× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 305153b14416391a42cd06338729048cc5a4163bb3a014422745beb5e6572811
File name: 31e4d13c5d776036ac3603565ddc4db3
Detection ratio: 12 / 58
Analysis date: 2017-02-10 13:09:23 UTC ( 2 years ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170210
AVware Lookslike.Win32.Crowti.an!ag (v) 20170210
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9557 20170210
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
ESET-NOD32 a variant of Win32/Kryptik.FOCV 20170210
Sophos ML virus.win32.sality.am 20170203
Kaspersky UDS:DangerousObject.Multi.Generic 20170210
Qihoo-360 Win32/Trojan.Multi.daf 20170210
Symantec Ransom.TeslaCrypt 20170210
Tencent Win32.Trojan.Raas.Auto 20170210
VIPRE Lookslike.Win32.Crowti.an!ag (v) 20170210
ViRobot Trojan.Win32.R.Agent.366080.C[h] 20170210
Ad-Aware 20170210
AhnLab-V3 20170210
Alibaba 20170122
ALYac 20170210
Antiy-AVL 20170210
Arcabit 20170210
Avast 20170210
AVG 20170210
Avira (no cloud) 20170210
BitDefender 20170210
Bkav 20170210
CAT-QuickHeal 20170210
ClamAV 20170210
CMC 20170210
Comodo 20170210
Cyren 20170210
DrWeb 20170210
Emsisoft 20170210
Endgame 20170208
F-Prot 20170210
F-Secure 20170210
Fortinet 20170210
GData 20170210
Ikarus 20170210
Jiangmin 20170210
K7AntiVirus 20170210
K7GW 20170210
Kingsoft 20170210
Malwarebytes 20170210
McAfee 20170210
McAfee-GW-Edition 20170210
Microsoft 20170210
eScan 20170210
NANO-Antivirus 20170210
nProtect 20170210
Panda 20170209
Rising 20170210
Sophos AV 20170210
SUPERAntiSpyware 20170210
TheHacker 20170209
TotalDefense 20170210
TrendMicro 20170210
TrendMicro-HouseCall 20170210
Trustlook 20170210
VBA32 20170210
WhiteArmor 20170202
Yandex 20170209
Zillya 20170210
Zoner 20170210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2013. All rights reserved.

Product Longhorn
Original name Longhorn
Internal name Longhorn
File version 3.4.7.1
Description Researchers Crumbs Professional
Comments Researchers Crumbs Professional
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-10 05:42:07
Entry Point 0x0000BF31
Number of sections 5
PE sections
PE imports
CryptDestroyKey
SetSecurityDescriptorOwner
SetNamedSecurityInfoA
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
CryptGetHashParam
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenThreadToken
RegSetValueExA
ConvertStringSidToSidA
CryptEncrypt
CryptSetHashParam
RegCreateKeyExA
ImpersonateNamedPipeClient
CryptHashData
CryptCreateHash
CryptDestroyHash
CryptDeriveKey
AVIMakeCompressedStream
AVIStreamSetFormat
AVIStreamRelease
ImageList_GetImageCount
ImageList_SetOverlayImage
ImageList_LoadImageA
ImageList_GetImageInfo
Ord(6)
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
ImageList_Draw
ImageList_Add
PrintDlgA
ChooseColorA
GetFileTitleA
CreateICA
SetMapMode
PatBlt
CreatePen
TextOutA
CreateFontIndirectA
GetPaletteEntries
GetTextCharset
RemoveFontMemResourceEx
GetClipBox
GetDeviceCaps
TranslateCharsetInfo
LineTo
DeleteDC
EndDoc
SelectObject
StartPage
BitBlt
SetTextColor
CreatePatternBrush
GetCurrentObject
CreateBitmap
MoveToEx
AddFontMemResourceEx
GdiFlush
SelectClipRgn
CreateCompatibleDC
SetBrushOrgEx
EndPage
CreateRectRgn
SetViewportExtEx
StartDocA
SetWindowExtEx
CreateSolidBrush
GetClipRgn
SetBkColor
DeleteObject
Ellipse
ImmGetDescriptionA
ImmReleaseContext
ImmGetDefaultIMEWnd
ImmGetContext
GetIfEntry
GetIfTable
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ConnectNamedPipe
InitializeCriticalSection
InterlockedDecrement
SetLastError
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
lstrcpyA
IsValidLocale
GetProcAddress
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
CreateNamedPipeA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
GradientFill
DsUnBindA
Ord(51)
Ord(46)
OleCreatePictureIndirect
wglSetLayerPaletteEntries
EnumPageFilesA
DragAcceptFiles
SHCreateDirectoryExA
SHGetFolderPathA
StrToIntExA
PathAppendA
EndDeferWindowPos
GetMessagePos
UpdateWindow
GetScrollInfo
BeginPaint
SetCaretPos
FindWindowA
CreatePopupMenu
ShowWindow
SetClassLongA
LoadBitmapA
GetWindowThreadProcessId
FreeDDElParam
GetSystemMetrics
IsWindow
GetWindowRect
InflateRect
GetWindowLongA
SetCapture
GetDlgItemTextA
GetWindow
CheckMenuRadioItem
SetScrollInfo
GetAsyncKeyState
DrawTextA
SystemParametersInfoA
SetWindowTextA
GetMenu
LoadStringA
IsWindowVisible
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
SetScrollRange
GetDC
ScreenToClient
SetRect
InvalidateRect
wsprintfA
FindWindowExA
CreateMenu
LoadCursorA
LoadIconA
GetKeyboardLayout
GetTopWindow
BeginDeferWindowPos
GetDesktopWindow
RedrawWindow
CreateWindowExW
ReleaseDC
GetWindowInfo
GetAncestor
PtInRect
mmioClose
WSAGetLastError
WSACreateEvent
CreateStreamOnHGlobal
CoCreateInstance
CreateItemMoniker
GetHGlobalFromStream
GetRunningObjectTable
URLDownloadToCacheFileA
Number of PE resources by type
RT_CURSOR 10
RT_ICON 8
RT_BITMAP 7
RT_GROUP_CURSOR 6
RT_RCDATA 5
BIN 2
RCDATA 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 42
PE resources
Debug information
ExifTool file metadata
CodeSize
106496

SubsystemVersion
5.1

Comments
Researchers Crumbs Professional

Languages
English

InitializedDataSize
258560

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.4.7.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Researchers Crumbs Professional

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

EntryPoint
0xbf31

OriginalFileName
Longhorn

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013. All rights reserved.

FileVersion
3.4.7.1

TimeStamp
2017:02:10 06:42:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Longhorn

ProductVersion
3.4.7.1

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
10-Strike Software

LegalTrademarks
Copyright 2013. All rights reserved.

ProductName
Longhorn

ProductVersionNumber
3.4.7.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 31e4d13c5d776036ac3603565ddc4db3
SHA1 6e8aa64ca4daec8e3e97c74c442c6e4c8143a63b
SHA256 305153b14416391a42cd06338729048cc5a4163bb3a014422745beb5e6572811
ssdeep
6144:zuRcVrZP39iEDpF/xQq/ZWpjKheM7e4ZuZ7ApQhO2611+oE137+o1:SRcViEDj/xQOeK0M8WIdd+o1

authentihash 099232fb5e23eaf099717af0e5b69612c65970edd39c520f8f22313a93e74105
imphash 1fff74b5b44a5a23a6111f12269ad026
File size 357.5 KB ( 366080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-10 07:20:45 UTC ( 2 years ago )
Last submission 2017-08-19 01:29:16 UTC ( 1 year, 6 months ago )
File names Win32.Ransom.Locky@305153b14416391a42cd06338729048cc5a4163bb3a014422745beb5e6572811.bin
11.exe
11.exe
72811.exe.exe
Longhorn
305153b14416391a42cd06338729048cc5a4163bb3a014422745beb5e6572811
305153b14416391a42cd06338729048cc5a4163bb3a014422745beb5e6572811.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications