× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 274170f2acf032561911675964fe1852e63e5af6bf97c3a76d6273cf7b5bf1c0
File name: nyRhdkwSD
Detection ratio: 9 / 67
Analysis date: 2017-12-12 12:04:33 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Avast Win32:MdeClass 20171212
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Fortinet W32/Kryptik.L!tr.ransom 20171212
Sophos ML heuristic 20170914
Jiangmin Trojan-Ransom.Shade.a 20171211
McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.fc 20171212
Symantec Trojan.Trickybot 20171212
Webroot W32.Ransom.Gen 20171212
WhiteArmor Malware.HighConfidence 20171204
Ad-Aware 20171212
AegisLab 20171212
AhnLab-V3 20171212
Alibaba 20171212
ALYac 20171212
Antiy-AVL 20171212
Arcabit 20171212
Avast-Mobile 20171211
AVG 20171212
Avira (no cloud) 20171212
AVware 20171212
Baidu 20171212
BitDefender 20171212
Bkav 20171211
CAT-QuickHeal 20171212
ClamAV 20171212
CMC 20171212
Comodo 20171212
Cybereason 20171103
Cylance 20171212
Cyren 20171212
DrWeb 20171212
eGambit 20171212
Emsisoft 20171212
Endgame 20171130
ESET-NOD32 20171212
F-Prot 20171212
F-Secure 20171212
GData 20171212
Ikarus 20171212
K7AntiVirus 20171212
K7GW 20171212
Kaspersky 20171212
Kingsoft 20171212
Malwarebytes 20171212
MAX 20171212
McAfee 20171212
Microsoft 20171212
eScan 20171212
NANO-Antivirus 20171212
nProtect 20171212
Palo Alto Networks (Known Signatures) 20171212
Panda 20171211
Qihoo-360 20171212
Rising 20171212
SentinelOne (Static ML) 20171207
Sophos AV 20171212
SUPERAntiSpyware 20171212
Symantec Mobile Insight 20171207
Tencent 20171212
TheHacker 20171210
TrendMicro 20171212
TrendMicro-HouseCall 20171212
Trustlook 20171212
VBA32 20171212
VIPRE 20171212
ViRobot 20171212
Yandex 20171211
Zillya 20171211
ZoneAlarm by Check Point 20171212
Zoner 20171212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-11 21:50:38
Entry Point 0x0000316D
Number of sections 5
PE sections
Overlays
MD5 e1ec1be135745f2af66159781f98b6ff
File type font/x-snf
Offset 39936
Size 311644
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
GetExitCodeProcess
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 12
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
VERSION INFO 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:12:11 22:50:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24064

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x316d

InitializedDataSize
105472

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
1024

Compressed bundles
File identification
MD5 d02406a2b62215dc5d5a42e0c8e15f6e
SHA1 7ffa70f90eb6bf01b2b7f3b2fde2fbe93ba6acc4
SHA256 274170f2acf032561911675964fe1852e63e5af6bf97c3a76d6273cf7b5bf1c0
ssdeep
6144:9Beu0nkrCxIz9uGbJ9kKBLqqOcon3mfeCIt0YBdd8jkmb4swyE:R0nkrCxSJ9kKBLqqlbWCIt3d6dUpyE

authentihash 320b496652f338805808ca3834d41cbc9d4847b39acbf0680f1dfa370f30f49d
imphash b78ecf47c0a3e24a6f4af114e2d1f5de
File size 343.3 KB ( 351580 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2017-12-12 11:30:13 UTC ( 1 year, 1 month ago )
Last submission 2018-07-23 06:50:38 UTC ( 5 months, 4 weeks ago )
File names oySielwTD.exe
nyRhdkwSD
2017-12-12-Trickbot-sample-dilaryi8.exe.rename.rename
Trickbot-sample-dilaryi8.exe
7gga70g90fb7bg02b3b7g4b3gef3gbf94ba7add5.exe
ejmaryj8.exe
VirusShare_d02406a2b62215dc5d5a42e0c8e15f6e
nyRhdkwSD.txt
2017-12-12-Trickbot-sample-dilaryi8.exe.rename
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications