× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761
File name: locky_dump_1_.exe
Detection ratio: 21 / 55
Analysis date: 2016-02-25 01:12:50 UTC ( 12 months ago ) View latest
Antivirus Result Update
AVG FileCryptor.HEQ 20160224
AVware BehavesLike.Win32.Malware.wsc (mx-v) 20160225
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160224
Avast Win32:Locky-D [Trj] 20160225
DrWeb Trojan.DownLoader19.28288 20160225
ESET-NOD32 a variant of Win32/Filecoder.Locky.A 20160225
GData Win32.Trojan-Ransom.Locky.A 20160225
Ikarus Trojan-Ransom.Locky 20160224
Jiangmin Trojan.Generic.nddn 20160225
K7AntiVirus Trojan ( 004dea2e1 ) 20160224
K7GW Trojan ( 004dea2e1 ) 20160225
McAfee Ransomware-Locky!74DDE1905EFF 20160225
McAfee-GW-Edition BehavesLike.Win32.AdwareRBlast.cz 20160225
Microsoft Ransom:Win32/Locky.A 20160225
NANO-Antivirus Trojan.Win32.DownLoader19.eajcbe 20160225
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160225
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160224
Sophos Troj/Ransom-CHA 20160225
TrendMicro-HouseCall Ransom_LOCKY.SM3 20160224
VIPRE BehavesLike.Win32.Malware.wsc (mx-v) 20160224
Zillya Trojan.Locky.Win32.6 20160224
ALYac 20160224
Ad-Aware 20160224
AegisLab 20160224
Yandex 20160224
AhnLab-V3 20160224
Alibaba 20160224
Arcabit 20160225
Avira (no cloud) 20160225
Baidu-International 20160224
BitDefender 20160225
Bkav 20160224
ByteHero 20160225
CAT-QuickHeal 20160224
CMC 20160223
ClamAV 20160225
Comodo 20160225
Cyren 20160225
Emsisoft 20160225
F-Prot 20160225
F-Secure 20160222
Fortinet 20160224
Kaspersky 20160225
Malwarebytes 20160225
eScan 20160225
Panda 20160224
SUPERAntiSpyware 20160225
Symantec 20160224
Tencent 20160225
TheHacker 20160225
TrendMicro 20160225
VBA32 20160224
ViRobot 20160224
Zoner 20160224
nProtect 20160224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-12 15:47:36
Entry Point 0x000091D1
Number of sections 6
PE sections
PE imports
CryptDestroyKey
RegCloseKey
RegQueryValueExA
AccessCheck
CryptEncrypt
RegCreateKeyExA
CryptHashData
CryptImportKey
CryptCreateHash
GetFileSecurityW
OpenProcessToken
DuplicateToken
SetTokenInformation
RegOpenKeyExA
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
OpenThreadToken
CryptDestroyHash
MapGenericMask
RegSetValueExW
CryptSetKeyParam
CryptGetHashParam
RegSetValueExA
RegDeleteValueA
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
GetObjectA
GetDeviceCaps
DeleteDC
SetBkMode
CreateFontA
CreateSolidBrush
GetDIBits
SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetStdHandle
GetDriveTypeW
WaitForSingleObject
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetVolumeNameForVolumeMountPointA
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
GetCurrentThreadId
LeaveCriticalSection
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetWindowsDirectoryA
GetStartupInfoW
DeleteFileW
GetProcAddress
GetTempFileNameW
GetFileSizeEx
FindNextFileW
FindFirstFileW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetEnvironmentStringsW
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
Sleep
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetAddConnection2W
SHGetFolderPathW
ShellExecuteW
ReleaseDC
GetSystemMetrics
FillRect
DrawTextW
SystemParametersInfoW
FrameRect
GetDC
HttpSendRequestA
InternetSetOptionA
InternetWriteFile
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
InternetCrackUrlA
HttpEndRequestA
HttpSendRequestExA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:01:12 16:47:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57856

LinkerVersion
6.1

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
39936

SubsystemVersion
5.1

EntryPoint
0x91d1

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 74dde1905eff75cf3328832988a785de
SHA1 7f2bc907de2471b98be5da4c0874e362606b8349
SHA256 03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761
ssdeep
3072:JPWbmlSwK8xBBooi+Soc4ZfvrkpRb5bMtFle83u9:Jua1tSofMx5bMNe83u

authentihash 4cf9cd1cdb83a44b9643ed8209847e6382f31a6701b0d8804d37c92ecf6cfdca
imphash a9bf0f3696485c9a1586d166d0aad954
File size 184.0 KB ( 188416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-25 01:12:50 UTC ( 12 months ago )
Last submission 2016-12-12 20:25:22 UTC ( 2 months, 1 week ago )
File names f.exe
svchost.exe
svchost.exe
ol4.exe
isheriff_74dde1905eff75cf3328832988a785de.bin
Locky(3).....exe
loki.exe
locky_dump_1_.exe
svchost.exe
Locky(3).....exe
Locky(3).....exe
Locky(3)...exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!