× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 21eedb0be6c0a35ddf1aeda8270f2c4b4a6f0ef73902c51a3a76e66b00fc9a34
File name: b319bcb60849b2460271986963356edd.vir
Detection ratio: 46 / 66
Analysis date: 2018-05-18 13:46:31 UTC ( 1 year ago )
Antivirus Result Update
AegisLab Troj.Ransom.W32.Cryptodef.cbt!c 20180518
Antiy-AVL Trojan/Win32.Inject 20180518
Arcabit Trojan.Generic.D1FBBD1 20180518
Avast Win32:Injector-CKK [Trj] 20180518
AVG Win32:Injector-CKK [Trj] 20180518
Avira (no cloud) TR/Crypt.Xpack.134829 20180518
AVware Trojan.Win32.CryptoWall.gen 20180518
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9960 20180518
BitDefender Trojan.GenericKD.2079697 20180518
CAT-QuickHeal Ransom.CryptoWall.WR5 20180518
ClamAV Win.Trojan.CryptoWall-3 20180518
Cylance Unsafe 20180518
Cyren W32/Backdoor.GTAF-7108 20180518
DrWeb BackDoor.IRC.NgrBot.42 20180518
Emsisoft Trojan.GenericKD.2079697 (B) 20180518
ESET-NOD32 Win32/Filecoder.CryptoWall.D 20180518
F-Prot W32/Backdoor2.HWZQ 20180518
F-Secure Trojan.GenericKD.2079697 20180518
Fortinet W32/Kryptik.CVDS!tr 20180518
GData Win32.Trojan-Ransom.CryptoWall.C 20180518
Ikarus Trojan-Ransom.CryptoWall3 20180518
Jiangmin Trojan/Inject.ausd 20180518
K7AntiVirus Trojan ( 004c33551 ) 20180518
K7GW Trojan ( 004c33551 ) 20180518
Kaspersky Trojan.Win32.Agent.ieuv 20180518
Malwarebytes Trojan.Agent.0BGen 20180518
MAX malware (ai score=86) 20180518
McAfee Artemis!B319BCB60849 20180518
McAfee-GW-Edition BehavesLike.Win32.Dropper.cc 20180518
Microsoft Worm:Win32/Dorkbot.I 20180518
eScan Trojan.GenericKD.2079697 20180518
NANO-Antivirus Trojan.Win32.Crypted.dmhznz 20180518
Palo Alto Networks (Known Signatures) generic.ml 20180518
Panda Trj/CI.A 20180518
Qihoo-360 Win32/Trojan.dea 20180518
Sophos AV Troj/Ransom-APP 20180518
Symantec ML.Attribute.HighConfidence 20180518
Tencent Win32.Trojan.Agent.Pbyn 20180518
TotalDefense Win32/Tnega.DJPGPRC 20180518
TrendMicro Ransom_.010B2D74 20180518
TrendMicro-HouseCall Ransom_.010B2D74 20180518
VBA32 Backdoor.IRC.NgrBot 20180518
VIPRE Trojan.Win32.CryptoWall.gen 20180518
Yandex Trojan.Cryptodef! 20180518
Zillya Dropper.Daws.Win32.13791 20180516
ZoneAlarm by Check Point Trojan.Win32.Agent.ieuv 20180518
Ad-Aware 20180518
AhnLab-V3 20180518
Alibaba 20180518
ALYac 20180518
Avast-Mobile 20180518
Babable 20180406
Bkav 20180518
CMC 20180518
Comodo 20180518
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180518
Endgame 20180507
Sophos ML 20180503
Kingsoft 20180518
nProtect 20180518
Rising 20180518
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180518
Symantec Mobile Insight 20180517
TheHacker 20180516
Trustlook 20180518
ViRobot 20180518
Webroot 20180518
Zoner 20180517
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00006B00
Number of sections 8
PE sections
Overlays
MD5 bc83dc6c224c74bdd48b3fd5ae83dcbf
File type application/zip
Offset 35840
Size 136305
Entropy 8.00
PE imports
ImageList_Draw
TextOutA
SetBkColor
CreateSolidBrush
SetTextColor
GetLastError
GetStdHandle
EnterCriticalSection
GetFileAttributesA
ExitProcess
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
LocalAlloc
CreateDirectoryA
GetCurrentDirectoryA
GetCommandLineA
GetModuleHandleA
RaiseException
SetFilePointer
ReadFile
WriteFile
FindFirstFileA
CloseHandle
LocalFree
InitializeCriticalSection
SetCurrentDirectoryA
VirtualFree
FindClose
TlsGetValue
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
LeaveCriticalSection
WNetConnectionDialog
SHGetFileInfoA
SetFocus
GetMessageA
EndDialog
PostQuitMessage
DefWindowProcA
ShowWindow
SetClassLongA
SetWindowPos
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
TranslateMessage
DialogBoxParamA
GetSysColor
DlgDirSelectExA
SendMessageA
GetDlgItem
CreateDialogParamA
RegisterClassA
InvalidateRect
LoadCursorA
LoadIconA
DlgDirListA
FillRect
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 6
RT_ICON 1
RT_STRING 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24064

LinkerVersion
2.25

EntryPoint
0x6b00

InitializedDataSize
10752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 b319bcb60849b2460271986963356edd
SHA1 698dd6dc1641e111aca3484e0b924d7dec630c18
SHA256 21eedb0be6c0a35ddf1aeda8270f2c4b4a6f0ef73902c51a3a76e66b00fc9a34
ssdeep
3072:TM7w6EJckZkXNakOVFn0k+qpTNxfMzhuOlnWoV7KSQVd+SYL:zVZq8kOVFlnnkzEonWoV7ycSYL

authentihash 6b8aee24770543ac07dc102375c7165b6c6a0f45129045d99549fe8731f433ef
imphash 12ba530e3722148f7a1103c7385e5d02
File size 168.1 KB ( 172145 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-08-13 18:45:36 UTC ( 1 year, 9 months ago )
Last submission 2018-05-18 13:46:31 UTC ( 1 year ago )
File names b319bcb60849b2460271986963356edd.vir
b319bcb60849b2460271986963356edd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
UDP communications