 20170203
Jiangmin Trojan.Crusis.fn 20170315
K7AntiVirus Trojan ( 00506d0a1 ) 20170315
K7GW Trojan ( 00506d0a1 ) 20170315
Kaspersky Trojan-Ransom.Win32.Crusis.px 20170315
Malwarebytes Ransom.Crypt0L0cker 20170315
McAfee GenericRXBA-IT!7D4AEBE2DC33 20170315
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20170315
eScan Gen:Variant.Zusy.223405 20170315
NANO-Antivirus Trojan.Win32.DLPL.elwhtm 20170315
Panda Trj/Ransom.CA 20170315
Qihoo-360 HEUR/QVM18.1.0000.Malware.Gen 20170315
Rising Malware.Generic.5!tfe (cloud:UMh7bIk6bzO) 20170315
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV Mal/Isda-D 20170315
Symantec Trojan.Gen.2 20170315
TrendMicro Ransom_Crusis.R00XC0FCF17 20170315
TrendMicro-HouseCall Ransom_Crusis.R00XC0FCF17 20170315
Yandex Trojan.Injector!IOd9NtzSU6I 20170315
ZoneAlarm by Check Point Trojan-Ransom.Win32.Crusis.px 20170315
AegisLab 20170315
Alibaba 20170228
AVware 20170315
Baidu 20170315
Bkav 20170315
ClamAV 20170315
CMC 20170315
Comodo 20170315
Cyren 20170315
F-Prot 20170315
Ikarus 20170315
Kingsoft 20170315
Microsoft 20170315
nProtect 20170315
Palo Alto Networks (Known Signatures) 20170315
SUPERAntiSpyware 20170315
Tencent 20170315
TheHacker 20170315
TotalDefense 20170315
Trustlook 20170315
VBA32 20170315
VIPRE 20170315
ViRobot 20170315
Webroot 20170315
WhiteArmor 20170315
Zillya 20170314
Zoner 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-22 12:20:53
Entry Point 0x0003D4F0
Number of sections 3
PE sections
Overlays
MD5 0da5fe5d43491a430ad21791b18ba1e8
File type data
Offset 92160
Size 140239
Entropy 8.00
PE imports
CreateProcessAsUserA
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_RIBBON_XML 1
Number of PE resources by language
FRENCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:02:22 13:20:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
94208

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
4096

SubsystemVersion
5.0

EntryPoint
0x3d4f0

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
159744

File identification
MD5 4891c331c986dda2faf54dd5a735c867
SHA1 4ed738df2d5e3cc497b82560526f6278820a1e2f
SHA256 01ee6a4aa5ed27141a18b5655d192ef849f676b85412472ac063beaa2962cbcb
ssdeep
6144:v38b581GXAlBuZpocvroSiZKtuYEYktYyLmdHjEmD:v0lXAl+NoSiZKtuYEr65vD

authentihash dd6f073797dedf5c48402d33a474da9808a62c50bd3dbd686a99d10d92062004
imphash 10ca904578d85fa0b70bf101ae0ecacf
File size 227.0 KB ( 232399 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2017-03-15 16:23:09 UTC ( 2 years ago )
Last submission 2017-03-15 16:23:09 UTC ( 2 years ago )
File names 4891c331c986dda2faf54dd5a735c867.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications