× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1
File name: e9a81fb5fd86ba9a78ec6528c2b1ae37
Detection ratio: 54 / 68
Analysis date: 2018-09-20 15:22:42 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.AgentWDCR.LUC 20180920
AhnLab-V3 Win-Trojan/Lukitus3.Exp 20180920
ALYac Trojan.Ransom.LockyCrypt 20180920
Antiy-AVL Trojan/Win32.TSGeneric 20180920
Arcabit Trojan.AgentWDCR.LUC 20180920
Avast Win32:Malware-gen 20180920
AVG Win32:Malware-gen 20180920
Avira (no cloud) TR/Crypt.XPACK.jiaji 20180920
AVware Trojan.Win32.Generic!BT 20180920
BitDefender Trojan.AgentWDCR.LUC 20180920
Bkav W32.eHeur.Malware09 20180919
CAT-QuickHeal Ransom.Exxroute.ZZ5 20180918
ClamAV Win.Ransomware.Locky-6335674-3 20180920
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.5fd86b 20180225
Cylance Unsafe 20180920
Cyren W32/Locky.BZ.gen!Eldorado 20180920
DrWeb Trojan.Encoder.13570 20180920
Emsisoft Trojan.AgentWDCR.LUC (B) 20180920
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Filecoder.Locky.L 20180920
F-Prot W32/Locky.BZ.gen!Eldorado 20180920
F-Secure Trojan.AgentWDCR.LUC 20180920
Fortinet W32/GenKryptik.APXF!tr 20180920
GData Win32.Trojan.Kryptik.IT 20180920
Ikarus Trojan-Ransom.Locky 20180920
Sophos ML heuristic 20180717
Jiangmin Trojan.Cryptor.by 20180920
K7AntiVirus Trojan ( 00515aa21 ) 20180920
K7GW Trojan ( 00515aa21 ) 20180920
Kaspersky Trojan-Ransom.Win32.Agent.abgi 20180920
Malwarebytes Ransom.Locky 20180920
MAX malware (ai score=100) 20180920
McAfee Generic.acq 20180920
McAfee-GW-Edition BehavesLike.Win32.Ransomware.jc 20180920
eScan Trojan.AgentWDCR.LUC 20180920
NANO-Antivirus Trojan.Win32.Agent.exkbhr 20180920
Palo Alto Networks (Known Signatures) generic.ml 20180920
Panda Trj/WLT.D 20180920
Qihoo-360 Trojan.Generic 20180920
Rising Ransom.Locky!8.1CD4 (TFE:5:EXvO5yzR9cS) 20180920
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Troj/Locky-AAO 20180920
Symantec Ransom.Locky.B 20180920
Tencent Win32.Trojan.Raas.Auto 20180920
TrendMicro Ransom_LOCKY.TH823 20180920
TrendMicro-HouseCall Ransom_LOCKY.TH823 20180920
VBA32 BScope.TrojanRansom.Locky 20180920
VIPRE Trojan.Win32.Generic!BT 20180920
ViRobot Trojan.Win32.Locky.672768.A 20180920
Webroot W32.Trojan.Gen 20180920
Yandex Trojan.Agent!wsXsQw3Xlo0 20180919
ZoneAlarm by Check Point Trojan-Ransom.Win32.Agent.abgi 20180920
Zoner Trojan.Locky 20180919
AegisLab 20180920
Alibaba 20180912
Avast-Mobile 20180920
Babable 20180918
Baidu 20180914
CMC 20180920
Comodo 20180920
eGambit 20180920
Kingsoft 20180920
Microsoft 20180920
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180920
TheHacker 20180918
TotalDefense 20180920
Trustlook 20180920
Zillya 20180920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-26 14:06:56
Entry Point 0x0000265A
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegUnLoadKeyA
RegReplaceKeyA
RegOpenKeyA
RegSaveKeyA
RegDeleteValueW
ClearEventLogA
LogonUserA
ReadEventLogW
RegCreateKeyExA
OpenEventLogW
RegEnumKeyA
CryptSignHashA
CDLocateRng
MD5Init
MD5Update
OpenMutexA
GetCurrentProcess
WaitNamedPipeW
MoveFileExW
WaitForSingleObject
DeleteFileA
LoadLibraryExW
GetTickCount
CreateWaitableTimerA
FindNextFileA
GetCommandLineA
LoadLibraryA
InterlockedIncrement
GetProcAddress
OpenJobObjectA
SHGetFileInfoA
StrStrA
DragFinish
DragQueryFileW
SHChangeNotify
ExtractIconW
ShellAboutW
SHGetFolderPathA
FindExecutableW
ShellMessageBoxA
SHGetMalloc
PathCompactPathW
PathStripPathW
UrlHashW
PathCommonPrefixW
UrlIsNoHistoryW
UrlIsOpaqueW
UrlGetLocationW
UrlGetPartW
UrlEscapeW
UrlIsW
PathIsURLW
UrlUnescapeA
PathCombineW
UrlCompareW
Recover
Extend
Number of PE resources by type
TEX 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:26 15:06:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50176

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x265a

InitializedDataSize
621568

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e9a81fb5fd86ba9a78ec6528c2b1ae37
SHA1 bb0881b7179033710d26beded4f69a9a8b80702f
SHA256 09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1
ssdeep
12288:F5J9O/FV+fwQRM/u4sAmz9BtiSPUYT8gGgrluz:F5JM/FV+Iiuzc7MWGgYz

authentihash 00655497626bead92409f4b54781d274164dcfd3354a4a10942920e4571774e5
imphash fb3f18f3a26b3c97c5892f99370eecfa
File size 657.0 KB ( 672768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-23 17:44:09 UTC ( 1 year, 1 month ago )
Last submission 2018-09-20 15:22:42 UTC ( 1 month ago )
File names agraba8.exe
YBRcIfYBSY.exe
09f1d49065108a595578ff86ff63a514d47d5496ab5c23f38cda1f0d57dd6cd1
VirusShare_e9a81fb5fd86ba9a78ec6528c2b1ae37
YBRcIfYBSY.exe
TrnbGVH.txt.exe
locky ransomware
YBRcIfYBSY.exe
e9a81fb5fd86ba9a78ec6528c2b1ae37
e9a81fb5fd86ba9a78ec6528c2b1ae37.vir
TrnbGVH
e9a81fb5fd86ba9a78ec6528c2b1ae37.exe
YBRcIfYBSY.exe
YBRcIfYBSY.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened mutexes
Runtime DLLs
DNS requests
UDP communications