× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2661f1d646ea4176257321294391a1f6a155232f868a30a3ce431989a0c958a3
File name: l.exe
Detection ratio: 30 / 54
Analysis date: 2016-08-03 11:55:46 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ransom.Locky.4 20160803
AhnLab-V3 Trojan/Win32.Locky.C1512744 20160803
ALYac Gen:Variant.Ransom.Locky.4 20160803
Antiy-AVL Trojan[Ransom]/Win32.Crusis 20160803
Arcabit Trojan.Ransom.Locky.4 20160803
Avast Win32:Malware-gen 20160803
AVG Ransom_s.AE 20160803
Avira (no cloud) TR/Injector.zgoo 20160803
AVware Trojan.Win32.Generic!BT 20160803
BitDefender Gen:Variant.Ransom.Locky.4 20160803
Cyren W32/Trojan.BIDN-5525 20160803
DrWeb Trojan.Encoder.3953 20160803
Emsisoft Gen:Variant.Ransom.Locky.4 (B) 20160803
ESET-NOD32 a variant of Win32/Injector.DCZT 20160803
GData Gen:Variant.Ransom.Locky.4 20160803
Jiangmin Trojan.Locky.axo 20160803
K7AntiVirus Trojan ( 004f2a921 ) 20160803
K7GW Trojan ( 004f2a921 ) 20160803
Kaspersky Trojan-Ransom.Win32.Locky.bej 20160803
McAfee Packed-HF!F23ACB927B40 20160803
McAfee-GW-Edition BehavesLike.Win32.Rootkit.ch 20160803
eScan Gen:Variant.Ransom.Locky.4 20160803
Panda Trj/CI.A 20160802
Qihoo-360 HEUR/QVM10.1.CD52.Malware.Gen 20160803
Sophos AV Mal/Isda-D 20160803
Tencent Win32.Trojan.Locky.Eacw 20160803
TrendMicro Ransom_Locky.R00JC0RH316 20160803
TrendMicro-HouseCall Ransom_Locky.R00JC0RH316 20160803
VIPRE Trojan.Win32.Generic!BT 20160803
Yandex Trojan.Crusis! 20160802
AegisLab 20160803
Alibaba 20160803
Baidu 20160803
Bkav 20160803
CAT-QuickHeal 20160803
ClamAV 20160803
CMC 20160803
Comodo 20160803
F-Prot 20160803
Fortinet 20160803
Ikarus 20160803
Kingsoft 20160803
Malwarebytes 20160803
Microsoft 20160803
NANO-Antivirus 20160803
nProtect 20160803
SUPERAntiSpyware 20160803
Symantec 20160803
TheHacker 20160803
TotalDefense 20160802
VBA32 20160802
ViRobot 20160803
Zillya 20160803
Zoner 20160803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-28 00:39:52
Entry Point 0x00009A06
Number of sections 6
PE sections
Overlays
MD5 a622bfef7e146c0c1a22e67b8ca8d0f6
File type data
Offset 148480
Size 27319
Entropy 7.19
PE imports
SystemFunction036
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GlobalGetAtomNameA
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GetDevicePowerState
RtlUnwind
GetStdHandle
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
ExitProcess
RaiseException
WideCharToMultiByte
MapViewOfFile
TlsFree
FindFirstFileExA
ReadFile
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
IsProcessorFeaturePresent
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
SetFilePointerEx
FindClose
TlsGetValue
GetFileType
ReadConsoleW
TlsSetValue
GetCurrentThreadId
OutputDebugStringA
SetLastError
LeaveCriticalSection
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:07:28 01:39:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
111104

LinkerVersion
14.0

EntryPoint
0x9a06

InitializedDataSize
39424

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 f23acb927b4068d1ecf2c7bd0ddc868f
SHA1 5a84f85fb75001ee2d804bf648b3848fb99ce85d
SHA256 2661f1d646ea4176257321294391a1f6a155232f868a30a3ce431989a0c958a3
ssdeep
3072:R7ymzJhVqy8CQC2mC0kokLikTFf5DtMii6kPSH+gmcev8:RmmzJDqy+nekN5q3SelE

authentihash 5229d446c5e3c3dda37ef47c74a55e19ff90034cf72abeab450add801eb926d0
imphash ccb53c9ee64c69048ccaac4d260f586c
File size 171.7 KB ( 175799 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-08-03 11:55:46 UTC ( 2 years, 7 months ago )
Last submission 2016-08-03 11:55:46 UTC ( 2 years, 7 months ago )
File names l.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications