× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2
File name: fb6ca1cd232151d667f6cd2484fee8c8.exe
Detection ratio: 61 / 66
Analysis date: 2018-06-08 21:54:21 UTC ( 1 week, 6 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3048420 20180608
AegisLab Suspicious.Cloud.Gen!c 20180608
AhnLab-V3 Win-Trojan/Teslacrypt.1339F9E 20180608
ALYac Trojan.GenericKD.3048420 20180608
Antiy-AVL Trojan/Win32.Yakes 20180608
Arcabit Trojan.Generic.D2E83E4 20180608
Avast Win32:Locky-J [Trj] 20180608
AVG Win32:Locky-J [Trj] 20180608
Avira (no cloud) TR/Agent.53465 20180608
AVware Win32.Malware!Drop 20180608
Baidu Win32.Trojan.Kryptik.qb 20180608
BitDefender Trojan.GenericKD.3048420 20180608
Bkav W32.RansomLockyZ.Trojan 20180608
CAT-QuickHeal Ransom.Crowti.MUE.A4 20180608
ClamAV Win.Malware.Locky-24595 20180608
CMC Trojan-Ransom.Win32.Locky!O 20180608
Comodo TrojWare.Win32.Ransom.Locky.DB 20180608
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.d23215 20180225
Cylance Unsafe 20180608
Cyren W32/Trojan.MXJM-9187 20180608
DrWeb Trojan.Encoder.3976 20180608
Emsisoft Trojan.GenericKD.3048420 (B) 20180608
Endgame malicious (high confidence) 20180507
ESET-NOD32 Win32/Filecoder.Locky.A 20180608
F-Prot W32/Trojan3.TRP 20180608
F-Secure Trojan.GenericKD.3048420 20180608
Fortinet W32/Locky.B!tr 20180608
GData Win32.Trojan-Ransom.Locky.D 20180608
Ikarus Trojan-Ransom.Locky 20180608
Sophos ML heuristic 20180601
Jiangmin Trojan.Yakes.gph 20180608
K7AntiVirus Trojan ( 004dea2e1 ) 20180608
K7GW Trojan ( 004dea2e1 ) 20180608
Kaspersky Trojan-Ransom.Win32.Locky.d 20180608
MAX malware (ai score=100) 20180608
McAfee Ransomware-Locky 20180608
McAfee-GW-Edition BehavesLike.Win32.Ransomware.ch 20180608
Microsoft Ransom:Win32/Locky.A 20180608
eScan Trojan.GenericKD.3048420 20180608
NANO-Antivirus Trojan.Win32.Dwn.eaijhc 20180608
Palo Alto Networks (Known Signatures) generic.ml 20180608
Panda Trj/RansomCrypt.D 20180608
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20180608
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Ransom-CGR 20180608
SUPERAntiSpyware Trojan.Agent/Gen-Locky 20180608
Symantec Ransom.Locky 20180608
TACHYON Trojan/W32.Yakes.184320.R 20180608
Tencent Win32.Trojan.Filecoder.Eerc 20180608
TheHacker Trojan/Filecoder.Locky.a 20180608
TrendMicro Ransom_HPCRYPTESLA.SM2 20180608
TrendMicro-HouseCall Ransom_HPCRYPTESLA.SM2 20180608
VBA32 Hoax.Locky 20180608
VIPRE Win32.Malware!Drop 20180608
ViRobot Trojan.Win32.Z.Locky.184320.BG 20180608
Webroot W32.Trojan.Gen 20180608
Yandex Trojan.Filecoder!ulCX0L6UuXo 20180608
Zillya Trojan.Filecoder.Win32.1939 20180608
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.d 20180608
Zoner Trojan.Filecoder 20180608
Alibaba 20180608
Avast-Mobile 20180608
eGambit 20180608
Kingsoft 20180608
Rising 20180608
Symantec Mobile Insight 20180605
TotalDefense 20180608
Trustlook 20180608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-20 03:55:03
Entry Point 0x0000C0DC
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCreateKeyExW
LookupPrivilegeValueA
GetSidLengthRequired
RegCloseKey
RegSetValueA
InitializeAcl
RegSetValueW
InitializeSecurityDescriptor
GetSidSubAuthorityCount
RegFlushKey
GetSidSubAuthority
RegQueryValueA
MakeAbsoluteSD
GetUserNameW
RegisterEventSourceA
RegOpenKeyExA
RegConnectRegistryA
RegQueryValueW
InitiateSystemShutdownA
RegLoadKeyA
GetAclInformation
GetKernelObjectSecurity
GetSidIdentifierAuthority
CreateProcessAsUserA
GetSecurityDescriptorDacl
OpenThreadToken
OpenEventLogW
EncryptFileW
RegQueryInfoKeyA
LsaQueryInformationPolicy
SetEntriesInAclW
MakeSelfRelativeSD
SetSecurityDescriptorSacl
RegSetValueExA
SetEntriesInAclA
AddAce
SetNamedSecurityInfoW
ImmConfigureIMEA
ImmNotifyIME
ImmSetConversionStatus
ImmGetCompositionStringA
ImmAssociateContext
ImmDestroyContext
ImmGetContext
ImmInstallIMEA
ImmGetProperty
ImmGetOpenStatus
ImmCreateContext
ImmSetOpenStatus
ImmSimulateHotKey
ImmGetCandidateListCountA
PulseEvent
WriteFileGather
GetLongPathNameA
RasGetProjectionInfoA
RasDialA
CharPrevA
ChangeDisplaySettingsW
DrawAnimatedRects
GetParent
CreateDialogIndirectParamW
IntersectRect
DdeAccessData
LoadMenuA
DrawStateA
OffsetRect
SetCaretPos
FindWindowW
GetCapture
ShowWindow
DefWindowProcA
CreatePopupMenu
GetCaretPos
LoadMenuW
DrawTextExA
GetClassInfoExW
GetWindowThreadProcessId
DdeDisconnect
IsIconic
IsWindow
mouse_event
GrayStringW
TranslateMDISysAccel
FrameRect
SetMenu
RegisterWindowMessageA
GetClipboardFormatNameW
GetClassNameA
CharLowerW
wvsprintfA
SendDlgItemMessageW
DialogBoxParamA
LoadCursorFromFileW
GetProcessWindowStation
DispatchMessageW
CreateDesktopW
GetMenuItemID
CreateWindowExW
GetCursorPos
DrawStateW
GetWindowModuleFileNameA
ShowCaret
SetClipboardData
GetLastActivePopup
SetCaretBlinkTime
DrawIconEx
IsWindowVisible
CharUpperBuffW
GetClassInfoW
GetDlgItem
SetMenuDefaultItem
ValidateRgn
GetScrollPos
ClientToScreen
InSendMessage
OemToCharA
ModifyMenuA
LoadCursorA
EnumDisplaySettingsA
TrackPopupMenu
PostThreadMessageW
FillRect
ModifyMenuW
GetWindowWord
GetMenuState
GetKeyboardLayout
LoadImageA
IsMenu
ReuseDDElParam
DialogBoxIndirectParamA
InvalidateRgn
CloseClipboard
GetGUIThreadInfo
NotifyWinEvent
IsDialogMessageA
OpenClipboard
Number of PE resources by type
RT_DIALOG 14
RT_ACCELERATOR 10
Struct(15) 5
RT_ICON 4
RT_GROUP_ICON 4
RT_MENU 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 40
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.170.16.207

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3948544

EntryPoint
0xc0dc

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.37.213.27

TimeStamp
2005:06:20 04:55:03+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0.144.212.113

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Intend (C) 2013

MachineType
Intel 386 or later, and compatibles

CompanyName
FileSee.com

CodeSize
49152

ProductName
Lipreading Fenced

ProductVersionNumber
0.195.154.99

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fb6ca1cd232151d667f6cd2484fee8c8
SHA1 f7bb52767afd2cd32ede8b5f83012eb99ba1ce28
SHA256 17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2
ssdeep
3072:gzWgfLlUc7CIJ1tkZaQyjhOosc8MKi6KDXnLCtyAR0u1cZM6:gdLl4wkZa/UDiD7ukst136

authentihash 147e868ff070781341cc90ca755b8d4cd745b4614ed668dfa1ee619cc2710866
imphash 0fcea3af550ad0a893e93808dccf17f4
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2016-02-16 10:53:39 UTC ( 2 years, 4 months ago )
Last submission 2018-05-25 02:25:20 UTC ( 4 weeks ago )
File names 17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2.exe
r34f3345g.exe
svchost.exe
Win32.Trojan.Yakes@r34f3345g.exe
17c3d74e3c0645ed_sys1.tmp
r34f3345g.exe_
r34f3345g.exe.locky virus
svchost.exe
r34f3345g
ladybi.exe.2600.dr
17c3d74e3c0645edb4b5145335b342d2929c92dff856cca1a5e79fa5d935fec2.bin
fb6ca1cd232151d667f6cd2484fee8c8
r34f3345g[1].exe
ladybi.exe.3224.dr
fb6ca1cd232151d667f6cd2484fee8c8.exe
r34f3345g.exe
svchost.exe
jd_r34f3345g.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications