× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ff42f0e77f3f6ac4c15d31a92745187eb33f2e60917f501832d89aaa4804868
File name: fe3be7902ac8.png
Detection ratio: 7 / 59
Analysis date: 2017-03-04 06:31:03 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170222
Sophos ML trojandownloader.win32.tugspay.a 20170203
McAfee-GW-Edition BehavesLike.Win32.Gupboot.fc 20170304
Qihoo-360 HEUR/QVM17.0.0000.Malware.Gen 20170304
Rising Malware.Heuristic!ET#85% (rdm+) 20170304
Symantec ML.Attribute.HighConfidence 20170303
Ad-Aware 20170304
AegisLab 20170304
AhnLab-V3 20170303
Alibaba 20170228
ALYac 20170304
Antiy-AVL 20170304
Arcabit 20170304
Avast 20170304
AVG 20170304
Avira (no cloud) 20170303
AVware 20170304
Baidu 20170303
BitDefender 20170304
Bkav 20170303
CAT-QuickHeal 20170303
ClamAV 20170304
CMC 20170303
Comodo 20170304
Cyren 20170304
DrWeb 20170304
Emsisoft 20170304
ESET-NOD32 20170304
F-Prot 20170304
F-Secure 20170304
Fortinet 20170304
GData 20170304
Ikarus 20170303
Jiangmin 20170301
K7AntiVirus 20170303
K7GW 20170304
Kaspersky 20170304
Kingsoft 20170304
Malwarebytes 20170304
McAfee 20170304
Microsoft 20170304
eScan 20170304
NANO-Antivirus 20170304
nProtect 20170304
Panda 20170303
Sophos AV 20170304
SUPERAntiSpyware 20170304
Tencent 20170304
TheHacker 20170302
TotalDefense 20170303
TrendMicro 20170304
TrendMicro-HouseCall 20170304
Trustlook 20170304
VBA32 20170303
VIPRE 20170304
ViRobot 20170304
Webroot 20170304
WhiteArmor 20170303
Yandex 20170225
Zillya 20170303
Zoner 20170304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-03 23:33:51
Entry Point 0x0000E8CB
Number of sections 3
PE sections
Overlays
MD5 8865c8f3a29779bd8db18abbc9e904e6
File type data
Offset 119296
Size 215160
Entropy 8.00
PE imports
DispInvoke
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 9
RT_MENU 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:03:04 00:33:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
206336

LinkerVersion
10.0

EntryPoint
0xe8cb

InitializedDataSize
62464

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 1bc1e5fd882e222eb402fe6af18e9430
SHA1 4e5daa0c04205898e168b5974fe2c4e335f403e5
SHA256 0ff42f0e77f3f6ac4c15d31a92745187eb33f2e60917f501832d89aaa4804868
ssdeep
6144:nzuHnbL2N9seQX7Gp51YElbAoAqAA79zjwZb3MEk7W3kly1J:nCH+NxSy/1Flbzjf79zjwZbc3Wwy1J

authentihash c6121a963fc4f986346b3adce40a1c92ecc54b2f687ae17be4f960c2a2e87fc4
imphash 92e54f6d91914306834e9836dd13a5da
File size 326.6 KB ( 334456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (51.0%)
Win32 EXE PECompact compressed (generic) (35.9%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
pecompact peexe overlay

VirusTotal metadata
First submission 2017-03-04 06:31:03 UTC ( 2 years, 1 month ago )
Last submission 2017-09-22 08:18:44 UTC ( 1 year, 7 months ago )
File names 1bc1e5fd882e222eb402fe6af18e9430.virobj
Win32.Ransom.Cerber@0ff42f0e77f3f6ac4c15d31a92745187eb33f2e60917f501832d89aaa4804868.bin
0ff42f0e77f3f6ac4c15d31a92745187eb33f2e60917f501832d89aaa4804868.exe
0ff42f0e77f3f6ac4c15d31a92745187eb33f2e60917f501832d89aaa4804868.exe
fe3be7902ac8.png.exe
fe3be7902ac8.png
0ff42f0e77f3f6ac4c15d31a92745187eb33f2e60917f501832d89aaa4804868.exe
fe3be7902ac8.png
cerber3.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications