× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2521feb8887c5e9544e4d7686cb11962a95349722f661e175a75143d9cbc0ad7
File name: rawentyrinity.top-2-of-3.exe
Detection ratio: 38 / 59
Analysis date: 2017-03-02 03:01:44 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.141286 20170301
AegisLab W32.W.Bagle.l36o 20170302
AhnLab-V3 Trojan/Win32.Cerber.R196054 20170301
ALYac Gen:Variant.Razy.141286 20170301
Arcabit Trojan.Razy.D227E6 20170302
Avast Win32:Malware-gen 20170301
AVG GenericX.1114 20170302
Avira (no cloud) TR/Crypt.ZPACK.cydka 20170302
AVware Trojan.Win32.Generic!BT 20170302
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170301
BitDefender Gen:Variant.Razy.141286 20170302
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
DrWeb Trojan.Encoder.10391 20170301
Emsisoft Gen:Variant.Razy.141286 (B) 20170301
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/Kryptik.FPAR 20170302
F-Secure Gen:Variant.Razy.141286 20170302
Fortinet W32/Zerber.CNNS!tr 20170301
GData Gen:Variant.Razy.141286 20170301
Ikarus Trojan-Ransom.Cerber 20170301
Sophos ML generic.a 20170203
K7AntiVirus Trojan ( 005073951 ) 20170301
K7GW Trojan ( 005073951 ) 20170301
Kaspersky UDS:DangerousObject.Multi.Generic 20170228
Malwarebytes Ransom.Cerber 20170302
McAfee Ransomware-FMJ!6F943F7E7472 20170302
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20170302
eScan Gen:Variant.Razy.141286 20170302
Panda Trj/CI.A 20170301
Qihoo-360 Win32/Trojan.1f0 20170302
Rising Malware.Generic.2!tfe (thunder:2:Q3TtLVKEUPI) 20170302
Sophos AV Mal/Elenoocka-E 20170302
Symantec Trojan.Gen.2 20170301
Tencent Win32.Trojan.Spora.Wsue 20170302
TrendMicro Ransom_CERBER.VSGM 20170302
TrendMicro-HouseCall Ransom_CERBER.VSGM 20170302
VIPRE Trojan.Win32.Generic!BT 20170302
Webroot W32.Ransom.Gen 20170302
Alibaba 20170228
Antiy-AVL 20170302
Bkav 20170301
CAT-QuickHeal 20170301
ClamAV 20170301
CMC 20170301
Comodo 20170302
Cyren 20170302
F-Prot 20170301
Jiangmin 20170301
Kingsoft 20170302
Microsoft 20170302
NANO-Antivirus 20170302
nProtect 20170302
SUPERAntiSpyware 20170302
TheHacker 20170228
TotalDefense 20170301
Trustlook 20170302
VBA32 20170301
ViRobot 20170301
WhiteArmor 20170222
Yandex 20170225
Zillya 20170301
Zoner 20170302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-02 10:01:36
Entry Point 0x000021AE
Number of sections 4
PE sections
Overlays
MD5 af756a2053110248669c0332c1c8b78d
File type data
Offset 249856
Size 185
Entropy 6.99
PE imports
CreateJobObjectA
WriteProcessMemory
CreateMailslotA
OpenFileMappingW
GetPrivateProfileStringA
GetCurrentProcessId
OpenProcess
lstrcat
GetVolumeInformationW
InterlockedDecrement
GetProcAddress
lstrcpynW
GetModuleHandleA
CompareStringA
SetLocalTime
SetEnvironmentVariableA
WriteConsoleA
GetLogicalDriveStringsW
GetLongPathNameA
CloseHandle
OpenJobObjectA
SetLastError
GetTimeFormatA
PathIsSlowA
ShellAboutA
SHEmptyRecycleBinA
SHEmptyRecycleBinW
DragQueryFileW
DragFinish
ShellMessageBoxW
SHChangeNotify
SHBrowseForFolderA
StrChrA
SHGetDataFromIDListA
SHGetFileInfoW
ExtractIconW
FindExecutableA
ShellExecuteA
SHFileOperationA
Chkdsk
Recover
Extend
Format
Number of PE resources by type
TEXD 1
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:09:02 12:01:36+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
5.12

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x21ae

InitializedDataSize
233472

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 6f943f7e7472e99948a8b2ce9c60dd4b
SHA1 54514e0f8c2d53a009a2a599544d682ca271db6a
SHA256 2521feb8887c5e9544e4d7686cb11962a95349722f661e175a75143d9cbc0ad7
ssdeep
3072:4ArAdcAOp8qs7zvcONfroq9Str7Zvvq2MvjbU1/C+nLMzykZ0eXzccxB0BMyWptK:hc/Oaqu0O5+B3qzbUU+nvm/IMyeJUt8a

authentihash c9e6a341a5e3e9116aaaf4450f7db3af20a9bae460cf9c4da851ba8fadbfb938
imphash 383ed1147b341a7a32e0b4c06493f412
File size 244.2 KB ( 250041 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe suspicious-udp overlay

VirusTotal metadata
First submission 2017-03-01 11:13:32 UTC ( 1 year, 11 months ago )
Last submission 2019-01-21 18:44:17 UTC ( 1 month ago )
File names 2521feb8887c5e9544e4d7686cb11962a95349722f661e175a75143d9cbc0ad7
2521feb8887c5e9544e4d7686cb11962a95349722f661e175a75143d9cbc0ad7.bin
2017-02-28-Cerber-from-rawentyrinity.top-2-of-3.exe
rawentyrinity.top-2-of-3.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications