× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2bbf359683dbd97fad286f27660bb1247cc41211e5b7ca831e6accd23a778970
File name: 2487d3c3a11cd0aa0bee9395413c7202.virus
Detection ratio: 38 / 68
Analysis date: 2017-11-13 21:24:02 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.222523 20171113
AhnLab-V3 Trojan/Win32.Refinka.C2257058 20171113
ALYac Gen:Variant.Jaik.19612 20171113
Antiy-AVL Trojan/Win32.Refinka 20171113
Arcabit Trojan.Razy.D3653B 20171113
Avast Win32:Malware-gen 20171113
AVG Win32:Malware-gen 20171113
Avira (no cloud) TR/Crypt.ZPACK.jiahr 20171113
AVware Trojan.Win32.Generic!BT 20171113
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171113
BitDefender Gen:Variant.Razy.222523 20171113
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171113
Emsisoft Gen:Variant.Razy.222523 (B) 20171113
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYYA 20171113
F-Secure Gen:Variant.Razy.222523 20171113
Fortinet W32/GenKryptik.BCRP!tr 20171113
GData Gen:Variant.Razy.222523 20171113
Ikarus Trojan.Win32.Krypt 20171113
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Refinka.jbp 20171113
Malwarebytes Trojan.MalPack 20171113
MAX malware (ai score=85) 20171113
McAfee Ransomware-GIN!2487D3C3A11C 20171113
McAfee-GW-Edition BehavesLike.Win32.Ransomware.dh 20171113
eScan Gen:Variant.Razy.222523 20171113
Panda Generic Suspicious 20171113
Qihoo-360 HEUR/QVM20.1.2AB3.Malware.Gen 20171113
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Generic-S 20171113
Symantec SecurityRisk.gen1 20171113
Tencent Suspicious.Heuristic.Gen.b.0 20171113
TrendMicro TROJ_GEN.R004C0PKD17 20171113
TrendMicro-HouseCall TROJ_GEN.R004C0PKD17 20171113
VIPRE Trojan.Win32.Generic!BT 20171113
WhiteArmor Malware.HighConfidence 20171104
ZoneAlarm by Check Point Trojan.Win32.Refinka.jbp 20171113
AegisLab 20171113
Alibaba 20170911
Avast-Mobile 20171113
Bkav 20171113
CAT-QuickHeal 20171113
ClamAV 20171113
CMC 20171109
Comodo 20171113
Cybereason 20171103
Cyren 20171113
DrWeb 20171113
eGambit 20171113
F-Prot 20171113
Jiangmin 20171113
K7AntiVirus 20171113
K7GW 20171113
Kingsoft 20171113
Microsoft 20171113
NANO-Antivirus 20171113
nProtect 20171113
Palo Alto Networks (Known Signatures) 20171113
Rising 20171113
SUPERAntiSpyware 20171113
Symantec Mobile Insight 20171110
TheHacker 20171112
TotalDefense 20171113
Trustlook 20171113
VBA32 20171113
ViRobot 20171113
Webroot 20171113
Yandex 20171113
Zillya 20171110
Zoner 20171113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-25 09:43:35
Entry Point 0x0000C2EA
Number of sections 4
PE sections
PE imports
AuthzInitializeContextFromSid
AuthzFreeResourceManager
DefineDosDeviceW
LocalFileTimeToFileTime
GetFileAttributesA
WaitForSingleObject
LoadLibraryA
GetLocalTime
OpenFileMappingW
GetConsoleTitleW
lstrcat
GetCommandLineA
GetProcAddress
GetModuleHandleA
FindFirstFileA
GlobalAddAtomA
CreateMutexW
CloseHandle
OpenMutexW
CreateWaitableTimerA
FindNextFileA
CreateProcessA
GetLogicalDriveStringsW
FindClose
IsBadReadPtr
SHGetFileInfoA
ExtractIconA
FindExecutableA
ShellAboutA
DragAcceptFiles
DuplicateIcon
SHGetDesktopFolder
SHGetDiskFreeSpaceA
DragFinish
SHCreateShellItem
StrChrA
SHGetDataFromIDListA
DragQueryFileA
SHGetMalloc
SHFileOperationA
Number of PE resources by type
TREJ 5
RT_STRING 1
Number of PE resources by language
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:03:25 10:43:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69120

LinkerVersion
8.0

EntryPoint
0xc2ea

InitializedDataSize
149504

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 2487d3c3a11cd0aa0bee9395413c7202
SHA1 45527cdfd2ff67feab7e6c59417a14f03dfb6306
SHA256 2bbf359683dbd97fad286f27660bb1247cc41211e5b7ca831e6accd23a778970
ssdeep
3072:hE0VNaraM3xvM3x4YA3kBN6cYSMU3O0zNJ26h4l42hu:hZaGW9qj6LSMU3OYJDr2E

authentihash 0ff364b247bb5a83fef51712f5b49f8d4d0a020f662aee4c3736ae163c353747
imphash 634f256e35b08936e800ba3672b56be5
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-13 21:24:02 UTC ( 1 year, 5 months ago )
Last submission 2017-11-13 21:24:02 UTC ( 1 year, 5 months ago )
File names 1032-45527cdfd2ff67feab7e6c59417a14f03dfb6306
2487d3c3a11cd0aa0bee9395413c7202.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs