× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 035ae8f389e0a4cb58428d892123bc3e3b646e4387c641e664c5552228087285
File name: 3533823982.exe
Detection ratio: 50 / 70
Analysis date: 2019-01-16 20:39:11 UTC ( 5 days, 14 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31503022 20190116
AegisLab Trojan.Multi.Generic.4!c 20190116
AhnLab-V3 Malware/Gen.Generic.C2917965 20190116
ALYac Trojan.Ransom.GandCrab 20190116
Antiy-AVL Trojan[Ransom]/Win32.GandCrypt 20190116
Arcabit Trojan.Generic.D1E0B2AE 20190116
Avast Win32:Trojan-gen 20190116
AVG Win32:Trojan-gen 20190116
Avira (no cloud) TR/AD.GandCrab.ydcjw 20190116
BitDefender Trojan.GenericKD.31503022 20190116
CAT-QuickHeal Trojan.Multi 20190116
Comodo Malware@#1ul4mgyqykl14 20190116
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cylance Unsafe 20190116
Cyren W32/Trojan.QWKN-5564 20190116
DrWeb Win32.HLLW.Phorpiex.1331 20190116
Emsisoft Trojan-Ransom.GandCrab (A) 20190116
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOJQ 20190116
F-Prot W32/Kryptik.OQ.gen!Eldorado 20190116
F-Secure Trojan.GenericKD.31503022 20190116
Fortinet W32/GenKryptik.CVXP!tr 20190116
GData Trojan.GenericKD.31503022 20190116
Ikarus Trojan-Ransom.GandCrab 20190116
Sophos ML heuristic 20181128
Jiangmin Trojan/Dialer.mou 20190116
K7AntiVirus Trojan ( 00543e471 ) 20190116
K7GW Trojan ( 00543e471 ) 20190116
Kaspersky Trojan-Ransom.Win32.GandCrypt.hce 20190116
Malwarebytes Trojan.MalPack.GS 20190116
MAX malware (ai score=100) 20190116
McAfee Trojan-FPST!E0E5164CF5B1 20190116
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.ht 20190116
Microsoft VirTool:Win32/CryptInject.YC!MTB 20190116
eScan Trojan.GenericKD.31503022 20190116
NANO-Antivirus Trojan.Win32.Phorpiex.flydnb 20190116
Palo Alto Networks (Known Signatures) generic.ml 20190116
Panda Trj/GdSda.A 20190116
Qihoo-360 Win32/Trojan.Ransom.87e 20190116
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20190116
Sophos AV Troj/GandCra-AE 20190116
Symantec Downloader 20190116
Tencent Win32.Trojan.Gandcrypt.Akor 20190116
Trapmine malicious.high.ml.score 20190103
TrendMicro-HouseCall Ransom.Win32.GANDCRAB.THOAOHAI 20190116
VBA32 BScope.Trojan.Chapak 20190116
VIPRE Trojan.Win32.Generic!BT 20190116
ViRobot Trojan.Win32.Gandcrab.598528 20190116
Webroot W32.Trojan.Gen 20190116
ZoneAlarm by Check Point Trojan-Ransom.Win32.GandCrypt.hce 20190116
Acronis 20190118
Alibaba 20180921
Avast-Mobile 20190116
Babable 20180918
Baidu 20190116
Bkav 20190116
ClamAV 20190116
CMC 20190116
Cybereason 20180308
eGambit 20190116
Kingsoft 20190116
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190109
TACHYON 20190116
TheHacker 20190115
TrendMicro 20190118
Trustlook 20190116
Yandex 20190116
Zillya 20190115
Zoner 20190116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-14 14:14:13
Entry Point 0x0001DF1D
Number of sections 7
PE sections
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
TerminateProcess
SetHandleCount
GetModuleFileNameW
GetOEMCP
GetEnvironmentStringsW
HeapDestroy
ExitProcess
TlsAlloc
IsValidLocale
VirtualProtect
GetLocaleInfoW
LoadLibraryA
RtlUnwind
FillConsoleOutputCharacterW
HeapAlloc
HeapSetInformation
GetStartupInfoA
EnumSystemLocalesA
GetLocaleInfoA
GetCurrentProcessId
AddAtomA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
IsDebuggerPresent
GetCommandLineA
GetProcAddress
AddAtomW
EncodePointer
GetCurrentThread
LCMapStringW
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
IsProcessorFeaturePresent
GetSystemTimes
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
FreeLibrary
LocalFree
GlobalMemoryStatus
GetModuleFileNameA
QueryPerformanceCounter
WideCharToMultiByte
GetProcessShutdownParameters
IsValidCodePage
HeapCreate
GetStringTypeW
FatalAppExitA
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
GetUserDefaultLCID
SetConsoleCtrlHandler
SetLastError
InterlockedIncrement
PeekMessageA
Number of PE resources by type
RT_ICON 6
COPISAGIBEPISATOXIWUCATOJOSU 1
Struct(241) 1
RT_STRING 1
RT_VERSION 1
YIHURU 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
507904

EntryPoint
0x1df1d

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, vufapoyewica

FileVersion
2.6.3.36

TimeStamp
2017:09:14 15:14:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
loxigi.exe

ProductVersion
2.6.3.36

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
195584

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 e0e5164cf5b19d56f33520cd44875c95
SHA1 220f5a668dde7c6d916b1b9a5dcde82dbc2639f8
SHA256 035ae8f389e0a4cb58428d892123bc3e3b646e4387c641e664c5552228087285
ssdeep
3072:Do/wytwRh/tBqZZ4qGT0sZLTHR4X+ZGDNKmM50m62LHOrHQjnM5zvyPuD3bMUdWi:DXkwftW4q8LT68mM57BRgT3yH

authentihash 6030e78df8937fce04e7bd1bbcab2197270387e7ee1bfd403d3c29c8c57b8fb7
imphash 7fcc8b9d7ca1591b5c9cd6b043691cb9
File size 584.5 KB ( 598528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (61.9%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (8.9%)
OS/2 Executable (generic) (4.0%)
Clipper DOS Executable (4.0%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-08 03:14:57 UTC ( 2 weeks ago )
Last submission 2019-01-08 10:00:25 UTC ( 2 weeks ago )
File names 2160242047.exe
3050225318.exe
2736630362.exe
1927323891.exe
1867832740.exe
1911835598.exe
1064726678.exe
1340441586.exe
2579227472.exe
2206418963.exe
2548428483.exe
3358515604.exe
3399027932.exe
1983827565.exe
2623230329.exe
1365610451.exe
1117314369.exe
1421936526.exe
2920025903.exe
1772520513.exe
1698432086.exe
1440412297.exe
2306825494.exe
1572220870.exe
2344527943.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!