× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 12d2558b23fb0b730730f77b933992dba80da4acefe1ef2ea697520702564b35
File name: 2B.EXE
Detection ratio: 31 / 67
Analysis date: 2018-02-15 15:06:18 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Generic.Ransom.GlobeImposter.ADFEDF62 20180215
AhnLab-V3 Trojan/Win32.Generic.C2376089 20180215
ALYac Generic.Ransom.GlobeImposter.ADFEDF62 20180215
Avast Win32:Evo-gen [Susp] 20180215
AVG Win32:Evo-gen [Susp] 20180215
Avira (no cloud) TR/Crypt.XPACK.Gen 20180215
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180208
BitDefender Generic.Ransom.GlobeImposter.ADFEDF62 20180215
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.b44341 20180205
Cylance Unsafe 20180215
Emsisoft Generic.Ransom.GlobeImposter.ADFEDF62 (B) 20180215
Endgame malicious (high confidence) 20180214
ESET-NOD32 a variant of Win32/Filecoder.FV 20180215
F-Secure Generic.Ransom.GlobeImposter.ADFEDF62 20180215
GData Generic.Ransom.GlobeImposter.ADFEDF62 20180215
Sophos ML heuristic 20180121
Kaspersky HEUR:Trojan.Win32.Generic 20180215
Malwarebytes Ransom.FileCryptor 20180215
MAX malware (ai score=85) 20180215
McAfee-GW-Edition BehavesLike.Win32.Backdoor.qh 20180215
Microsoft Ransom:Win32/Necne 20180215
eScan Generic.Ransom.GlobeImposter.ADFEDF62 20180215
Panda Trj/GdSda.A 20180215
Qihoo-360 HEUR/QVM19.1.395B.Malware.Gen 20180215
Rising Trojan.Necne!1.A538 (CLASSIC) 20180215
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Troj/Ransom-EVE 20180215
SUPERAntiSpyware Ransom.Filecoder/Variant 20180215
Tencent Suspicious.Heuristic.Gen.b.0 20180215
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180215
AegisLab 20180215
Alibaba 20180209
Antiy-AVL 20180215
Arcabit 20180215
Avast-Mobile 20180215
AVware 20180215
Bkav 20180212
CAT-QuickHeal 20180215
ClamAV 20180215
CMC 20180215
Comodo 20180215
Cyren 20180215
DrWeb 20180215
eGambit 20180215
F-Prot 20180215
Fortinet 20180215
Jiangmin 20180215
K7AntiVirus 20180215
K7GW 20180215
Kingsoft 20180215
McAfee 20180215
NANO-Antivirus 20180215
nProtect 20180215
Palo Alto Networks (Known Signatures) 20180215
Symantec 20180215
Symantec Mobile Insight 20180215
TheHacker 20180213
TotalDefense 20180215
TrendMicro 20180215
TrendMicro-HouseCall 20180215
Trustlook 20180215
VBA32 20180215
VIPRE 20180215
ViRobot 20180215
Webroot 20180215
WhiteArmor 20180205
Yandex 20180214
Zillya 20180214
Zoner 20180215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-15 01:50:59
Entry Point 0x0000A750
Number of sections 1
PE sections
PE imports
RegCreateKeyExW
CryptReleaseContext
RegCloseKey
RegSetValueExW
CryptGenRandom
RegOpenKeyExW
CryptAcquireContextW
RegQueryValueExW
GetLastError
HeapFree
CopyFileW
lstrlenA
GetModuleFileNameW
GetDriveTypeA
ExitProcess
FlushFileBuffers
lstrcmpiW
lstrlenW
GetCurrentProcess
FindNextFileW
SetThreadPriority
WideCharToMultiByte
MultiByteToWideChar
GetLogicalDrives
lstrcatW
lstrcpyA
GetCurrentThread
GetTempFileNameW
lstrcpyW
SetFilePointerEx
GetFileSizeEx
CreateThread
lstrcmpiA
MoveFileExW
SetFilePointer
ReadFile
GetTempPathW
CloseHandle
FindFirstFileW
HeapReAlloc
WaitForMultipleObjects
SetPriorityClass
GetFileAttributesW
HeapCreate
WriteFile
CreateFileW
CreateProcessW
FindClose
Sleep
SetFileAttributesW
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
CompareStringA
SHChangeNotify
ShellExecuteExW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
wsprintfA
_alldiv
_chkstk
_aulldiv
_allrem
RtlUnwind
NtQueryVirtualMemory
CoCreateGuid
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:02:15 02:50:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
51712

SubsystemVersion
5.1

EntryPoint
0xa750

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 67096c6b443417870c08e655692173b6
SHA1 e2d2cbd62864c98acce29507ff1180e4fa714f91
SHA256 12d2558b23fb0b730730f77b933992dba80da4acefe1ef2ea697520702564b35
ssdeep
1536:gjkfV+KJolntwrbDSTWvTwhQMhmpdLLy:g4fIKJolntGDT5qm3Lu

authentihash f0abe8be249af0c6f50d283534ba5bbc5338d34ec5f61cf9a3f4229206aa5d7e
imphash 784a8c5e0b8c181edd21a34b2033106a
File size 56.0 KB ( 57344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-02-15 15:06:18 UTC ( 1 year, 2 months ago )
Last submission 2018-02-15 15:06:18 UTC ( 1 year, 2 months ago )
File names 2B.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Runtime DLLs