× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2deaa0ec7445c26f1442f860eb32f4fcda2d501699d09a94c26035d6185803ea
File name: 87wifhFsdf.exe
Detection ratio: 23 / 65
Analysis date: 2017-08-17 11:37:45 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20170817
AVG Win32:Malware-gen 20170817
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170817
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170817
Cyren W32/Locky.BX.gen!Eldorado 20170817
DrWeb Trojan.Encoder.13570 20170817
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/GenKryptik.ASNN 20170817
F-Prot W32/Locky.BX.gen!Eldorado 20170817
Fortinet W32/GenKryptik.APXF!tr 20170817
Sophos ML heuristic 20170817
Kaspersky Trojan-Ransom.Win32.Locky.dmp 20170817
Malwarebytes Ransom.Locky 20170817
McAfee Ransomware-GDH!8009E4433AAD 20170817
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.jc 20170817
Palo Alto Networks (Known Signatures) generic.ml 20170817
Qihoo-360 HEUR/QVM20.1.3952.Malware.Gen 20170817
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170817
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170817
WhiteArmor Malware.HighConfidence 20170817
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.dmp 20170817
Ad-Aware 20170817
AegisLab 20170817
AhnLab-V3 20170817
Alibaba 20170817
ALYac 20170817
Antiy-AVL 20170817
Arcabit 20170817
Avira (no cloud) 20170817
AVware 20170817
BitDefender 20170817
Bkav 20170817
CAT-QuickHeal 20170817
ClamAV 20170817
CMC 20170817
Comodo 20170817
Emsisoft 20170817
F-Secure 20170817
GData 20170817
Ikarus 20170817
Jiangmin 20170817
K7AntiVirus 20170817
K7GW 20170817
Kingsoft 20170817
MAX 20170817
Microsoft 20170817
eScan 20170817
NANO-Antivirus 20170817
nProtect 20170817
Panda 20170817
Rising 20170817
Sophos AV 20170817
SUPERAntiSpyware 20170817
Symantec Mobile Insight 20170816
Tencent 20170817
TheHacker 20170817
TotalDefense 20170817
TrendMicro 20170817
Trustlook 20170817
VBA32 20170817
VIPRE 20170817
ViRobot 20170817
Webroot 20170817
Yandex 20170815
Zillya 20170817
Zoner 20170817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-26 14:06:56
Entry Point 0x0000287A
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
ReadEventLogA
RegRestoreKeyW
RegReplaceKeyA
ClearEventLogW
OpenEventLogW
RegSaveKeyW
RegDeleteValueA
RegOpenKeyW
RegCreateKeyExA
RegEnumKeyA
IsTextUnicode
CryptSignHashA
CoCreateActivity
RecycleSurrogate
CoEnterServiceDomain
GetCurrentProcessId
OpenSemaphoreA
WaitForSingleObject
DeleteFileA
WaitNamedPipeA
LoadLibraryExW
OpenMutexW
CreateWaitableTimerA
FindNextFileA
GetCommandLineA
LoadLibraryA
GetProcessHeap
MoveFileExA
GetProcAddress
InterlockedIncrement
InvokeControlPanel
drvSetDefaultCommConfigA
SHGetFileInfoA
ExtractIconA
FindExecutableA
ShellAboutA
SHChangeNotify
StrStrA
DragQueryFileA
DragQueryPoint
ShellMessageBoxA
SHGetMalloc
DragFinish
PathCompactPathW
UrlGetPartW
PathCommonPrefixW
UrlIsNoHistoryW
PathIsURLA
UrlIsOpaqueW
UrlUnescapeW
UrlIsW
UrlHashA
PathStripPathA
UrlEscapeA
UrlGetLocationA
PathCombineW
UrlCompareW
Number of PE resources by type
RT_RCDATA 5
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:26 15:06:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50688

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x287a

InitializedDataSize
621568

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8009e4433aad21916a7761d374ee2be9
SHA1 e0538c4bb3d0310f827799c98707b681d1f91b45
SHA256 2deaa0ec7445c26f1442f860eb32f4fcda2d501699d09a94c26035d6185803ea
ssdeep
12288:s/3UUUUUUFAhYeJWxRUoJhMZFYk7VvdtNIxgWtyy9OcSEllFwY:s/3UUUUUUFPeJ8rsOk7Zd3eV9OcSEPFw

authentihash a1b4f5d1f03a7f61defe028242e1993f793829f3d10dfcd44e499ae9b12ce715
imphash 169dbb2bfac932eeb207c950d5b2f249
File size 657.5 KB ( 673280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-17 11:37:45 UTC ( 1 year, 8 months ago )
Last submission 2019-04-03 02:27:42 UTC ( 2 weeks, 1 day ago )
File names VirusShare_8009e4433aad21916a7761d374ee2be9
output.112277891.txt
87wifhFsdf.exe
test.exe.txt
Trojan.Ransom.Locky.txt
1ade9a0c-a9a0-11e7-8691-80e65024849a.file
1ade9a0c-a9a0-11e7-8691-80e65024849a.file
8009e4433aad21916a7761d374ee2be9.txt
8009e4433aad21916a7761d374ee2be9
87wifhFsdf
output.112296233.txt
test.txt
1ade9a0c-a9a0-11e7-8691-80e65024849a.file
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs