× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19ee6d4a89d7f95145660ca68bd133edf985cc5b5c559e7062be824c0bb9e770
File name: core.scr
Detection ratio: 32 / 66
Analysis date: 2018-04-09 09:26:05 UTC ( 1 week, 6 days ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40187953 20180409
ALYac Trojan.GenericKD.40187953 20180409
Arcabit Trojan.Generic.D2653831 20180409
Avast Win32:Malware-gen 20180409
AVG Win32:Malware-gen 20180409
BitDefender Trojan.GenericKD.40187953 20180409
Bkav HW32.Packed.9987 20180407
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180409
DrWeb Trojan.Encoder.25083 20180409
Emsisoft Trojan.GenericKD.40187953 (B) 20180409
ESET-NOD32 a variant of Win32/Filecoder.NHS 20180409
F-Secure Trojan.GenericKD.40187953 20180409
Fortinet W32/Gen.HSR!tr 20180409
GData Trojan.GenericKD.40187953 20180409
Ikarus Trojan-Ransom.FileCoder 20180408
Sophos ML heuristic 20180121
Kaspersky Trojan-Ransom.Win32.Gen.hsr 20180409
Malwarebytes Ransom.CryptoWall 20180409
MAX malware (ai score=86) 20180409
McAfee Artemis!1E60050DB59E 20180409
McAfee-GW-Edition BehavesLike.Win32.Dropper.hc 20180408
eScan Trojan.GenericKD.40187953 20180409
Palo Alto Networks (Known Signatures) generic.ml 20180409
Panda Trj/CI.A 20180408
Qihoo-360 Win32/Trojan.5a2 20180409
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180409
Symantec ML.Attribute.HighConfidence 20180409
Tencent Win32.Trojan.Raas.Auto 20180409
VBA32 suspected of Trojan.Downloader.gen.h 20180406
ZoneAlarm by Check Point Trojan-Ransom.Win32.Gen.hsr 20180409
AegisLab 20180409
AhnLab-V3 20180409
Alibaba 20180408
Antiy-AVL 20180409
Avast-Mobile 20180409
Avira (no cloud) 20180409
AVware 20180409
Baidu 20180409
CAT-QuickHeal 20180408
ClamAV 20180409
CMC 20180408
Comodo 20180409
Cybereason None
Cyren 20180409
eGambit 20180409
Endgame 20180403
F-Prot 20180409
Jiangmin 20180409
K7AntiVirus 20180404
K7GW 20180407
Kingsoft 20180409
Microsoft 20180409
NANO-Antivirus 20180409
nProtect 20180409
Rising 20180409
SUPERAntiSpyware 20180409
Symantec Mobile Insight 20180406
TheHacker 20180404
TrendMicro 20180409
TrendMicro-HouseCall 20180409
Trustlook 20180409
VIPRE 20180409
ViRobot 20180409
Webroot 20180409
WhiteArmor 20180408
Yandex 20180408
Zillya 20180409
Zoner 20180409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013

Product ado64
Original name ado64
Internal name ado64
File version 6.3.3852.6120
Description ado64
Comments ado64
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-05 03:47:19
Entry Point 0x000FD4C2
Number of sections 7
PE sections
PE imports
DeregisterEventSource
ReportEventA
RegisterEventSourceA
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
SetBkColor
SetTextColor
GetStdHandle
ReleaseMutex
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FindClose
TlsGetValue
SetLastError
ReadConsoleInputA
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
MoveFileExW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
FindFirstFileExA
ResetEvent
FindNextFileA
GlobalMemoryStatus
GetProcAddress
GlobalAlloc
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
WaitForSingleObjectEx
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
SetConsoleMode
VirtualFree
Sleep
GetOEMCP
SHGetFolderPathW
ShellExecuteA
SHEmptyRecycleBinA
EmptyClipboard
GetDlgCtrlID
GetUserObjectInformationW
wsprintfA
SendMessageA
SetClipboardData
SetDlgItemTextA
DialogBoxParamW
GetSysColorBrush
MessageBoxA
GetDlgItem
SetWindowLongA
CloseClipboard
GetProcessWindowStation
SetWindowPos
OpenClipboard
WinHttpQueryHeaders
WinHttpCloseHandle
WSAStartup
gethostbyname
inet_ntoa
inet_addr
WSACleanup
CoUninitialize
CoCreateGuid
CoCreateInstance
CoTaskMemFree
CoInitialize
Number of PE resources by type
RT_BITMAP 1
AFX_DIALOG_LAYOUT 1
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 3
ENGLISH US 1
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
1

LegalTrademarks
Copyright (C) 2013

SubsystemVersion
5.1

Comments
ado64

LinkerVersion
14.11

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.3852.6120

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ado64

CharacterSet
Unicode

InitializedDataSize
518656

PrivateBuild
1

EntryPoint
0xfd4c2

OriginalFileName
ado64

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
6.3.3852.6120

TimeStamp
2018:04:05 04:47:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ado64

ProductVersion
6.3.3852.6120

UninitializedDataSize
17920

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Intel Corporation

CodeSize
613888

ProductName
ado64

ProductVersionNumber
6.3.3852.6120

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 1e60050db59e3d977d2a928fff3d34a6
SHA1 f51bab89b4e4510b973df8affc2d11a4476bd5be
SHA256 19ee6d4a89d7f95145660ca68bd133edf985cc5b5c559e7062be824c0bb9e770
ssdeep
12288:WvFVQtsVqwlCYw7RQtNH43dayseuDSvie:WfhAB7RqH43dayFIiie

authentihash 5ca344b42fe965c9913c7527f39d69bd102f62d2c13fa2f1ab3a9e5adf2292d7
imphash 35b034d5a42643e28fc10dedd307aa3f
File size 598.5 KB ( 612864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-07 14:02:36 UTC ( 2 weeks, 1 day ago )
Last submission 2018-04-15 02:08:21 UTC ( 1 week ago )
File names Iron.exe
ado64
core.scr
19ee6d4a89d7f95145660ca68bd133edf985cc5b5c559e7062be824c0bb9e770._exe
ftp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections