× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1
File name: locky ransomware
Detection ratio: 58 / 67
Analysis date: 2017-12-07 14:48:13 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.AgentWDCR.LUC 20171207
AegisLab Ransom.Cerber.Smaly0!c 20171207
AhnLab-V3 Win-Trojan/Lukitus3.Exp 20171207
ALYac Trojan.Ransom.LockyCrypt 20171207
Antiy-AVL Trojan/Win32.TSGeneric 20171207
Arcabit Trojan.AgentWDCR.LUC 20171207
Avast Win32:Malware-gen 20171207
AVG Win32:Malware-gen 20171207
Avira (no cloud) TR/Crypt.Xpack.jiaji 20171207
AVware Trojan.Win32.Generic!BT 20171207
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171207
BitDefender Trojan.AgentWDCR.LUC 20171207
CAT-QuickHeal Ransom.Locky.S1433301 20171206
ClamAV Win.Ransomware.Locky-6335674-3 20171207
Comodo UnclassifiedMalware 20171207
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171207
Cyren W32/Locky.BZ.gen!Eldorado 20171207
DrWeb Trojan.Encoder.13570 20171207
eGambit Unsafe.AI_Score_98% 20171207
Emsisoft Trojan.AgentWDCR.LUC (B) 20171207
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Filecoder.Locky.L 20171207
F-Prot W32/Locky.BZ.gen!Eldorado 20171207
F-Secure Trojan.AgentWDCR.LUC 20171207
Fortinet W32/GenKryptik.APXF!tr 20171207
GData Win32.Trojan-Ransom.Locky.DO 20171207
Ikarus Trojan-Ransom.Locky 20171207
Sophos ML heuristic 20170914
Jiangmin Trojan.Cryptor.by 20171207
K7AntiVirus Trojan ( 00515aa21 ) 20171205
K7GW Trojan ( 00515aa21 ) 20171207
Kaspersky Trojan-Ransom.Win32.Agent.abgi 20171207
Malwarebytes Trojan.MalPack 20171207
MAX malware (ai score=100) 20171207
McAfee Generic.acq 20171207
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jc 20171207
Microsoft Ransom:Win32/Locky.A 20171207
eScan Trojan.AgentWDCR.LUC 20171207
NANO-Antivirus Trojan.Win32.Agent.esbuza 20171207
Palo Alto Networks (Known Signatures) generic.ml 20171207
Panda Trj/WLT.D 20171207
Qihoo-360 Trojan.Generic 20171207
Rising Ransom.Locky!8.1CD4 (KTSE) 20171207
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Troj/Locky-AAO 20171207
Symantec Ransom.Locky.B 20171207
Tencent Suspicious.Heuristic.Gen.b.0 20171207
TrendMicro Ransom_LOCKY.TH823 20171207
TrendMicro-HouseCall Ransom_LOCKY.TH823 20171207
VBA32 Trojan.Filecoder 20171207
VIPRE Trojan.Win32.Generic!BT 20171207
ViRobot Trojan.Win32.Locky.672768.A 20171207
Webroot W32.Trojan.Gen 20171207
WhiteArmor Malware.HighConfidence 20171204
Yandex Trojan.Agent!wsXsQw3Xlo0 20171207
ZoneAlarm by Check Point Trojan-Ransom.Win32.Agent.abgi 20171207
Zoner Trojan.Locky 20171207
Alibaba 20171207
Avast-Mobile 20171207
Bkav 20171207
CMC 20171207
Cybereason 20171103
Kingsoft 20171207
nProtect 20171207
SUPERAntiSpyware 20171207
Symantec Mobile Insight 20171207
TheHacker 20171205
TotalDefense 20171207
Trustlook 20171207
Zillya 20171206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-26 14:06:56
Entry Point 0x0000265A
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegUnLoadKeyA
RegReplaceKeyA
RegOpenKeyA
RegSaveKeyA
RegDeleteValueW
ClearEventLogA
LogonUserA
ReadEventLogW
RegCreateKeyExA
OpenEventLogW
RegEnumKeyA
CryptSignHashA
CDLocateRng
MD5Init
MD5Update
OpenMutexA
GetCurrentProcess
WaitNamedPipeW
MoveFileExW
WaitForSingleObject
DeleteFileA
LoadLibraryExW
GetTickCount
CreateWaitableTimerA
FindNextFileA
GetCommandLineA
LoadLibraryA
InterlockedIncrement
GetProcAddress
OpenJobObjectA
SHGetFileInfoA
StrStrA
DragFinish
DragQueryFileW
SHChangeNotify
ExtractIconW
ShellAboutW
SHGetFolderPathA
FindExecutableW
ShellMessageBoxA
SHGetMalloc
PathCompactPathW
PathStripPathW
UrlHashW
PathCommonPrefixW
UrlIsNoHistoryW
UrlIsOpaqueW
UrlGetLocationW
UrlGetPartW
UrlEscapeW
UrlIsW
PathIsURLW
UrlUnescapeA
PathCombineW
UrlCompareW
Recover
Extend
Number of PE resources by type
TEX 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:26 15:06:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50176

LinkerVersion
9.0

EntryPoint
0x265a

InitializedDataSize
621568

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e9a81fb5fd86ba9a78ec6528c2b1ae37
SHA1 bb0881b7179033710d26beded4f69a9a8b80702f
SHA256 09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1
ssdeep
12288:F5J9O/FV+fwQRM/u4sAmz9BtiSPUYT8gGgrluz:F5JM/FV+Iiuzc7MWGgYz

authentihash 00655497626bead92409f4b54781d274164dcfd3354a4a10942920e4571774e5
imphash fb3f18f3a26b3c97c5892f99370eecfa
File size 657.0 KB ( 672768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-23 17:44:09 UTC ( 6 months ago )
Last submission 2017-12-07 14:48:13 UTC ( 2 months, 2 weeks ago )
File names agraba8.exe
YBRcIfYBSY.exe
YBRcIfYBSY.exe
TrnbGVH.txt.exe
locky ransomware
YBRcIfYBSY.exe
TrnbGVH
e9a81fb5fd86ba9a78ec6528c2b1ae37.exe
YBRcIfYBSY.exe
YBRcIfYBSY.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened mutexes
Runtime DLLs
DNS requests
UDP communications