× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f414441e592bb2bc853c8c2f2e216d0f55ea23091fc87ef2f202ec087f5ceea
File name: ssj.jpg
Detection ratio: 42 / 65
Analysis date: 2019-03-01 01:37:58 UTC ( 3 weeks, 1 day ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.31573204 20190228
AhnLab-V3 Trojan/Win32.Shade.C2973082 20190228
ALYac Trojan.Ransom.Shade 20190301
Antiy-AVL GrayWare/Win32.Generic 20190301
Arcabit Trojan.Generic.D1E1C4D4 20190228
Avast Win32:Malware-gen 20190228
AVG Win32:Malware-gen 20190228
Avira (no cloud) TR/Crypt.XPACK.ahmt 20190301
BitDefender Trojan.GenericKD.31573204 20190228
CAT-QuickHeal TrojanRansom.Shade 20190228
Comodo Malware@#2dglerozgxir0 20190301
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cyren W32/Trojan.ZFBY-1885 20190301
DrWeb Trojan.Encoder.858 20190228
Emsisoft Trojan-Ransom.Shade (A) 20190228
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPCE 20190228
Fortinet W32/Kryptik.GOUT!tr.ransom 20190228
GData Trojan.GenericKD.31573204 20190228
Ikarus Trojan-Ransom.Crypted007 20190228
K7AntiVirus Trojan ( 0054668a1 ) 20190301
K7GW Trojan ( 0054668a1 ) 20190228
Kaspersky Trojan-Ransom.Win32.Shade.pka 20190228
Malwarebytes Ransom.Troldesh 20190228
McAfee Trojan-FQMJ!227FC52B0129 20190301
McAfee-GW-Edition Trojan-FQMJ!227FC52B0129 20190228
Microsoft Ransom:Win32/Troldesh.A 20190301
eScan Trojan.GenericKD.31573204 20190301
NANO-Antivirus Trojan.Win32.Encoder.fmkwot 20190228
Palo Alto Networks (Known Signatures) generic.ml 20190301
Panda Trj/CI.A 20190228
Qihoo-360 Win32/Trojan.Ransom.f3d 20190301
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Cerber-K 20190228
Symantec Downloader 20190228
Tencent Win32.Trojan.Shade.Hpil 20190301
Trapmine malicious.high.ml.score 20190123
VBA32 BScope.Malware-Cryptor.Filecoder 20190228
Webroot W32.Trojan.Gen 20190301
Yandex Trojan.Shade! 20190228
ZoneAlarm by Check Point Trojan-Ransom.Win32.Shade.pka 20190228
AegisLab 20190228
Alibaba 20180921
Avast-Mobile 20190228
Babable 20180918
Baidu 20190215
Bkav 20190228
ClamAV 20190228
CMC 20190228
Cybereason 20190109
eGambit 20190301
F-Prot 20190228
F-Secure 20190301
Sophos ML 20181128
Jiangmin 20190301
Kingsoft 20190301
MAX 20190301
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190228
TheHacker 20190225
TotalDefense 20190228
Trustlook 20190301
ViRobot 20190301
Zoner 20190228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 51.1052.0.0
Description setip/Unikstall
Signature verification The digital signature of the object did not verify.
Signing date 2:54 AM 3/1/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-23 17:02:27
Entry Point 0x00002280
Number of sections 5
PE sections
Overlays
MD5 9a2bbf3cd525daec9fc1bd4a01b46a59
File type data
Offset 1228800
Size 3336
Entropy 7.34
PE imports
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
RegCreateKeyW
OpenServiceW
DeleteService
SetSecurityDescriptorDacl
CloseServiceHandle
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
RegOpenKeyExA
CreateServiceW
SetServiceStatus
SetEntriesInAclW
RegSetValueExW
FreeSid
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetMetaRgn
StrokePath
EndDoc
CancelDC
GetSystemPaletteUse
CreateSolidBrush
GetFontLanguageInfo
AbortDoc
RealizePalette
GetLastError
ReleaseMutex
VirtualAllocEx
LoadLibraryW
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
SetThreadPriority
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
WriteFileGather
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
CreateHardLinkA
_lclose
GetModuleFileNameW
WritePrivateProfileStructA
GetFileAttributesA
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
EnumSystemLanguageGroupsA
GetSystemTimeAsFileTime
EnumResourceTypesW
GetModuleHandleW
SetPriorityClass
FreeLibrary
LocalFree
EnumLanguageGroupLocalesW
TerminateProcess
CreateEventW
OutputDebugStringW
OpenEventW
Sleep
SetConsoleCtrlHandler
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
CloseHandle
SHFormatDrive
SHCreateDirectoryExW
SHAddToRecentDocs
ExtractIconExA
ExtractIconEx
SHFileOperationW
SHGetPathFromIDListW
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceA
ExtractIconExW
SHCreateDirectoryExA
SHInvokePrinterCommandA
SHGetDataFromIDListA
DuplicateIcon
SHPathPrepareForWriteW
SHCreateProcessAsUserW
SHLoadNonloadedIconOverlayIdentifiers
StrChrW
StrStrIA
StrRChrW
StrRChrIW
SHGetValueA
StrRStrIA
StrStrIW
StrRChrA
SHSetValueA
StrCmpIW
StrCmpNIA
PathRemoveFileSpecA
GetClassInfoExW
DefWindowProcW
GetCapture
GetClipboardOwner
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
MessageBoxA
RegisterDeviceNotificationW
IsCharAlphaA
TranslateMessage
GetClipboardSequenceNumber
DispatchMessageW
DestroyCursor
EditWndProc
GetDoubleClickTime
LoadStringA
RegisterClassW
IsCharLowerA
GetWindowTextLengthA
IsWindowVisible
UnregisterClassW
IsCharAlphaW
GetMenuCheckMarkDimensions
SetMenuDefaultItem
SendMessageTimeoutA
CharLowerA
GetDesktopWindow
UnregisterDeviceNotification
GetDialogBaseUnits
IsMenu
CreateWindowExW
GetWindowLongW
SetForegroundWindow
GetMenuContextHelpId
DestroyWindow
CoUninitialize
Number of PE resources by type
RT_ICON 13
RT_RCDATA 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
51.1052.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
setip/Unikstall

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1219584

EntryPoint
0x2280

MIMEType
application/octet-stream

FileVersion
51.1052.0.0

TimeStamp
2019:01:23 18:02:27+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
9216

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 227fc52b01298a4b8869482e3c40503b
SHA1 a931eba78e65cddffd0e8687040fb89b39726c11
SHA256 2f414441e592bb2bc853c8c2f2e216d0f55ea23091fc87ef2f202ec087f5ceea
ssdeep
12288:z9flAzWulcKX7yKCHqknCLv/gEOF0ZV/cgtx61slrEiv/Kc9Rf8/3cwt8888888I:5lAzCEMKaMpjt02yiv/7Rf8/MwYTxBc

authentihash e84f401d563eb742a070d3db4ac55e67ddd976e38da2ca8bcd6a03ba3a77ab5f
imphash 52b706f9e593f5965899a4a9ea6b3440
File size 1.2 MB ( 1232136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-23 17:10:20 UTC ( 1 month, 4 weeks ago )
Last submission 2019-02-07 12:02:32 UTC ( 1 month, 2 weeks ago )
File names zbetcheckin_tracker_ssj.jpg
output.115020741.txt
output.114973003.txt
ssj.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections