× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17db7e6bb5b643fdc4bdb2c3ba7bc55784cf37932d818c30ad58316e5e998b5c
File name: bxxomjv.exe
Detection ratio: 57 / 65
Analysis date: 2018-04-27 13:44:18 UTC ( 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12242610 20180427
AegisLab W32.Troj.Ransom!c 20180427
AhnLab-V3 Win-Trojan/Lukitus3.Exp 20180427
ALYac Trojan.Ransom.LockyCrypt 20180427
Antiy-AVL Trojan/Win32.TSGeneric 20180427
Arcabit Trojan.Generic.DBACEB2 20180427
Avast Win32:Dropper-gen [Drp] 20180427
AVG Win32:Dropper-gen [Drp] 20180427
Avira (no cloud) TR/Crypt.Xpack.dtrzg 20180427
AVware Trojan.Win32.Generic!BT 20180427
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180426
BitDefender Trojan.GenericKD.12242610 20180427
CAT-QuickHeal Ransom.Exxroute.A4 20180427
Comodo TrojWare.Win32.Ransom.Locky.AE 20180427
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180427
Cyren W32/Locky.BZ.gen!Eldorado 20180427
DrWeb Trojan.Encoder.13570 20180427
eGambit Unsafe.AI_Score_97% 20180427
Emsisoft Trojan-Ransom.Locky (A) 20180427
Endgame malicious (high confidence) 20180403
ESET-NOD32 Win32/Filecoder.Locky.L 20180427
F-Prot W32/Locky.BZ.gen!Eldorado 20180427
F-Secure Trojan.GenericKD.12242610 20180427
Fortinet W32/Kryptik.FVZV!tr 20180427
GData Win32.Trojan.Kryptik.IT 20180427
Ikarus Trojan.Win32.Tofsee 20180427
Sophos ML heuristic 20180121
Jiangmin TrojanDownloader.Upatre.agyk 20180427
K7AntiVirus Trojan ( 0051918c1 ) 20180427
K7GW Trojan ( 0051918c1 ) 20180427
Kaspersky HEUR:Trojan.Win32.Generic 20180427
Malwarebytes Trojan.MalPack 20180427
MAX malware (ai score=100) 20180427
McAfee Ransomware-GCZ!600CEB249268 20180427
McAfee-GW-Edition BehavesLike.Win32.Generic.jc 20180425
Microsoft Ransom:Win32/Locky.A 20180427
eScan Trojan.GenericKD.12242610 20180427
NANO-Antivirus Trojan.Win32.Locky.esmjnd 20180427
nProtect Ransom/W32.Locky.669696 20180427
Palo Alto Networks (Known Signatures) generic.ml 20180427
Panda Trj/Genetic.gen 20180427
Qihoo-360 Win32/Trojan.Multi.daf 20180427
Rising Ransom.Locky!8.1CD4 (TFE:3:qj6HJh8W10) 20180427
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Locky-ABN 20180427
Symantec Ransom.Locky.B 20180427
Tencent Win32.Trojan.Raas.Auto 20180427
TrendMicro Ransom_LOCKY.TH906 20180427
TrendMicro-HouseCall Ransom_LOCKY.TH906 20180427
VBA32 Trojan.FakeAV.01657 20180427
VIPRE Trojan.Win32.Generic!BT 20180427
ViRobot Trojan.Win32.Locky.669696 20180427
Webroot W32.Ransomware.Locky 20180427
Yandex Trojan.Locky! 20180427
Zoner Trojan.Locky 20180426
Alibaba 20180427
Avast-Mobile 20180426
Bkav 20180426
CMC 20180427
Cybereason None
Kingsoft 20180427
SUPERAntiSpyware 20180427
Symantec Mobile Insight 20180424
TheHacker 20180426
TotalDefense 20180427
Trustlook 20180427
Zillya 20180427
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-24 11:48:16
Entry Point 0x0000A59A
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegReplaceKeyA
RegLoadKeyA
OpenEventLogA
ClearEventLogA
LogonUserA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
InitializeSid
CryptSignHashA
CAEnumFirstCA
CADeleteCA
CAEnumNextCA
CACloseCA
CACloseCertType
CryptHashMessage
CertFreeCTLContext
CertGetNameStringA
CertOpenStore
CertDuplicateStore
CryptMemRealloc
CryptSignMessage
CryptMsgUpdate
CryptDecodeMessage
CertFindExtension
CryptProtectData
CertDuplicateCTLContext
CryptFindOIDInfo
CertFindCTLInStore
CertCreateCRLContext
InterlockedExchange
GetTempPathA
GetConsoleAliasA
MapViewOfFile
Heap32First
GetModuleHandleA
GetProfileSectionW
WaitForSingleObject
OpenEventW
GetOEMCP
LoadLibraryExW
OpenWaitableTimerW
CreateFileMappingA
GetProcAddress
MoveFileExA
CountryRunOnce
InvokeControlPanel
drvSetDefaultCommConfigA
drvCommConfigDialogA
PathCommonPrefixW
PathAppendA
PathIsURLA
UrlCompareA
PathIsRootA
UrlCombineA
UrlIsNoHistoryA
UrlHashA
UrlCanonicalizeW
UrlGetPartA
UrlGetLocationA
PathCombineW
GetMessageA
LoadCursorA
wsprintfA
DrawStateA
LoadMenuA
PostMessageA
LoadBitmapA
LoadStringW
PeekMessageA
InsertMenuW
DialogBoxParamA
GetDlgItemTextW
GetPropA
CreateDesktopW
GetClassLongA
CharToOemA
Number of PE resources by type
RT_RCDATA 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:24 12:48:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
59392

LinkerVersion
6.0

EntryPoint
0xa59a

InitializedDataSize
609280

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 600ceb2492686011500da6fa8d5bfb4c
SHA1 f9e451e800ba5d614a4c40fbba3757bd498c1829
SHA256 17db7e6bb5b643fdc4bdb2c3ba7bc55784cf37932d818c30ad58316e5e998b5c
ssdeep
12288:/EbK9Lv7w9/X/cqujXisFagbSn7Iu+Oyj6IS4fGY9+HcmHw:MbES/XfuDisAgbeUup4OY9+FQ

authentihash 675c25f98d73d418fd82f0f829096bf9da4bb1c88627f51dccae1ee030f90432
imphash d61515ed74eac16a135565f4355ae879
File size 654.0 KB ( 669696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-06 11:52:46 UTC ( 8 months, 3 weeks ago )
Last submission 2018-04-27 13:44:18 UTC ( 4 weeks ago )
File names File1.exe
bxxomjv.exe
goesOF.exe
jnxuqah.exe
Cerber-NotUnNHS1.exe
bxxomjv[1].exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications