× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02469222c9895fcbdcbe8264fadfbd8150d649a08e42ea2c476b6a33203e21c5
File name: ferdoxs.exe
Detection ratio: 48 / 56
Analysis date: 2017-02-08 05:09:55 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3469027 20170208
AegisLab Troj.Ransom.W32.Locky!c 20170208
AhnLab-V3 Trojan/Win32.Locky.C1520842 20170207
ALYac Trojan.GenericKD.3469027 20170208
Antiy-AVL Trojan/Win32.TSGeneric 20170208
Arcabit Trojan.Generic.D34EEE3 20170208
Avast Win32:Malware-gen 20170208
AVG FileCryptor.MNF 20170207
Avira (no cloud) TR/Crypt.Xpack.fcly 20170207
AVware Trojan.Win32.Generic!BT 20170208
BitDefender Trojan.GenericKD.3469027 20170208
CAT-QuickHeal TrojanRansom.Locky 20170207
Comodo TrojWare.Win32.Agent.baxzk 20170208
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Locky.NWBT-8940 20170208
DrWeb Trojan.Encoder.5557 20170208
Emsisoft Trojan.GenericKD.3469027 (B) 20170208
ESET-NOD32 Win32/Filecoder.Locky.C 20170208
F-Prot W32/Locky.IZ 20170208
F-Secure Trojan.GenericKD.3469027 20170208
Fortinet W32/Locky.BJR!tr 20170208
GData Trojan.GenericKD.3469027 20170208
Ikarus Trojan.Win32.Filecoder 20170207
Invincea virtool.win32.injector.ge 20170203
Jiangmin Trojan.Locky.bfp 20170208
K7AntiVirus Trojan ( 004f00a01 ) 20170208
K7GW Trojan ( 004f00a01 ) 20170208
Kaspersky Trojan-Ransom.Win32.Locky.bjr 20170208
Malwarebytes Ransom.Locky 20170208
McAfee Ransomware-Locky.g 20170208
McAfee-GW-Edition Ransomware-Locky.g 20170208
Microsoft Ransom:Win32/Locky 20170208
eScan Trojan.GenericKD.3469027 20170208
NANO-Antivirus Trojan.Win32.Xpack.efysok 20170208
nProtect Ransom/W32.Locky.284672 20170208
Panda Trj/WLT.C 20170207
Qihoo-360 Trojan.Generic 20170208
Rising Ransom.Locky!8.1CD4-WrtfpVjpRlL (cloud) 20170207
Sophos Troj/Locky-IC 20170207
Symantec Trojan.Cridex 20170207
Tencent Win32.Trojan.Filecoder.Tays 20170208
TrendMicro Ransom_LOCKY.QD 20170208
VBA32 Hoax.Locky 20170207
VIPRE Trojan.Win32.Generic!BT 20170208
ViRobot Trojan.Win32.Locky.284672[h] 20170208
Yandex Trojan.Locky! 20170208
Zillya Trojan.Locky.Win32.677 20170207
Zoner Trojan.Locky 20170208
Alibaba 20170122
Baidu 20170207
Bkav 20170207
ClamAV 20170208
CMC 20170207
Kingsoft 20170208
SUPERAntiSpyware 20170208
TheHacker 20170205
TotalDefense 20170207
Trustlook 20170208
WhiteArmor 20170202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-15 09:03:04
Entry Point 0x0000B9EC
Number of sections 5
PE sections
PE imports
GetTokenInformation
RegCloseKey
OpenProcessToken
GetUserNameW
OpenThreadToken
LsaOpenPolicy
Ord(6)
Ord(17)
ImageList_ReplaceIcon
PrintDlgA
ChooseFontA
CryptCreateAsyncHandle
SetDIBits
CreatePolygonRgn
CreatePen
TextOutA
GetClipBox
GetGlyphOutlineA
GetObjectA
LineTo
DeleteDC
GetTextExtentPointA
BitBlt
SetTextColor
CreateFontA
ExtTextOutW
MoveToEx
GetStockObject
CreateDIBitmap
CreateEllipticRgnIndirect
SetTextAlign
CreateCompatibleDC
PolyBezier
SelectObject
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
TlsGetValue
SetLastError
Beep
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetUserDefaultLCID
GetProcessHeap
FindFirstFileA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
ReadFileScatter
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
VariantChangeType
VariantClear
VariantInit
ReadGlobalPwrPolicy
SHBindToParent
SHParseDisplayName
AssocCreate
PathCompactPathA
lineUnparkW
MapWindowPoints
GetMessageA
GetForegroundWindow
SetWindowRgn
UpdateWindow
SetPropA
PostQuitMessage
HideCaret
DrawIcon
CopyIcon
KillTimer
DestroyMenu
FindWindowA
DefWindowProcA
ShowWindow
GetPropA
SetWindowPos
InvalidateRect
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
GetCursorInfo
CallWindowProcA
GetIconInfo
MessageBoxA
PeekMessageA
TranslateMessage
BeginPaint
GetSysColor
GetDC
GetCursorPos
ReleaseDC
RemovePropA
CreatePopupMenu
CheckMenuItem
DestroyIcon
EnumPropsA
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
RegisterClassA
TrackPopupMenuEx
FindWindowExA
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowTextA
FillRect
GetWindowTextW
LoadImageA
GetSystemMenu
CreateWindowExW
EndPaint
SetCursor
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
EnumPrintersA
OpenPrinterA
FindFirstPrinterChangeNotification
EnumJobsA
GetPrinterA
FindClosePrinterChangeNotification
ClosePrinter
CoUninitialize
CoInitialize
CoLockObjectExternal
OleSetContainedObject
RegisterDragDrop
CoCreateInstance
CreateBindCtx
RevokeDragDrop
OleCreate
CoGetClassObject
PdhCollectQueryData
Number of PE resources by type
RT_DIALOG 12
RT_RCDATA 6
RT_STRING 5
RT_BITMAP 4
RT_GROUP_CURSOR 3
RT_CURSOR 3
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 34
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:15 10:03:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
144896

LinkerVersion
9.0

EntryPoint
0xb9ec

InitializedDataSize
138752

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 cf5aa4edf369139d0455bcd912219090
SHA1 0f538d647a6b26370136ab00bd6e7d4f8bf5fbc6
SHA256 02469222c9895fcbdcbe8264fadfbd8150d649a08e42ea2c476b6a33203e21c5
ssdeep
3072:uJgI/VoKqmjShrJAJybqPFVSwl65xF5Qz1QjXcqbuthUZ3aGz7fzoClvfRs:fINoKqmYJAJyb8GNUCjsqbu+qAnL6

authentihash cfd82789f60f4c9d89164fb8661e1c95ead85db8f69d79e4734afcaeb6430400
imphash 6f26b5feb5527d3666137657a4d06552
File size 278.0 KB ( 284672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-15 09:40:10 UTC ( 8 months, 2 weeks ago )
Last submission 2016-12-08 17:24:46 UTC ( 4 months, 2 weeks ago )
File names ferdoxs.exe
ferdoxs.exe.513538194.exe
sys48.exe
(02469222c9895fcbdcbe8264fadfbd8150d649a08e42ea2c476b6a33203e21c5) - ferdoxs.exe
ferdoxs.xxx
ferdoxs.exe
ferdoxs.exe
HJ6bhGHV.exe
ferdoxs.exe
ferdoxs.xxx
out
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Searched windows
Runtime DLLs
UDP communications