× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab
File name: 0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab.bin
Detection ratio: 55 / 70
Analysis date: 2019-02-11 17:35:14 UTC ( 6 days, 10 hours ago )
Antivirus Result Update
Ad-Aware Generic.Ransom.Cryak.CD721E02 20190211
AegisLab Trojan.Win32.Cryakl.4!c 20190211
AhnLab-V3 Trojan/Win32.Agent.C1172414 20190211
ALYac Trojan.Ransom.Cryakl 20190211
Antiy-AVL Trojan/Win32.Scar 20190211
Arcabit Generic.Ransom.Cryak.CD721E02 20190211
Avast Win32:Malware-gen 20190211
AVG Win32:Malware-gen 20190211
Avira (no cloud) HEUR/AGEN.1005338 20190211
BitDefender Generic.Ransom.Cryak.CD721E02 20190211
Bkav W32.RansomCriaklB.Trojan 20190201
CAT-QuickHeal Ransom.Vipasana.PR8 20190210
Comodo TrojWare.Win32.TrojanDownloader.Delf.gen@1xqow5 20190211
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cybereason malicious.17e6a3 20190109
Cylance Unsafe 20190211
Cyren W32/Criakl.A.gen!Eldorado 20190211
DrWeb Trojan.Encoder.567 20190211
eGambit Generic.Malware 20190211
Emsisoft Generic.Ransom.Cryak.CD721E02 (B) 20190211
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Filecoder.EQ 20190211
F-Prot W32/Criakl.A.gen!Eldorado 20190211
F-Secure Heuristic.HEUR/AGEN.1005338 20190211
Fortinet W32/Filecoder.EQ!tr 20190211
GData Win32.Trojan-Ransom.Cryakl.E 20190211
Ikarus Trojan.Win32.Agent 20190211
Jiangmin Trojan.Cryakl.le 20190211
K7AntiVirus Trojan ( 005107721 ) 20190211
K7GW Trojan ( 005107721 ) 20190211
Kaspersky Trojan-Ransom.Win32.Cryakl.aiv 20190211
Malwarebytes Ransom.FileLocker 20190211
MAX malware (ai score=100) 20190211
McAfee GenericRXFE-HV!2AEA3B217E6A 20190211
McAfee-GW-Edition BehavesLike.Win32.Fesber.fc 20190211
Microsoft Ransom:Win32/Criakl.D 20190211
eScan Generic.Ransom.Cryak.CD721E02 20190211
NANO-Antivirus Trojan.Win32.Scar.dzzqkl 20190211
Palo Alto Networks (Known Signatures) generic.ml 20190211
Panda Trj/Genetic.gen 20190211
Qihoo-360 Win32/Trojan.Ransom.379 20190211
Rising Ransom.Cryakl!8.560 (CLOUD) 20190211
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/Cryakl-G 20190211
SUPERAntiSpyware Ransom.Locker/Variant 20190206
Symantec Trojan.Gen 20190211
Tencent Win32.Trojan.Raas.Auto 20190211
Trapmine suspicious.low.ml.score 20190123
TrendMicro Ransom_CRYPICH.SMA 20190211
TrendMicro-HouseCall Ransom_CRYPICH.SMA 20190211
VBA32 Hoax.Cryakl 20190211
Webroot W32.Trojan.Gen 20190211
Yandex Trojan.Cryakl! 20190210
Zillya Trojan.Cryakl.Win32.361 20190211
ZoneAlarm by Check Point Trojan-Ransom.Win32.Cryakl.aiv 20190211
Acronis 20190208
Alibaba 20180921
Avast-Mobile 20190211
Babable 20180918
Baidu 20190202
ClamAV 20190211
CMC 20190211
Sophos ML 20181128
Kingsoft 20190211
Symantec Mobile Insight 20190207
TACHYON 20190211
TheHacker 20190203
Trustlook 20190211
VIPRE 20190211
ViRobot 20190211
Zoner 20190211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0003A4B0
Number of sections 8
PE sections
PE imports
GetTokenInformation
RegFlushKey
RegCloseKey
OpenProcessToken
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
PatBlt
GetCurrentPositionEx
GdiFlush
GetTextMetricsA
MaskBlt
CreateBrushIndirect
SetStretchBltMode
GetEnhMetaFilePaletteEntries
GetPixel
BitBlt
GetObjectA
CreateCompatibleDC
DeleteDC
SetBkMode
CreateHalftonePalette
CreateDIBSection
CopyEnhMetaFileA
RealizePalette
SetTextColor
GetDeviceCaps
SetEnhMetaFileBits
CreateBitmap
MoveToEx
CreatePalette
GetStockObject
CreateDIBitmap
PlayEnhMetaFile
SelectPalette
UnrealizeObject
GetDIBits
GetEnhMetaFileBits
SetBrushOrgEx
GetBrushOrgEx
StretchBlt
GetBitmapBits
SetROP2
CreateFontIndirectA
SelectObject
GetWinMetaFileBits
SetDIBColorTable
GetEnhMetaFileHeader
GetPaletteEntries
SetBkColor
SetWinMetaFileBits
DeleteObject
CreateCompatibleBitmap
CreatePenIndirect
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetTempPathA
GetCPInfo
WriteFile
GetDiskFreeSpaceA
GetFullPathNameA
SetEvent
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
MulDiv
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetVersionExA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
OpenProcess
CreateDirectoryA
GetWindowsDirectoryA
GetProcAddress
GlobalReAlloc
FindFirstFileA
ResetEvent
FindNextFileA
GlobalLock
CreateEventA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
GetCommandLineA
GetCurrentThread
RaiseException
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
FreeResource
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CompareStringA
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
ShellExecuteExA
ShellExecuteA
SystemParametersInfoA
GetSystemMetrics
GetIconInfo
LoadIconA
DestroyIcon
ReleaseDC
FillRect
LoadStringA
DrawIconEx
CharNextA
CreateIcon
MessageBoxA
GetFocus
GetClipboardData
CharLowerBuffA
GetSysColor
GetKeyboardType
GetDC
CharToOemA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
Number of PE resources by type
RT_STRING 9
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
251392

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x3a4b0

InitializedDataSize
126976

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 2aea3b217e6a3d08ef684594192cafc8
SHA1 3a0b855dd052b2cdc6453f6cbdb858c7b55762b0
SHA256 0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab
ssdeep
6144:oRzMgpY8bXFHW1FbwwEHidUoagoW2C9cuqBGI4Zq6mYlG8+rNfNQFoQGt485VY:uDRbXFHW1+K2UWBGIymY/+rheFOv

authentihash 7160e4e59fc5ec05b6f8f76b185c94b69e440f1bf2e6e7e400a09f12467384ef
imphash 42f8a5ca073b928937c7cbdd304707ab
File size 370.5 KB ( 379392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (52.9%)
Win32 Executable (generic) (16.8%)
Win16/32 Executable Delphi generic (7.7%)
OS/2 Executable (generic) (7.5%)
Generic Win/DOS Executable (7.4%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2016-01-09 13:33:37 UTC ( 3 years, 1 month ago )
Last submission 2019-01-18 19:53:18 UTC ( 1 month ago )
File names Vipasana1..vir..exe
2aea3b217e6a3d08ef684594192cafc8.vir
0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab.exe
Vipasana (2).exe
0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab.exe
04.exe
0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab.exe
0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab.exe
0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab.exe
engJohnmen.exe
Vipasana (2).exe
Vipasana1..vir..exe
Vipasana (2).exe
vipasana1.exe
0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab.exe
0442CF~1.EXE
0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab.exe
0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Shell commands
Runtime DLLs
UDP communications