× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 097fc2cf5f3d4a4256249fc34f696b73b7a8b44c2a8b6c671399af0bfdfb28fa
File name: 097fc2cf5f3d4a4256249fc34f696b73b7a8b44c2a8b6c671399af0bfdfb28fa
Detection ratio: 38 / 68
Analysis date: 2017-11-09 14:16:08 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.RansomKD.6175869 20171109
AegisLab Filerepmalware.Gen!c 20171109
Antiy-AVL Trojan/Win32.Refinka 20171109
Avast Win32:Malware-gen 20171109
AVG Win32:Malware-gen 20171109
Avira (no cloud) TR/Crypt.Agent.zobaw 20171109
AVware Trojan.Win32.Generic!BT 20171109
Baidu Win32.Trojan.Kryptik.rb 20171109
BitDefender Trojan.GenericKD.12549536 20171109
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171109
Cyren W32/Trojan.HUSQ-0019 20171109
DrWeb Trojan.PWS.Panda.11620 20171109
eGambit Unsafe.AI_Score_99% 20171109
Emsisoft Trojan.GenericKD.12549536 (B) 20171109
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYSZ 20171109
F-Secure Trojan.GenericKD.12549536 20171109
Fortinet W32/GenKryptik.BCIL!tr.ransom 20171109
GData Trojan.GenericKD.12549536 20171109
Ikarus Trojan.Win32.Crypt 20171109
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Refinka.jcp 20171109
MAX malware (ai score=98) 20171109
McAfee Ransomware-GIP!8FF356251D00 20171109
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20171109
eScan Trojan.GenericKD.12549536 20171109
Palo Alto Networks (Known Signatures) generic.ml 20171109
Panda Trj/Genetic.gen 20171109
Rising Trojan.Kryptik!1.AE8C (CLASSIC) 20171109
Sophos AV Mal/Generic-S 20171109
Symantec Trojan.Gen.2 20171109
Tencent Suspicious.Heuristic.Gen.b.0 20171109
TrendMicro TROJ_GEN.R03FC0WK917 20171109
TrendMicro-HouseCall Suspicious_GEN.F47V1108 20171109
VIPRE Trojan.Win32.Generic!BT 20171109
WhiteArmor Malware.HighConfidence 20171104
ZoneAlarm by Check Point Trojan.Win32.Refinka.jcp 20171109
AhnLab-V3 20171109
Alibaba 20170911
ALYac 20171109
Arcabit 20171109
Avast-Mobile 20171109
Bkav 20171109
CAT-QuickHeal 20171109
ClamAV 20171109
CMC 20171109
Comodo 20171109
Cybereason 20171030
F-Prot 20171109
Jiangmin 20171109
K7AntiVirus 20171109
K7GW 20171109
Kingsoft 20171109
Malwarebytes 20171109
Microsoft 20171109
NANO-Antivirus 20171109
nProtect 20171109
Qihoo-360 20171109
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171109
Symantec Mobile Insight 20171109
TheHacker 20171102
TotalDefense 20171109
Trustlook 20171109
VBA32 20171109
ViRobot 20171109
Webroot 20171109
Yandex 20171108
Zillya 20171108
Zoner 20171109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-11 07:05:41
Entry Point 0x0000A96F
Number of sections 4
PE sections
PE imports
CertFreeCRLContext
CryptHashMessage
CertGetNameStringA
CertDeleteCRLFromStore
CryptMemAlloc
CertFindChainInStore
CertFindAttribute
CertSaveStore
CertFindExtension
CertCreateCRLContext
CertFindCRLInStore
CheckADsError
FindSheet
CrackName
IsBadStringPtrW
ReadConsoleA
MoveFileA
SearchPathW
LoadLibraryW
GetCurrentProcessId
GetModuleHandleA
GetSystemDirectoryW
WaitForSingleObject
lstrcat
GetCommandLineA
GetFileSize
GetStartupInfoA
CreateMailslotA
FindNextFileA
DeleteFileW
GetVersion
GetProcAddress
GetCurrentThreadId
GetExpandedNameA
drvGetDefaultCommConfigA
CountryRunOnce
InvokeControlPanel
drvSetDefaultCommConfigA
drvCommConfigDialogA
Chkdsk
FormatEx
Recover
SetFocus
wsprintfA
LoadImageW
IsCharUpperA
IsDialogMessageW
GetPropW
CreateDesktopA
DispatchMessageW
ShowWindow
DialogBoxParamA
GetWindow
LoadMenuW
GetClassLongA
PeekMessageW
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:11 08:05:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
59904

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, Aggressive working-set trim, 32-bit, No debug

EntryPoint
0xa96f

InitializedDataSize
120832

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 8ff356251d00299a4bbf9f348ea605d7
SHA1 7b6111fcd73eb900aed965717bcac3770fa826ae
SHA256 097fc2cf5f3d4a4256249fc34f696b73b7a8b44c2a8b6c671399af0bfdfb28fa
ssdeep
1536:cgsYA1D/Wy11YNJPkT76pUdEQioxEOnK/aWgQT1+zhFhn6STHIMVE9VD5i8piDuU:7NAt/yvPs/aQLWjjTWhT6IMqul6AYTo

authentihash de9962dc4dce6cee62b24cf93f7af82f2f88f460c1a80e59924c4dbf0864d183
imphash f4356103be57eea8153ae6b3bce9407e
File size 177.5 KB ( 181760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-08 12:10:20 UTC ( 1 year, 5 months ago )
Last submission 2017-11-09 14:16:08 UTC ( 1 year, 5 months ago )
File names 818200132aebmoouht.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs