× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e969221c2e8d9c76a5ad863a80be2486a867ad8358bffd3a56158fcf7e3997e
File name: ec4164d1-ca1a-11e6-b91c-80e65024849a.file
Detection ratio: 57 / 66
Analysis date: 2018-05-29 14:10:45 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3669885 20180529
AegisLab Ransom.Hplocky.Smjba!c 20180529
AhnLab-V3 Trojan/Win32.Locky.C1647412 20180529
ALYac Trojan.Ransom.LockyCrypt 20180529
Antiy-AVL Trojan[Ransom]/Win32.Locky 20180529
Arcabit Trojan.Generic.D37FF7D 20180529
Avast Win32:Malware-gen 20180529
AVG Win32:Malware-gen 20180529
Avira (no cloud) TR/Locky.sdgsd 20180529
AVware Trojan.Win32.Generic!BT 20180529
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9932 20180529
BitDefender Trojan.GenericKD.3669885 20180529
CAT-QuickHeal Ransom.Thor.S4 20180529
ClamAV Win.Trojan.Agent-1816988 20180529
CMC Trojan-Ransom.Win32!O 20180529
Cylance Unsafe 20180529
Cyren W32/Locky.TWII-7929 20180529
DrWeb Trojan.Encoder.3976 20180529
Emsisoft Trojan.GenericKD.3669885 (B) 20180529
Endgame malicious (high confidence) 20180507
ESET-NOD32 Win32/Filecoder.Locky.D 20180529
F-Prot W32/Locky.JU 20180529
F-Secure Trojan.GenericKD.3669885 20180529
Fortinet W32/Filecoder_Locky.D!tr 20180529
GData Win32.Trojan.Agent.S9QIIL 20180529
Ikarus Trojan.Win32.Filecoder 20180529
Jiangmin Trojan.Locky.cap 20180529
K7AntiVirus Trojan ( 004f95121 ) 20180529
K7GW Trojan ( 004f95121 ) 20180529
Kaspersky Trojan-Ransom.Win32.Locky.dav 20180529
Malwarebytes Ransom.Locky 20180529
MAX malware (ai score=100) 20180529
McAfee Ransomware-Locky.g 20180529
McAfee-GW-Edition BehavesLike.Win32.Locky.dh 20180529
Microsoft Ransom:Win32/Locky.A 20180529
eScan Trojan.GenericKD.3669885 20180529
NANO-Antivirus Trojan.Win32.Locky.fadfaf 20180529
nProtect Ransom/W32.Locky.303104.B 20180529
Palo Alto Networks (Known Signatures) generic.ml 20180529
Panda Trj/WLT.C 20180529
Qihoo-360 HEUR/QVM40.1.EB60.Malware.Gen 20180529
Rising Trojan.Win32.Locky.m (CLASSIC) 20180529
Sophos AV Troj/Locky-SM 20180529
SUPERAntiSpyware Ransom.Locky/Variant 20180529
Symantec Ransom.Locky 20180529
Tencent Win32.Trojan.Raasj.Auto 20180529
TheHacker Trojan/Filecoder.Locky.d 20180524
TrendMicro Ransom_HPLOCKY.SMJBB 20180529
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBB 20180529
VBA32 SScope.Malware-Cryptor.Filecoder 20180529
VIPRE Trojan.Win32.Generic!BT 20180529
ViRobot Trojan.Win32.S.Locky.303104 20180529
Webroot W32.Ransomware.Locky 20180529
Yandex Trojan.Locky! 20180529
Zillya Trojan.Filecoder.Win32.3438 20180528
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.dav 20180529
Zoner Trojan.Locky 20180528
Alibaba 20180529
Avast-Mobile 20180529
Babable 20180406
Bkav 20180529
Comodo 20180529
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180529
Sophos ML 20180503
Kingsoft 20180529
SentinelOne (Static ML) 20180225
Symantec Mobile Insight 20180525
TotalDefense 20180529
Trustlook 20180529
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-03 13:37:03
Entry Point 0x000270C0
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
GetVersionExW
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
GetDateFormatA
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetLocaleInfoA
GetCurrentProcessId
GetCurrentProcess
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetUserDefaultLCID
QueryPerformanceCounter
TlsFree
GetLocaleInfoW
InterlockedExchange
CompareStringW
RaiseException
WideCharToMultiByte
GetTimeFormatA
GetStringTypeA
SetFilePointer
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CompareStringA
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEnvironmentVariableA
FreeLibrary
IsDebuggerPresent
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
VirtualFree
FatalAppExitA
TlsGetValue
Sleep
GetCurrentThread
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetConsoleCtrlHandler
SetLastError
LeaveCriticalSection
GetCursorPos
DrawFocusRect
SetWindowLongW
CheckMenuItem
TrackPopupMenu
InflateRect
MoveWindow
DefWindowProcW
LoadStringW
GetClientRect
CreateWindowExW
PostMessageW
DestroyWindow
OleQueryCreateFromData
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:11:03 14:37:03+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
266240

LinkerVersion
7.1

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x270c0

InitializedDataSize
36864

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 f773e14ee1b70fd7d459bc77c71b4359
SHA1 1734ef2d44bdc71bdf81de0726a8da072d352ded
SHA256 0e969221c2e8d9c76a5ad863a80be2486a867ad8358bffd3a56158fcf7e3997e
ssdeep
6144:BD7HFY0Dac3z7eSReIv21Yf0UiWDXciBAtc6LbP:BXlYUziyJv2NU5jcBb

authentihash 5d6842c0d1a3430e42cde867ad874c3cfe71b4a261554ccf120f6423399b269b
imphash 27a643e589d07485aa365f27a3e05f17
File size 296.0 KB ( 303104 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-03 14:43:49 UTC ( 2 years, 3 months ago )
Last submission 2019-01-07 01:33:57 UTC ( 1 month, 1 week ago )
File names i9jnrc
022bb8d4-a6ac-11e6-b1f6-80e65024849a.file.exe
Locky-binary-example-1.dll
f70fcae6-a6ae-11e6-b3be-80e65024849a.file
022bb8d4-a6ac-11e6-b1f6-80e65024849a.file
i9jnrc[1].txt
i9jnrc(01).dll
0e969221c2e8d9c76a5ad863a80be2486a867ad8358bffd3a56158fcf7e3997e.dll
output.104935002.txt
output.106014985.txt
output.104848496.txt
df273fa8-ca8e-11e6-856a-80e65024849a.file
87.file
output.104490385.txt
66.bin
output.102406661.txt
f70fcae6-a6ae-11e6-b3be-80e65024849a.file
a.exe
cmukDMJCtEi.44.176.dr
i9jnrc[1]
27af7f57-a71c-11e6-b556-80e65024849a.file
GXLxJY.44
c1b7677d-49eb-11e7-a515-80e65024849a.file
ec4164d1-ca1a-11e6-b91c-80e65024849a.file
output.104920798.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!