× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 28df46fe9876341394f8f0e4dcf17bd76f451ea8347104470acb59291f1735ce
Detection ratio: 43 / 67
Analysis date: 2017-11-08 07:44:55 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12541599 20171108
AegisLab Troj.Ransom.W32.Locky!c 20171108
ALYac Trojan.Ransom.LockyCrypt 20171108
Arcabit Ransomware.Locky 20171108
Avast Win32:Malware-gen 20171108
AVG Win32:Malware-gen 20171108
Avira (no cloud) TR/AD.Locky.yecpg 20171108
AVware Trojan.Win32.Generic!BT 20171108
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171108
BitDefender Trojan.GenericKD.12541599 20171108
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171108
Cyren W32/Ransom.PJBU-0515 20171108
DrWeb Trojan.Encoder.14922 20171108
Emsisoft Trojan.GenericKD.12541599 (B) 20171108
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/Filecoder.Locky.M 20171108
F-Prot W32/Ransom.YL 20171108
F-Secure Trojan.GenericKD.12541599 20171108
Fortinet W32/GenKryptik.AVEL!tr 20171108
GData Trojan.GenericKD.12541599 20171108
Ikarus Win32.Outbreak 20171107
Sophos ML heuristic 20170914
K7AntiVirus Riskware ( 0040eff71 ) 20171108
K7GW Riskware ( 0040eff71 ) 20171108
Kaspersky Trojan-Ransom.Win32.Locky.acez 20171108
Malwarebytes Ransom.Locky 20171108
MAX malware (ai score=100) 20171108
McAfee Artemis!8AC7C66EFDEE 20171108
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.bh 20171108
Microsoft Ransom:Win32/Locky 20171108
eScan Trojan.GenericKD.12541599 20171108
Palo Alto Networks (Known Signatures) generic.ml 20171108
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Troj/Ransom-ERZ 20171108
Symantec Ransom.Locky.B 20171108
Tencent Win32.Trojan.Filecoder.Edxv 20171108
TrendMicro Ransom_LOCKY.DLDTAUK 20171108
TrendMicro-HouseCall Ransom_LOCKY.DLDTAUK 20171108
VIPRE Trojan.Win32.Generic!BT 20171108
ViRobot Trojan.Win32.Locky.788992 20171108
Webroot W32.Trojan.Gen 20171108
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.acez 20171108
AhnLab-V3 20171107
Alibaba 20170911
Antiy-AVL 20171103
Avast-Mobile 20171108
Bkav 20171107
CAT-QuickHeal 20171107
ClamAV 20171108
CMC 20171104
Comodo 20171108
Cybereason 20171030
eGambit 20171108
Jiangmin 20171108
Kingsoft 20171108
NANO-Antivirus 20171108
nProtect 20171108
Panda 20171107
Qihoo-360 20171108
Rising 20171108
SUPERAntiSpyware 20171108
Symantec Mobile Insight 20171107
TheHacker 20171102
Trustlook 20171108
VBA32 20171104
WhiteArmor 20171104
Yandex 20171107
Zillya 20171107
Zoner 20171108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-07 09:09:14
Entry Point 0x00001019
Number of sections 5
PE sections
PE imports
AVIBuildFilterA
LCIDToLocaleName
GetLastError
IsProcessorFeaturePresent
GetUserDefaultLangID
lstrlenA
IsSystemResumeAutomatic
VirtualQuery
GetSystemDefaultLCID
ExitProcess
GetThreadLocale
SetFileApisToANSI
GetCommandLineA
CreateFileA
GetCurrentThreadId
GetUserDefaultLCID
GetFileAttributesW
NdrSimpleStructUnmarshall
SHGetFileInfoA
SHStrDupW
GetOpenClipboardWindow
GetMessageExtraInfo
GetMessagePos
InSendMessage
GetInputState
SCardFreeMemory
SCardListReadersA
puts
memset
wcslen
printf
isupper
memcpy
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:11:07 10:09:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
122880

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1019

InitializedDataSize
683520

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8ac7c66efdeefceea010123faa515cdf
SHA1 961c26caade6bb374efb19319411f04183af2cb0
SHA256 28df46fe9876341394f8f0e4dcf17bd76f451ea8347104470acb59291f1735ce
ssdeep
12288:umSZieXwRXdhAjxf//BC/HOEzD+QpJ3M1jhUIDMNE+MX6Bln:u9XqetHw/ZXbJUjHoGT6Bl

authentihash ceedac5ac49934edcef6a0898def23a754feb479b146f2c63a4f668460e29e39
imphash e8b43a09dc4513bb5796962ca2fa39d3
File size 770.5 KB ( 788992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-07 09:49:43 UTC ( 1 year, 6 months ago )
Last submission 2018-05-11 00:11:24 UTC ( 1 year ago )
File names 1 stage malware new
28df46fe9876341394f8f0e4dcf17bd76f4.exe
VirusShare_8ac7c66efdeefceea010123faa515cdf
JHgd3Dees
content
JHgd3Dees.exe
2017-11-07-Locky-ransomware-wera4.exe
8ac7c66e.gxe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!