× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 262b9b396f8c02ed1f8ff7b3b99fe6d017ee7023be97ecdc8db6b8d711f7102f
File name: _outputC9E322F.exe
Detection ratio: 15 / 66
Analysis date: 2017-10-03 17:16:51 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20171003
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/GenKryptik.AYKA 20171003
Fortinet W32/Injector.DSBV!tr 20171003
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171003
McAfee Ransomware-FMDK!DE720021C906 20171003
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazqImIDq4dA5LZh7sY+u+nel) 20171003
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/FareitVB-M 20171003
Symantec ML.Attribute.HighConfidence 20171003
TrendMicro TSPY_HPFAREIT.SM 20171003
TrendMicro-HouseCall TSPY_HPFAREIT.SM 20171003
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171003
Ad-Aware 20171003
AegisLab 20171003
AhnLab-V3 20171003
Alibaba 20170911
ALYac 20171003
Antiy-AVL 20171003
Arcabit 20171003
Avast 20171003
Avast-Mobile 20171003
AVG 20171003
Avira (no cloud) 20171003
AVware 20171003
Baidu 20170930
BitDefender 20171003
Bkav 20170928
CAT-QuickHeal 20171003
ClamAV 20171003
CMC 20171003
Comodo 20171003
Cyren 20171003
DrWeb 20171003
Emsisoft 20171003
F-Prot 20171003
F-Secure 20171003
GData 20171003
Ikarus 20171003
Jiangmin 20171003
K7AntiVirus 20171003
K7GW 20171003
Kingsoft 20171003
Malwarebytes 20171003
MAX 20171003
McAfee-GW-Edition 20171003
Microsoft 20171003
eScan 20171003
NANO-Antivirus 20171003
nProtect 20171003
Palo Alto Networks (Known Signatures) 20171003
Panda 20171003
Qihoo-360 20171003
SUPERAntiSpyware 20171003
Symantec Mobile Insight 20171003
Tencent 20171003
TheHacker 20171002
TotalDefense 20171003
Trustlook 20171003
VBA32 20171003
VIPRE 20171003
ViRobot 20171003
Webroot 20171003
WhiteArmor 20170927
Yandex 20170908
Zillya 20171003
Zoner 20171003
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product https:\\taeva.Ar
Original name Lockmaker7.exe
Internal name Lockmaker7
File version 1.00.0001
Description lova
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-03 07:28:22
Entry Point 0x0000104C
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
__vbaExceptHandler
Ord(100)
MethCallEngine
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_AddRef
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
GREEK DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
16384

ImageVersion
1.0

ProductName
https:\\taeva.Ar

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Greek

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Lockmaker7.exe

MIMEType
application/octet-stream

FileVersion
1.00.0001

TimeStamp
2017:10:03 08:28:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Lockmaker7

ProductVersion
1.00.0001

FileDescription
lova

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
coiza

CodeSize
503808

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x104c

ObjectFileType
Executable application

File identification
MD5 de720021c906d75c204ef5ef6c11f5f8
SHA1 142c63256c84a7e0b41c630ed978ece2bc2bc7e2
SHA256 262b9b396f8c02ed1f8ff7b3b99fe6d017ee7023be97ecdc8db6b8d711f7102f
ssdeep
6144:TjWwmCI7iPr/0DA4TXenD5AT/jBG2ysgCbHl0xOT9IDJ:TpmC2iP70/7en1I1Gt0HKOTe

authentihash 1bd8bae7cbc8baccb278b7137b5cbfdd9bfd7466cdf4b55e69d0508160e7b72c
imphash 2baf2cf5457a6cbc889a1294e9abb0e0
File size 500.0 KB ( 512000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-03 17:16:51 UTC ( 1 year, 5 months ago )
Last submission 2018-07-27 06:17:51 UTC ( 7 months, 4 weeks ago )
File names virussign.com_de720021c906d75c204ef5ef6c11f5f8.vir
Lockmaker7.exe
de720021c906d75c204ef5ef6c11f5f8.vir
Lockmaker7
_outputC9E322F.exe
de720021c906d75c204ef5ef6c11f5f8.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications