× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 053b9fdab60ab124178e23b4598f2b10e71b2caf1abcfa51c857f0801f555131
Detection ratio: 61 / 67
Analysis date: 2018-05-01 17:41:21 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30533679 20180501
AegisLab Ml.Attribute.Gen!c 20180501
AhnLab-V3 Trojan/Win32.Magniber.C2451896 20180501
ALYac Trojan.Ransom.GandCrab 20180501
Antiy-AVL Trojan/Win32.SelfDel 20180501
Arcabit Trojan.Generic.D1D1E82F 20180501
Avast Win32:Malware-gen 20180501
AVG Win32:Malware-gen 20180501
Avira (no cloud) TR/Crypt.Xpack.lxbie 20180501
AVware Trojan.Win32.Generic!BT 20180428
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180428
BitDefender Trojan.GenericKD.30533679 20180501
CAT-QuickHeal Trojan.IGENERIC 20180501
ClamAV Win.Trojan.Agent-6503017-0 20180501
Comodo UnclassifiedMalware 20180501
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20180418
Cylance Unsafe 20180501
Cyren W32/Trojan.YYWZ-5638 20180501
DrWeb Trojan.Encoder.24384 20180501
eGambit Unsafe.AI_Score_91% 20180501
Emsisoft Trojan.GenericKD.30533679 (B) 20180501
Endgame malicious (high confidence) 20180402
ESET-NOD32 Win32/Filecoder.GandCrab.B 20180501
F-Prot W32/S-caf46b5d!Eldorado 20180501
F-Secure Trojan.GenericKD.30533679 20180501
Fortinet W32/Kryptik.GFCZ!tr.ransom 20180501
GData Trojan.GenericKD.30533679 20180501
Ikarus Trojan-Ransom.GandCrab 20180501
Sophos ML heuristic 20180120
Jiangmin TrojanDownloader.Bandit.h 20180501
K7AntiVirus Trojan ( 0052cb411 ) 20180501
K7GW Trojan ( 0052cb411 ) 20180501
Kaspersky Trojan-Ransom.Win32.GandCrypt.abw 20180501
Malwarebytes Trojan.MalPack 20180501
MAX malware (ai score=99) 20180501
McAfee Packed-FCX!314E24A6DEF3 20180501
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20180425
Microsoft Ransom:Win32/GandCrab.E 20180501
eScan Trojan.GenericKD.30533679 20180501
NANO-Antivirus Trojan.Win32.Kryptik.ezhgdl 20180501
nProtect Trojan/W32.Chapak.264200.C 20180501
Palo Alto Networks (Known Signatures) generic.ml 20180501
Panda Trj/Genetic.gen 20180501
Qihoo-360 Trojan.Generic 20180501
Rising Trojan.Kryptik!8.8 (TFE:5:yaBonEmzAyE) 20180501
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Ransom-EXQ 20180501
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180501
Symantec Downloader 20180501
Tencent Win32.Trojan.Chapak.Lgtq 20180501
TheHacker Trojan/Kryptik.gfcz 20180430
TrendMicro Ransom_GANDCRAB.TIAOBGN 20180501
TrendMicro-HouseCall Ransom_GANDCRAB.TIAOBGN 20180501
VBA32 TrojanDownloader.Upatre 20180428
VIPRE Trojan.Win32.Generic!BT 20180501
ViRobot Trojan.Win32.Z.Outbreak.264200 20180501
Webroot W32.Trojan.Gen 20180501
Yandex Trojan.DL.Bandit! 20180428
Zillya Downloader.Upatre.Win32.65752 20180430
ZoneAlarm by Check Point Trojan-Ransom.Win32.GandCrypt.abw 20180501
Alibaba 20180428
Avast-Mobile 20180501
Bkav 20180426
CMC 20180501
Cybereason None
Kingsoft 20180501
Symantec Mobile Insight 20180501
TotalDefense 20180501
Trustlook 20180501
Zoner 20180430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-03 06:22:13
Entry Point 0x00001996
Number of sections 5
PE sections
Overlays
MD5 568c3782a36af46ad115aee0a2ab8d74
File type ASCII text
Offset 264192
Size 8
Entropy 2.75
PE imports
OffsetViewportOrgEx
CopyEnhMetaFileW
CreateFontA
GetCurrentPositionEx
EnumEnhMetaFile
CombineTransform
EnumFontFamiliesW
GetLastError
ReplaceFileA
HeapFree
LocalReAlloc
EnterCriticalSection
SetStdHandle
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
CreateJobSet
HeapAlloc
TlsAlloc
ScrollConsoleScreenBufferW
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
WaitForSingleObjectEx
GetStdHandle
lstrlenW
GetPrivateProfileStructW
CopyFileW
GetACP
HeapSetInformation
GetCurrentProcess
GetConsoleMode
DecodePointer
LocalAlloc
LCMapStringW
UnhandledExceptionFilter
GetCPInfo
GetCommProperties
GetCPInfoExA
MultiByteToWideChar
HeapSize
FoldStringW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
GetStartupInfoW
GetTempFileNameW
QueryDepthSList
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
InterlockedDecrement
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
RtlUnwind
TlsGetValue
IsValidCodePage
LoadResource
SetLastError
CreateFileW
GetPrivateProfileStringA
IsDebuggerPresent
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
InterlockedIncrement
ExitProcess
HeapCreate
WriteConsoleW
LeaveCriticalSection
GetWindowRgn
GetIconInfo
EnumDisplaySettingsA
GetMenuInfo
AdjustWindowRectEx
SetWindowContextHelpId
ExcludeUpdateRgn
UnpackDDElParam
GetWindowTextLengthW
CreateDialogParamA
IsCharAlphaNumericW
DefDlgProcW
SetPropW
LoadIconA
CoIsHandlerConnected
OleRegGetUserType
OleFlushClipboard
CoGetClassObject
Number of PE resources by type
RT_STRING 41
RT_BITMAP 3
XHQCSFH 1
ZILOYIKIPAPAZAZANE 1
RT_ICON 1
NIRADUZOSIROBATEYOVAVAMOHU 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 49
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:03 08:22:13+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49664

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1996

InitializedDataSize
25903616

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

PCAP parents
File identification
MD5 314e24a6def3af01f320ae5384c494e8
SHA1 15de9768f8ae8dcc462a9d33382bd86ecd5925ac
SHA256 053b9fdab60ab124178e23b4598f2b10e71b2caf1abcfa51c857f0801f555131
ssdeep
6144:dF4sls6Lv7a0oWalEwtxwlYckTOqBegr8FpI:L4sls6LvR4+xjkFr8vI

authentihash 8dd2642598b9961e7345023c4b81273a3f3a875755c51bd2fa9eb8f72a523907
imphash cce434d3edef700e2ffaeadbd884d64e
File size 258.0 KB ( 264200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe nxdomain overlay

VirusTotal metadata
First submission 2018-04-03 10:31:07 UTC ( 1 year ago )
Last submission 2019-01-06 08:29:06 UTC ( 3 months, 2 weeks ago )
File names k.exe
053b9fdab60ab124178e23b4598f2b10e71b2caf1abcfa51c857f0801f555131
featherstrail.exe
GandCrab.exe
k.exe
c.exe
mTxw.exe
053b9fdab60ab124178e23b4598f2b10e71b2caf1abcfa51c857f0801f555131.exe
VirusShare_314e24a6def3af01f320ae5384c494e8
k.exe
78ffa6f4bb1ec75064f4c0cf3241e028e9a3c654
c.exe
c.exe
053b9fdab60ab124178e23b4598f2b10e71b2caf1abcfa51c857f0801f555131.bin_used
output.113072504.txt
featherstrail.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Replaced files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications