× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d157d4bbf065e8b85daedd96febd86c605c190e61da6f9b1850fcc91ff4cf01
File name: 080edd56509a904c1a65cbb22fccd31b
Detection ratio: 43 / 66
Analysis date: 2017-10-05 19:55:16 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12438270 20171005
AhnLab-V3 Trojan/Win32.Locky.R209860 20171005
ALYac Trojan.GenericKD.12438270 20171005
Arcabit Trojan.Generic.DBDCAFE 20171005
Avast Win32:Malware-gen 20171005
AVG Win32:Malware-gen 20171005
AVware Trojan.Win32.Generic!BT 20171005
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170930
BitDefender Trojan.GenericKD.12438270 20171005
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20171005
Cyren W32/Locky.CB.gen!Eldorado 20171005
DrWeb Trojan.PWS.Panda.11620 20171005
Emsisoft Trojan.GenericKD.12438270 (B) 20171005
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DSCI 20171005
F-Prot W32/Locky.CB.gen!Eldorado 20171005
F-Secure Trojan.GenericKD.12438270 20171005
Fortinet W32/Kryptik.FXEG!tr 20171005
GData Trojan.GenericKD.12438270 20171005
Ikarus Trojan-Ransom.Locky 20171005
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Refinka.drf 20171005
Malwarebytes Trojan.MalPack 20171005
MAX malware (ai score=89) 20171005
McAfee Ransomware-GFS!080EDD56509A 20171005
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20171005
Microsoft Trojan:Win32/Dynamer!rfn 20171005
eScan Trojan.GenericKD.12438270 20171005
NANO-Antivirus Trojan.Win32.Panda.etfjdp 20171005
Panda Trj/GdSda.A 20171005
Qihoo-360 HEUR/QVM19.1.4E8A.Malware.Gen 20171005
Rising Trojan.Refinka!8.EBC2 (RDM+:cmRtazox95bpLya/HDqxT1wQWZxY) 20171005
Sophos AV Mal/Elenoocka-E 20171005
Symantec SecurityRisk.gen1 20171005
Tencent Win32.Trojan.Refinka.Dbi 20171005
TrendMicro Ransom_CERBER.SMALY0 20171005
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20171005
VIPRE Trojan.Win32.Generic!BT 20171005
Webroot W32.Trojan.Gen 20171005
WhiteArmor Malware.HighConfidence 20170927
Zillya Trojan.Injector.Win32.562861 20171005
ZoneAlarm by Check Point Trojan.Win32.Refinka.drf 20171005
AegisLab 20171005
Alibaba 20170911
Antiy-AVL 20171005
Avast-Mobile 20171005
Avira (no cloud) 20171005
Bkav 20171005
CAT-QuickHeal 20171005
ClamAV 20171005
CMC 20171005
Comodo 20171005
Jiangmin 20171005
K7AntiVirus 20171005
K7GW 20171005
Kingsoft 20171005
nProtect 20171005
Palo Alto Networks (Known Signatures) 20171005
SentinelOne (Static ML) 20171001
SUPERAntiSpyware 20171005
Symantec Mobile Insight 20171005
TheHacker 20171002
TotalDefense 20171005
Trustlook 20171005
VBA32 20171005
ViRobot 20171005
Yandex 20171005
Zoner 20171005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-25 09:43:35
Entry Point 0x00009126
Number of sections 4
PE sections
PE imports
GetFileAttributesA
WaitForSingleObject
CreateJobObjectW
GetTickCount
LoadLibraryA
GetCurrentDirectoryW
GetPrivateProfileStringA
lstrcatA
CreateDirectoryA
SetErrorMode
GetCommandLineA
GetProcAddress
GetProcessHeap
CreateWaitableTimerW
ReadConsoleW
GlobalAddAtomW
GetModuleHandleA
lstrcpy
FormatMessageA
InterlockedExchange
CreateSemaphoreW
CreateProcessA
GetLogicalDriveStringsW
IsBadReadPtr
IsBadStringPtrA
DefineDosDeviceA
FindResourceA
Chkdsk
FormatEx
Recover
Extend
Format
GetClassLongA
wsprintfA
LoadCursorA
LoadIconA
DispatchMessageA
DrawStateA
CharUpperW
PeekMessageA
CreateWindowExW
InsertMenuW
DialogBoxParamA
GetDlgItemTextW
GetPropA
LoadBitmapA
IsDialogMessageA
Number of PE resources by type
RT_RCDATA 5
RT_STRING 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:25 10:43:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50176

LinkerVersion
6.12

FileTypeExtension
exe

InitializedDataSize
27136

SubsystemVersion
4.0

EntryPoint
0x9126

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 080edd56509a904c1a65cbb22fccd31b
SHA1 9a97efd5fdf29d80d3af71acf9c6adfed5a71873
SHA256 1d157d4bbf065e8b85daedd96febd86c605c190e61da6f9b1850fcc91ff4cf01
ssdeep
3072:FX/6BTfMjwtvH8dVWPlD2Qi9mpwCmKUHhgY8xiDN15ghn:VSBTftt8dilaQKmp/mKUHn5

authentihash e49cd620adccf12238867f58988d315191970e5d78cf6024524aa40b7523be6c
imphash 4e0c313e065e5c7acb5041dc1e50da88
File size 182.5 KB ( 186880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-05 19:55:16 UTC ( 1 year, 6 months ago )
Last submission 2017-10-05 19:55:16 UTC ( 1 year, 6 months ago )
File names 080edd56509a904c1a65cbb22fccd31b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications