× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 25924910a5c4f26bab449ba55f61d8b58e23e80e23f0580e2dc24c1bfe298568
File name: c78ded66f57b423178f7a35eedfe915b.virus
Detection ratio: 34 / 62
Analysis date: 2017-03-15 17:07:11 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4430756 20170315
ALYac Trojan.GenericKD.4430756 20170315
Arcabit Trojan.Generic.D439BA4 20170315
Avast Win32:Rootkit-gen [Rtk] 20170315
AVG FileCryptor.NXW 20170315
Avira (no cloud) TR/Crypt.ZPACK.omyko 20170315
BitDefender Trojan.GenericKD.4430756 20170315
CAT-QuickHeal Ransom.Genasom 20170314
CrowdStrike Falcon (ML) malicious_confidence_89% (D) 20170130
Emsisoft Trojan.GenericKD.4430756 (B) 20170315
Endgame malicious (moderate confidence) 20170222
ESET-NOD32 a variant of Win32/Injector.DLLI 20170315
F-Secure Trojan.GenericKD.4430756 20170315
Fortinet W32/Kryptik.FNWL!tr 20170315
GData Trojan.GenericKD.4430756 20170315
Sophos ML generic.a 20170203
K7AntiVirus Trojan ( 00500d011 ) 20170315
K7GW Trojan ( 00500d011 ) 20170315
Kaspersky Trojan-Ransom.Win32.Crusis.qw 20170315
Malwarebytes Ransom.Dharma 20170315
McAfee Artemis!C78DED66F57B 20170315
McAfee-GW-Edition BehavesLike.Win32.Gupboot.dc 20170315
eScan Trojan.GenericKD.4430756 20170315
NANO-Antivirus Trojan.Win32.Filecoder.eluibp 20170315
Panda Trj/Agent.SM 20170315
Qihoo-360 HEUR/QVM11.1.0000.Malware.Gen 20170315
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV Mal/Isda-D 20170315
Symantec Trojan.Gen 20170315
TrendMicro TROJ_GEN.R00XC0RCF17 20170315
TrendMicro-HouseCall TROJ_GEN.R00XC0RCF17 20170315
Yandex Trojan.Filecoder!Gl0PyNlo89o 20170315
Zillya Trojan.Filecoder.Win32.4272 20170314
ZoneAlarm by Check Point Trojan-Ransom.Win32.Crusis.qw 20170315
AegisLab 20170315
AhnLab-V3 20170315
Alibaba 20170228
Antiy-AVL 20170315
AVware 20170315
Baidu 20170315
Bkav 20170315
ClamAV 20170315
CMC 20170315
Comodo 20170315
Cyren 20170315
DrWeb 20170315
F-Prot 20170315
Ikarus 20170315
Jiangmin 20170315
Kingsoft 20170315
Microsoft 20170315
nProtect 20170315
Palo Alto Networks (Known Signatures) 20170315
Rising None
SUPERAntiSpyware 20170315
Tencent 20170315
TheHacker 20170315
TotalDefense 20170315
Trustlook 20170315
VBA32 20170315
VIPRE 20170315
ViRobot 20170315
Webroot 20170315
WhiteArmor 20170315
Zoner 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-16 06:22:38
Entry Point 0x00027270
Number of sections 3
PE sections
Overlays
MD5 78836618a36a46b1622ac9fea4d03668
File type data
Offset 62464
Size 143823
Entropy 8.00
PE imports
AddAccessAllowedObjectAce
BeginPath
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
FindExecutableA
BeginPaint
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_GROUP_CURSOR 1
AFX_DIALOG_LAYOUT 1
RT_BITMAP 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 4
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:16 07:22:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
9.0

EntryPoint
0x27270

InitializedDataSize
4096

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
98304

File identification
MD5 c78ded66f57b423178f7a35eedfe915b
SHA1 26a20af19e7b8a3c6708a4c97ff3a50e5a94732a
SHA256 25924910a5c4f26bab449ba55f61d8b58e23e80e23f0580e2dc24c1bfe298568
ssdeep
3072:mqDNYMQAMJQSR6uOoveH2QgFKPrvPZUyjTk392qO3TFFPfD4nA/YMzSIxrgtWcfE:mwNYMo5HvzH0rHKyS92qO3TFR8CDSdvM

authentihash 02d7a43085fbbdb79ff175f72338906243bcf09e077f039a15710fff1600fd03
imphash 4411a54d825fee6bb5e756e4514e20ff
File size 201.5 KB ( 206287 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2017-03-15 17:07:11 UTC ( 2 years ago )
Last submission 2017-03-15 17:07:11 UTC ( 2 years ago )
File names c78ded66f57b423178f7a35eedfe915b.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications