× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 023fdab01464c19765fd760c6b7ccea18604f4797df99e5e8f22281b83f42a48
File name: 99134da2addf277d700ca4629afcebae.virus
Detection ratio: 24 / 59
Analysis date: 2017-02-20 03:23:37 UTC ( 1 year, 12 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cerber.C1792773 20170219
AVG Atros5.DYO 20170220
Avira (no cloud) TR/Crypt.ZPACK.bnchy 20170219
AVware Trojan.Win32.Generic!BT 20170220
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170217
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb Trojan.Siggen7.8168 20170220
Endgame malicious (high confidence) 20170217
ESET-NOD32 Win32/Filecoder.Cerber.G 20170219
Ikarus Trojan.Win32.Filecoder 20170219
Sophos ML virus.win32.sality.at 20170203
Kaspersky Trojan-Ransom.Win32.Zerber.cfoy 20170220
McAfee Artemis!99134DA2ADDF 20170220
McAfee-GW-Edition Artemis 20170219
Microsoft Trojan:Win32/Dynamer!ac 20170220
Qihoo-360 HEUR/QVM08.0.0000.Malware.Gen 20170220
Sophos AV Mal/Generic-S 20170220
Symantec Trojan.Gen.2 20170219
Tencent Win32.Trojan.Zerber.Hsid 20170220
TrendMicro Ransom_HPCERBER.SM51 20170220
TrendMicro-HouseCall Ransom_HPCERBER.SM51 20170220
VIPRE Trojan.Win32.Generic!BT 20170220
Webroot Malicious 20170220
Yandex Trojan.Zerber! 20170219
Ad-Aware 20170220
AegisLab 20170220
Alibaba 20170220
ALYac 20170220
Antiy-AVL 20170220
Arcabit 20170220
Avast 20170220
BitDefender 20170220
Bkav 20170218
CAT-QuickHeal 20170218
ClamAV 20170220
CMC 20170219
Comodo 20170220
Cyren 20170220
Emsisoft 20170220
F-Prot 20170220
F-Secure 20170220
Fortinet 20170220
GData 20170220
Jiangmin 20170220
K7AntiVirus 20170220
K7GW 20170220
Kingsoft 20170220
Malwarebytes 20170220
eScan 20170220
NANO-Antivirus 20170220
nProtect 20170220
Panda 20170219
Rising 20170219
SUPERAntiSpyware 20170219
TheHacker 20170218
TotalDefense 20170219
Trustlook 20170220
VBA32 20170217
ViRobot 20170219
WhiteArmor 20170215
Zillya 20170218
Zoner 20170220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-17 10:39:52
Entry Point 0x0000D1E2
Number of sections 5
PE sections
Overlays
MD5 844be06047018e842bb417e380ea4b1c
File type data
Offset 598016
Size 425
Entropy 7.49
PE imports
GetSystemTime
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
VirtualProtect
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
VirtualQuery
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
IsBadCodePtr
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
IsBadReadPtr
SetStdHandle
SetFilePointer
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
DeleteFileW
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
HeapAlloc
InterlockedIncrement
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
TlsGetValue
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
GetLocaleInfoW
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:17 11:39:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
118784

LinkerVersion
7.1

EntryPoint
0xd1e2

InitializedDataSize
520192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 99134da2addf277d700ca4629afcebae
SHA1 2c1da805d546c4e1dc516ae10fc8d74bd13b015a
SHA256 023fdab01464c19765fd760c6b7ccea18604f4797df99e5e8f22281b83f42a48
ssdeep
6144:sz3inSL+kOAHMe+DoNbd4oaKz87XomnvUgVuuggCW/1JjUikhYM8:YSnHkFMGMkgCybCYT

authentihash 4167ef67e6ae05af75a94285a38d501505c75fa38c88c46e57128ed06c59e331
imphash 54cf3c633a955ca774f1bdb91df79324
File size 584.4 KB ( 598441 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-20 03:23:37 UTC ( 1 year, 12 months ago )
Last submission 2018-01-16 21:31:35 UTC ( 1 year, 1 month ago )
File names 99134da2addf277d700ca4629afcebae.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications