× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e4d8554bb690e3e2a8762db1a73864d5983b8a1f9139973c8dfb7b7d891b6bb
File name: ecGZjf7ZWX
Detection ratio: 54 / 67
Analysis date: 2018-05-10 07:26:42 UTC ( 6 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.35659 20180510
AegisLab Uds.Dangerousobject.Multi!c 20180510
AhnLab-V3 Win-Trojan/Lockycrypt.Gen 20180510
ALYac Gen:Variant.Razy.35659 20180510
Antiy-AVL Trojan[Ransom]/Win32.Locky.gena 20180509
Arcabit Trojan.Razy.D8B4B 20180510
Avast Win32:Malware-gen 20180510
AVG Win32:Malware-gen 20180510
Avira (no cloud) TR/Locky.PP 20180510
AVware Trojan.Win32.Generic!BT 20180428
Baidu Win32.Trojan.Kryptik.xf 20180510
BitDefender Gen:Variant.Razy.35659 20180510
CAT-QuickHeal Ransomware.Locky.MUE.G5 20180510
ClamAV Win.Trojan.Agent-1394495 20180510
Comodo TrojWare.Win32.Ransom.Locky.DN 20180510
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180510
Cyren W32/Locky.G.gen!Eldorado 20180510
DrWeb Trojan.Encoder.4287 20180510
eGambit Unsafe.AI_Score_99% 20180510
Emsisoft Gen:Variant.Razy.35659 (B) 20180510
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.ESSX 20180510
F-Prot W32/Locky.G.gen!Eldorado 20180510
F-Secure Gen:Variant.Razy.35659 20180510
Fortinet W32/Kryptik.ERJK!tr 20180510
GData Win32.Trojan-Ransom.Locky.AL 20180510
Ikarus Trojan-Ransom.Locky 20180509
Jiangmin Trojan.Locky.jk 20180510
K7AntiVirus Trojan ( 004e190c1 ) 20180510
K7GW Trojan ( 004e190c1 ) 20180510
Kaspersky HEUR:Trojan.Win32.Generic 20180510
MAX malware (ai score=100) 20180510
McAfee Ransomware-FET!AF44CAFC821F 20180510
McAfee-GW-Edition BehavesLike.Win32.Worm.ch 20180510
Microsoft Ransom:Win32/Locky.A 20180510
eScan Gen:Variant.Razy.35659 20180510
NANO-Antivirus Trojan.Win32.Encoder.ebgtwd 20180510
Palo Alto Networks (Known Signatures) generic.ml 20180510
Panda Trj/Genetic.gen 20180509
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20180510
Sophos AV Troj/Ransom-CZH 20180510
SUPERAntiSpyware Ransom.Locky/Variant 20180510
Symantec Ransom.TeslaCrypt 20180510
Tencent Win32.Trojan.Raas.Auto 20180510
TrendMicro Ransom_LOCKY.SMA1 20180510
TrendMicro-HouseCall Ransom_LOCKY.SMA1 20180510
VBA32 Hoax.Locky 20180508
VIPRE Trojan.Win32.Generic!BT 20180510
ViRobot Trojan.Win32.Locky.Gen.B 20180510
Webroot W32.Trojan.Gen 20180510
Yandex Trojan.Locky! 20180508
Zillya Trojan.CryptGen.Win32.3 20180508
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180510
Alibaba 20180510
Avast-Mobile 20180509
Babable 20180406
Bkav 20180509
CMC 20180509
Cybereason None
Sophos ML 20180503
Kingsoft 20180510
Malwarebytes 20180510
nProtect 20180510
Rising 20180510
SentinelOne (Static ML) 20180225
Symantec Mobile Insight 20180509
TheHacker 20180509
TotalDefense 20180510
Trustlook 20180510
Zoner 20180509
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-30 10:55:28
Entry Point 0x000074D4
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteKeyW
DeleteService
RegQueryValueExW
GetNamedSecurityInfoW
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
SetTokenInformation
RegOpenKeyW
CreateServiceW
DuplicateTokenEx
CloseServiceHandle
RegQueryInfoKeyW
SetEntriesInAclW
RegEnumKeyExW
CreateProcessAsUserW
RegDeleteValueW
RevertToSelf
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
SetNamedSecurityInfoW
InitCommonControlsEx
DeleteDC
RestoreDC
DeleteObject
SetBkMode
SaveDC
CreateFontW
SetBitmapBits
SelectObject
CreateDIBSection
CreateCompatibleDC
GetBitmapBits
CreateCompatibleBitmap
SetTextColor
GetIpForwardTable
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
LockResource
HeapDestroy
GetPrivateProfileSectionNamesW
IsValidLocale
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
OpenWaitableTimerW
GetLogicalDrives
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
FindResourceExW
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
TlsGetValue
GetCurrentThread
GetEnvironmentVariableW
SetLastError
OpenThread
InterlockedDecrement
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
OpenWaitableTimerA
SetConsoleCtrlHandler
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
FlushInstructionCache
GetPrivateProfileStringW
GetModuleHandleA
GlobalAddAtomW
CreateThread
MoveFileExW
GlobalAddAtomA
SetUnhandledExceptionFilter
CreateMutexW
Module32NextW
IsProcessorFeaturePresent
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
DeviceIoControl
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetFileSize
OpenProcess
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
CompareStringA
FindFirstFileW
GlobalMemoryStatus
GetProcAddress
GetPrivateProfileSectionW
GetTempPathW
CreateEventW
CreateFileW
AddAtomW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
lstrlenA
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
lstrlenW
Process32NextW
CreateProcessW
CancelWaitableTimer
Module32FirstW
SizeofResource
GetCurrentProcessId
VirtualQueryEx
ProcessIdToSessionId
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
Process32FirstW
WritePrivateProfileStringW
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
LoadLibraryExA
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
GradientFill
AlphaBlend
VarUI4FromStr
VariantChangeType
SysStringLen
CreateErrorInfo
VariantClear
SysAllocString
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
VariantInit
QueryWorkingSet
GetModuleInformation
GetProcessMemoryInfo
GetModuleFileNameExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetMalloc
PathStripPathW
SHDeleteKeyW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
StrStrIW
PathAppendW
PathFindExtensionW
PathGetDriveNumberW
PathIsDirectoryW
PathRemoveExtensionW
SetFocus
MapWindowPoints
GetMonitorInfoW
GetForegroundWindow
GetParent
GetMessageW
GetClassNameW
EnumWindows
DefWindowProcW
KillTimer
DestroyMenu
TrackMouseEvent
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
SetCursor
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
UnregisterClassA
EnumChildWindows
AppendMenuW
GetWindowDC
DestroyCursor
TranslateMessage
GetWindow
PostMessageW
CharUpperA
DispatchMessageW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
LoadStringA
TranslateAcceleratorW
GetWindowLongW
IsWindowVisible
LoadStringW
SetWindowTextW
GetMenuItemInfoW
DrawTextW
CallWindowProcW
MonitorFromWindow
ScreenToClient
TrackPopupMenuEx
SetTimer
LoadImageW
LoadIconA
InvalidateRect
GetMenuItemCount
MonitorFromPoint
GetClientRect
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetFocus
wsprintfW
SetForegroundWindow
CharNextW
PtInRect
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
exit
_CIsin
__set_app_type
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
CoSetProxyBlanket
Number of PE resources by type
RT_ICON 12
RT_BITMAP 2
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 16
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
111104

ImageVersion
0.0

ProductName
Advanced Task Scheduler 32-bit Edition

FileVersionNumber
4.1.0.612

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Advanced Task Scheduler 32-bit Edition

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
Bidscheduler_edmin.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.1.0.612

TimeStamp
2016:03:30 11:55:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
#dvenzed Task Scheduler 32-bit Edition

ProductVersion
4.1.0.612

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright Southsoftware.com, 2002-2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Doubtsoftware.com

CodeSize
61952

FileSubtype
0

ProductVersionNumber
4.1.0.612

EntryPoint
0x74d4

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 af44cafc821ff931225c3f65dca77892
SHA1 64d7e35e69034347ba82d7400c25bd41b57dc3ed
SHA256 2e4d8554bb690e3e2a8762db1a73864d5983b8a1f9139973c8dfb7b7d891b6bb
ssdeep
3072:x/Dse7ydPLuEBoeQUTgA7TOBVa7InnzetXI02x0v:tZWBqEBrQMgTS

authentihash 77973b222fea07044a15759c4632c1a4fd5b601bf61ea80ef1b8f8f4dc85f941
imphash f56bbad53d91182675f24a5fe061818e
File size 165.5 KB ( 169472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-30 12:51:11 UTC ( 2 years, 7 months ago )
Last submission 2018-05-10 07:26:42 UTC ( 6 months, 1 week ago )
File names ecGZjf7ZWX
l7dsp.exe
af44cafc821ff931225c3f65dca77892.bin
2e4d8554bb690e3e2a8762db1a73864d5983b8a1f9139973c8dfb7b7d891b6bb.exe
JYW7I91Wxr3ov.exe
l7dsp_exe
AxvpK.caj
l7dsp
617514ccc1b146ddd073d118b2411c0a12eefc6a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections