× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 103463950c9444acb92bc01062e4d3c6883c59437f8a11e767711bf7199a3c58
File name: lansom_test
Detection ratio: 54 / 68
Analysis date: 2018-08-19 07:40:15 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Cripack.Gen.1 20180819
AegisLab Trojan.Win32.Agent.j!c 20180819
AhnLab-V3 Trojan/Win32.Teslacrypt.R169980 20180818
Antiy-AVL Trojan/Win32.TSGeneric 20180819
Arcabit Trojan.Cripack.Gen.1 20180819
Avast Win32:Malware-gen 20180819
AVG Win32:Malware-gen 20180819
Avira (no cloud) HEUR/AGEN.1002691 20180818
AVware Trojan.Win32.Generic!BT 20180819
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180818
BitDefender Trojan.Cripack.Gen.1 20180819
CAT-QuickHeal Ransom.Crowti.MUE.A4 20180818
Comodo UnclassifiedMalware 20180819
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.48f719 20180225
Cylance Unsafe 20180819
Cyren W32/Crowti.BZQU-2778 20180819
DrWeb Trojan.DownLoader17.64754 20180819
Emsisoft Trojan.Cripack.Gen.1 (B) 20180819
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Filecoder.CryptoWall.F 20180819
F-Prot W32/Crowti.AP 20180819
F-Secure Trojan.Cripack.Gen.1 20180819
Fortinet W32/Kryptik.EFAD!tr 20180819
GData Trojan.Cripack.Gen.1 20180819
Ikarus Trojan-Ransom.Locky 20180818
Sophos ML heuristic 20180717
Jiangmin Trojan.Agent.iwc 20180819
K7AntiVirus Trojan ( 004d68011 ) 20180819
K7GW Trojan ( 004d68011 ) 20180819
Kaspersky HEUR:Trojan.Win32.Generic 20180819
MAX malware (ai score=100) 20180819
McAfee Ransomware-FBO!F6FF82C48F71 20180819
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc 20180819
Microsoft Ransom:Win32/Crowti.A 20180819
eScan Trojan.Cripack.Gen.1 20180819
NANO-Antivirus Trojan.Win32.Dwn.dzbzgg 20180819
Palo Alto Networks (Known Signatures) generic.ml 20180819
Panda Trj/CI.A 20180818
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20180819
Rising Ransom.Crowti!8.37D (CLOUD) 20180819
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Ransom-DS 20180819
Symantec Trojan Horse 20180818
TACHYON Trojan/W32.Agent.274432.AGN 20180819
Tencent Win32.Trojan.Agent.Egep 20180819
TrendMicro Ransom_HPCRYPTESLA.SM2 20180819
TrendMicro-HouseCall Ransom_HPCRYPTESLA.SM2 20180819
VBA32 Trojan-Ransom.Agent 20180817
VIPRE Trojan.Win32.Generic!BT 20180819
Webroot W32.Adware.Gen 20180819
Yandex Trojan.Agent!Gd39miO17Gk 20180818
Zillya Trojan.Kryptik.Win32.825139 20180817
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180819
Alibaba 20180713
ALYac 20180819
Avast-Mobile 20180819
Babable 20180725
Bkav 20180817
ClamAV 20180819
CMC 20180817
eGambit 20180819
Kingsoft 20180819
Malwarebytes 20180819
SUPERAntiSpyware 20180819
Symantec Mobile Insight 20180814
TheHacker 20180818
TotalDefense 20180818
Trustlook 20180819
ViRobot 20180818
Zoner 20180818
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-07-10 18:52:33
Entry Point 0x0000CD84
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
LookupSecurityDescriptorPartsA
SetNamedSecurityInfoW
CopySid
RegCreateKeyW
InitializeAcl
RegSetKeySecurity
RegRestoreKeyW
RegCreateKeyA
LookupAccountNameA
RegFlushKey
ObjectDeleteAuditAlarmA
GetSecurityDescriptorGroup
GetTrusteeFormW
RegOpenKeyExW
ObjectDeleteAuditAlarmW
LookupAccountNameW
RegOpenKeyExA
AbortSystemShutdownA
SetSecurityDescriptorSacl
LsaEnumerateAccountsWithUserRight
GetTokenInformation
BuildSecurityDescriptorA
CloseEventLog
LsaQueryTrustedDomainInfo
ImpersonateSelf
GetSecurityDescriptorDacl
RegEnumValueW
OpenThreadToken
GetSecurityDescriptorSacl
CreateRestrictedToken
BuildSecurityDescriptorW
SetSecurityInfo
LsaRetrievePrivateData
LsaQueryInformationPolicy
LsaEnumerateAccountRights
GetMultipleTrusteeW
LsaSetTrustedDomainInfoByName
DecryptFileA
SetKernelObjectSecurity
SetSecurityDescriptorOwner
LookupPrivilegeValueA
SetNamedSecurityInfoA
AdjustTokenGroups
LookupPrivilegeNameW
RegQueryValueExA
RegSetValueA
RegOverridePredefKey
LookupPrivilegeValueW
RegCreateKeyExA
RegSetValueW
GetUserNameW
GetAclInformation
RegQueryValueExW
SetSecurityDescriptorDacl
GetFileSecurityW
GetSecurityDescriptorOwner
RegQueryMultipleValuesW
AreAllAccessesGranted
AddAccessAllowedAce
ClearEventLogW
AreAnyAccessesGranted
RegisterEventSourceA
GetFileSecurityA
ClearEventLogA
RegEnumValueA
RegQueryMultipleValuesA
LsaFreeMemory
RegLoadKeyA
BuildExplicitAccessWithNameA
GetSidSubAuthorityCount
AccessCheckAndAuditAlarmW
CreateProcessAsUserA
BuildExplicitAccessWithNameW
RegLoadKeyW
GetMultipleTrusteeOperationW
DeleteAce
ObjectPrivilegeAuditAlarmA
AccessCheckAndAuditAlarmA
RegDeleteValueW
LsaQueryDomainInformationPolicy
GetEffectiveRightsFromAclA
InitializeSecurityDescriptor
RegSetValueExA
LogonUserA
EqualSid
SetThreadToken
GetEffectiveRightsFromAclW
AddAce
RegNotifyChangeKeyValue
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
RegReplaceKeyW
SetPrivateObjectSecurity
OpenBackupEventLogW
AccessCheck
LsaLookupSids
LsaEnumerateTrustedDomains
LookupAccountSidA
LsaDeleteTrustedDomain
GetNumberOfEventLogRecords
OpenBackupEventLogA
DecryptFileW
GetSecurityDescriptorLength
GetTrusteeTypeW
OpenProcessToken
LsaClose
MakeSelfRelativeSD
LsaEnumerateTrustedDomainsEx
SetFileSecurityW
SetFileSecurityA
BuildTrusteeWithNameW
InitiateSystemShutdownA
LsaLookupNames
IsValidSid
GetSidIdentifierAuthority
ReadEventLogA
GetPrivateObjectSecurity
LsaAddAccountRights
BuildImpersonateTrusteeW
BuildTrusteeWithNameA
AddAuditAccessAce
RegEnumKeyExA
MapGenericMask
SetEntriesInAclW
RevertToSelf
RegSaveKeyA
FreeSid
GetSidLengthRequired
LsaSetDomainInformationPolicy
AllocateAndInitializeSid
GetOldestEventLogRecord
SetEntriesInAclA
BuildTrusteeWithSidA
ObjectOpenAuditAlarmW
IsValidSecurityDescriptor
RegDeleteKeyA
DestroyPrivateObjectSecurity
LsaNtStatusToWinError
GetExplicitEntriesFromAclW
GetSecurityDescriptorControl
IsTokenRestricted
GetAce
AdjustTokenPrivileges
RegDeleteKeyW
EqualPrefixSid
LsaOpenPolicy
RegDeleteValueA
RegReplaceKeyA
LookupPrivilegeDisplayNameW
RegQueryValueA
MakeAbsoluteSD
RegConnectRegistryW
RegEnumKeyW
LookupPrivilegeDisplayNameA
SetTokenInformation
RegOpenKeyW
GetNamedSecurityInfoA
ReadEventLogW
GetExplicitEntriesFromAclA
RegConnectRegistryA
RegQueryValueW
LsaQueryTrustedDomainInfoByName
DuplicateTokenEx
EncryptFileA
GetNamedSecurityInfoW
GetAuditedPermissionsFromAclW
RegQueryInfoKeyW
ObjectCloseAuditAlarmW
AbortSystemShutdownW
RegEnumKeyExW
GetSidSubAuthority
EncryptFileW
LookupPrivilegeNameA
GetLengthSid
ImpersonateNamedPipeClient
ObjectCloseAuditAlarmA
InitializeSid
RegQueryInfoKeyA
NotifyChangeEventLog
GetUserNameA
PrivilegeCheck
ReportEventW
BackupEventLogA
ImpersonateLoggedOnUser
RegUnLoadKeyW
GetTrusteeNameW
ReportEventA
SetSecurityDescriptorGroup
BuildTrusteeWithSidW
ImageList_Read
ImageList_GetImageCount
InitializeFlatSB
ImageList_DrawIndirect
Ord(16)
InitCommonControlsEx
ImageList_SetDragCursorImage
TranslateCharsetInfo
CreateICA
CreateFontA
CreateBrushIndirect
SetWinMetaFileBits
CreateRoundRectRgn
CreateDIBSection
DeleteCriticalSection
GetModuleHandleA
CloseHandle
GetAtomNameW
fwrite
wcsncpy
__p__commode
_wtof
_wstat
exit
_winver
wscanf
_initterm
_y0
__setusermatherr
__set_app_type
NetServerEnum
LPSAFEARRAY_UserMarshal
MapWindowPoints
RegisterWindowMessageW
CreateDialogIndirectParamW
DrawEdge
EndDialog
LoadBitmapW
SetMenuItemBitmaps
ChangeDisplaySettingsA
CharPrevW
ShowWindow
GetCaretPos
SetWindowsHookA
CallMsgFilterW
IsCharAlphaW
PeekMessageW
RegisterClassExW
IMPSetIMEW
SetCapture
CallNextHookEx
DdeKeepStringHandle
DdeGetData
AppendMenuW
DdeCreateStringHandleW
TranslateMessage
DdeEnableCallback
DestroyCaret
SendNotifyMessageA
SetActiveWindow
CreateCursor
GetTabbedTextExtentW
CharNextExA
SetScrollInfo
DialogBoxParamA
SetParent
AnyPopup
IsCharAlphaA
SendMessageA
CreateMDIWindowA
GetKeyboardLayoutList
DrawTextW
IsCharLowerW
CharPrevExA
TrackPopupMenuEx
DefFrameProcA
SetTimer
TrackPopupMenu
FillRect
EnumThreadWindows
DeferWindowPos
CreateIconFromResource
LoadImageA
GetSystemMenu
GetWindowTextLengthW
ToUnicode
ScrollWindow
GetMessageA
InvalidateRgn
GetWindowContextHelpId
DialogBoxIndirectParamA
ChooseColorA
Number of PE resources by type
RT_DIALOG 13
Struct(15) 3
RT_ICON 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 21
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.11.1.246

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
884736

EntryPoint
0xcd84

MIMEType
application/octet-stream

LegalCopyright
Schematics (C) 2017

FileVersion
0,26,4,138

TimeStamp
2004:07:10 19:52:33+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0,208,177,126

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Outer Technologies

CodeSize
49152

ProductName
Reruns Resident

ProductVersionNumber
0.225.93.224

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f6ff82c48f719397ad5e405dddc1f6af
SHA1 1f6fe7f9492e3e1612f2b7aef27088a468868fe0
SHA256 103463950c9444acb92bc01062e4d3c6883c59437f8a11e767711bf7199a3c58
ssdeep
6144:Ef7yl9RgSXPvdbHTb8+yVfFn4tFzA9NIJ7LQ2f9CiNQAT3hZ:EfcjgYPlLc3BFn4tFM9NWQWCiHT

authentihash a5a8eaa2cfb635bec2838305faf8f3b6850f307f089a69da3ca89dfc28c3453a
imphash 6dcc109f1d5c95da257bea99d4698434
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-08 19:27:51 UTC ( 3 years ago )
Last submission 2018-07-28 20:38:17 UTC ( 4 months, 2 weeks ago )
File names FF51.tmp.exe
103463950c9444acb92bc01062e4d3c6883c59437f8a11e767711bf7199a3c58_hkygtpCkX.exe
2015-12-08-Angler-EK-malware-payload-CryptoWall.exe
ransomware2.exe
2015-12-08-Angler-EK-malware-payload-CryptoWall.exe.dat
2015-12-08-Angler-EK-malware-payload-CryptoWall.exe.txt
2015-12-08-Angler-EK-malware-payload-CryptoWall.exe
Angler-EK-malware-payload-CryptoWall1.exe
localfile~
2015-12-08-Angler-EK-malware-payload-CryptoWall-example-1-of-2.exe
lansom_test
2015-12-08-Angler-EK-malware-payload-CryptoWall.exe
103463950c9444acb92bc01062e4d3c6883c59437f8a11e767711bf7199a3c58_hkygtpCkXt.exe
2015-12-08-Angler-EK-malware-payload-CryptoWall.exe_
103463950c9444acb92bc01062e4d3c6883c59437f8a11e767711bf7199a3c58_hkygtpCkXt.exe
Angler-EK-malware-payload-CryptoWall.exe
2015-12-08-Angler-EK-malware-payload-CryptoWall.exe
Win32.Ransom.CryptoWall@103463950c9444acb92bc01062e4d3c6883c59437f8a11e767711bf7199a3c58.bin
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1209.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Runtime DLLs