× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f331e9ce2224f3dceeb23a52e7987884c3b43f2cd0d14a86c99c7175235a9fe
File name: Magnitude_payload.exe
Detection ratio: 33 / 55
Analysis date: 2015-12-02 21:20:34 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.136208 20151130
Yandex Trojan.Cryptodef! 20151202
AhnLab-V3 Trojan/Win32.Ransom 20151202
ALYac Gen:Variant.Graftor.136208 20151202
Antiy-AVL Trojan[Ransom]/Win32.Cryptodef 20151202
Arcabit Trojan.Graftor.D21410 20151202
Avast Sf:Crypt-AR [Trj] 20151202
AVG Generic_r.FEY 20151130
Avira (no cloud) TR/Crypt.ZPACK.207623 20151202
BitDefender Gen:Variant.Graftor.136208 20151202
CAT-QuickHeal Ransom.Crowti.A4 20151202
DrWeb Trojan.Encoder.514 20151202
Emsisoft Gen:Variant.Graftor.136208 (B) 20151202
ESET-NOD32 a variant of Win32/Filecoder.CO 20151202
F-Secure Gen:Variant.Graftor.136208 20151202
Fortinet W32/Filecoder.CO!tr 20151202
GData Gen:Variant.Graftor.136208 20151202
Ikarus Trojan.Win32.Filecoder 20151202
Jiangmin Trojan/Cryptodef.ads 20151201
K7AntiVirus Trojan ( 0040fa3d1 ) 20151202
K7GW Trojan ( 0040fa3d1 ) 20151202
Kaspersky Trojan-Ransom.Win32.Cryptodef.cku 20151202
Malwarebytes Trojan.CryptoLocker 20151202
McAfee GenericATG-FBXB!D890BD08180D 20151202
Microsoft Ransom:Win32/Crowti.A 20151202
eScan Gen:Variant.Graftor.136208 20151202
NANO-Antivirus Trojan.Win32.Cryptodef.dxqhdz 20151202
Panda Trj/RansomCrypt.D 20151202
Qihoo-360 QVM40.1.Malware.Gen 20151202
TheHacker Trojan/Filecoder.co 20151202
VBA32 BScope.TrojanRansom.Cryptowall 20151202
ViRobot Trojan.Win32.Ransom.134656.H[h] 20151202
Zillya Trojan.Cryptodef.Win32.1211 20151201
AegisLab 20151202
Alibaba 20151202
AVware 20151202
Baidu-International 20151202
Bkav 20151202
ByteHero 20151202
ClamAV 20151202
CMC 20151201
Comodo 20151202
Cyren 20151202
F-Prot 20151202
McAfee-GW-Edition 20151202
nProtect 20151202
Rising 20151202
Sophos AV 20151202
SUPERAntiSpyware 20151202
Symantec 20151202
Tencent 20151202
TrendMicro 20151202
TrendMicro-HouseCall 20151202
VIPRE 20151202
Zoner 20151202
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-25 12:27:33
Entry Point 0x00016AF0
Number of sections 4
PE sections
Overlays
MD5 4492cab2b086ffb7d6159f196bb7ebcc
File type ASCII text
Offset 134656
Size 5344
Entropy 0.00
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:07:25 13:27:33+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
89600

LinkerVersion
12.0

EntryPoint
0x16af0

InitializedDataSize
48640

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 d890bd08180d69ee6ee5f7658be33030
SHA1 bf650b694ef724452ec7777a4bd24d36df33d2d2
SHA256 1f331e9ce2224f3dceeb23a52e7987884c3b43f2cd0d14a86c99c7175235a9fe
ssdeep
3072:Pjg7+zd/8aTjdUUrC1yFMvTOuWV1oqCgQfBUnPy8L2VBBh:Pdd8a3d3ru+MvTJWV1oqCgQfBUPy8L2L

authentihash da86e17687888954b533e98754bfd33d8438e9d689626bfc96a3e50d193cebb5
File size 136.7 KB ( 140000 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll overlay

VirusTotal metadata
First submission 2015-12-02 21:20:34 UTC ( 3 years, 1 month ago )
Last submission 2016-10-23 22:30:47 UTC ( 2 years, 2 months ago )
File names Magnitude_payload.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!