× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1
File name: 3208EFE96D14F5A6A2840DAECBEAD6B0F4D73C5A05192A1A8EEF8B50BBFB4BC1
Detection ratio: 25 / 66
Analysis date: 2018-04-06 12:03:23 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Heur.Ransom.MSIL.1 20180406
ALYac Gen:Heur.Ransom.MSIL.1 20180406
Arcabit Trojan.Ransom.MSIL.1 20180406
BitDefender Gen:Heur.Ransom.MSIL.1 20180406
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170201
Cybereason malicious.292ddb 20180225
Cylance Unsafe 20180406
Cyren W32/GenBl.0997BA72!Olympus 20180406
Emsisoft Gen:Heur.Ransom.MSIL.1 (B) 20180406
ESET-NOD32 a variant of MSIL/Filecoder.HD 20180406
GData Win32.Trojan-Ransom.Filecoder.P@gen 20180406
Kaspersky UDS:DangerousObject.Multi.Generic 20180406
MAX malware (ai score=95) 20180406
McAfee Artemis!0997BA7292DD 20180406
McAfee-GW-Edition BehavesLike.Win32.Generic.ph 20180406
Microsoft Ransom:Win32/Genasom 20180406
eScan Gen:Heur.Ransom.MSIL.1 20180406
Palo Alto Networks (Known Signatures) generic.ml 20180406
Qihoo-360 Win32/Trojan.Ransom.935 20180406
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Genasom-A 20180406
Symantec Trojan.Gen.2 20180406
TrendMicro Ransom_RAMSIL.SM 20180406
TrendMicro-HouseCall Ransom_RAMSIL.SM 20180406
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180406
AegisLab 20180406
AhnLab-V3 20180406
Alibaba 20180404
Antiy-AVL 20180406
Avast 20180406
Avast-Mobile 20180406
AVG 20180406
Avira (no cloud) 20180406
AVware 20180406
Baidu 20180404
Bkav 20180406
CAT-QuickHeal 20180406
ClamAV 20180406
CMC 20180406
Comodo 20180406
DrWeb 20180406
eGambit 20180406
Endgame 20180403
F-Prot 20180406
F-Secure 20180402
Fortinet 20180406
Ikarus 20180406
Sophos ML 20180121
Jiangmin 20180406
K7AntiVirus 20180404
K7GW 20180406
Kingsoft 20180406
Malwarebytes 20180406
NANO-Antivirus 20180406
nProtect 20180406
Panda 20180406
Rising 20180406
SUPERAntiSpyware 20180406
Symantec Mobile Insight 20180406
Tencent 20180406
TheHacker 20180404
TotalDefense 20180406
Trustlook 20180406
VBA32 20180406
VIPRE 20180406
ViRobot 20180406
Yandex 20180406
Zillya 20180405
Zoner 20180406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018

Product PUBG_Ransomware
Original name PUBG_Ransomware.exe
Internal name PUBG_Ransomware.exe
File version 1.0.0.0
Description PUBG_Ransomware
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-09 00:35:11
Entry Point 0x0000AA1A
Number of sections 3
.NET details
Module Version ID 00e5813c-377a-4023-a55c-7012db1b0974
TypeLib ID 55bb331e-3e95-4c11-a8a9-ceead96445d6
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
80.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
PUBG_Ransomware

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
5120

EntryPoint
0xaa1a

OriginalFileName
PUBG_Ransomware.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018

FileVersion
1.0.0.0

TimeStamp
2018:03:09 01:35:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PUBG_Ransomware.exe

ProductVersion
1.0.0.0

SubsystemVersion
6.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
35840

ProductName
PUBG_Ransomware

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 0997ba7292ddbac1c7e7ade6766ed53c
SHA1 d63ff86f05b6f2fb86abf0dcd16cd2008fa3c158
SHA256 3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1
ssdeep
768:qqsKtER6RyqAaeN5E62J7hHKr3jzK8zBkTcbI9fN2PjM9J7YoztYcF0Kc6K:qqZQQyqA7wFJ7ZKr3XnaTc8KjmJ5j0KY

authentihash 9c0cf9b920fd710500d55806a590a86f14689d54cceef6bbc4c1cd6343a96dff
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 40.5 KB ( 41472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (55.8%)
Win64 Executable (generic) (21.0%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-04-06 08:30:07 UTC ( 6 months, 1 week ago )
Last submission 2018-06-10 18:25:51 UTC ( 4 months, 1 week ago )
File names PUBG ransomware
copy.exe
PUBG.exe
0997ba7292ddbac1c7e7ade6766ed53c.exe
3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1
3208EFE96D14F5A6A2840DAECBEAD6B0F4D73C5A05192A1A8EEF8B50BBFB4BC1
PUBG_Ransomware.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!