× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 383cdd0d52de2b9a0944ae39daaf8d9b5dbb4e70c42670b6a41de853b030f49b
File name: 75ffe8f34caed9781662448041f4c850.exe
Detection ratio: 50 / 60
Analysis date: 2017-06-20 10:57:10 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Ransom.JobCrypter.4 20170620
AegisLab Troj.Ransom.W32.Blocker!c 20170620
AhnLab-V3 Trojan/Win32.FileCoder.C1777286 20170620
ALYac Gen:Variant.Ransom.JobCrypter.4 20170620
Arcabit Trojan.Ransom.JobCrypter.4 20170620
Avast Win32:Trojan-gen 20170620
AVG Win32:Trojan-gen 20170620
Avira (no cloud) TR/AD.Nojocrypt.ahrmm 20170620
AVware Trojan.Win32.Generic!BT 20170620
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9959 20170620
BitDefender Gen:Variant.Ransom.JobCrypter.4 20170620
CAT-QuickHeal Ransom.Nojocrypt 20170620
Comodo UnclassifiedMalware 20170620
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/Symmi.O2.gen!Eldorado 20170620
DrWeb Trojan.DownLoader23.52513 20170620
Emsisoft Trojan-Ransom.JobCrypter (A) 20170620
Endgame malicious (high confidence) 20170615
ESET-NOD32 MSIL/Filecoder.JobCrypter.A 20170620
F-Prot W32/Symmi.O2.gen!Eldorado 20170620
F-Secure Gen:Variant.Ransom.JobCrypter.4 20170620
Fortinet W32/Blocker.A!tr 20170620
GData Gen:Variant.Ransom.JobCrypter.4 20170620
Ikarus Trojan.MSIL.Agent 20170620
Sophos ML heuristic 20170607
K7AntiVirus Trojan ( 004ddac41 ) 20170620
K7GW Trojan ( 004ddac41 ) 20170620
Kaspersky Trojan-Ransom.Win32.Blocker.jwzl 20170620
Malwarebytes Trojan.JobCrypter 20170620
McAfee RDN/Ransom-FLFF 20170620
McAfee-GW-Edition BehavesLike.Win32.Generic.gc 20170620
Microsoft Ransom:MSIL/Nojocrypt.A 20170620
eScan Gen:Variant.Ransom.JobCrypter.4 20170620
NANO-Antivirus Trojan.Win32.Blocker.elhvjk 20170620
nProtect Ransom/W32.Blocker.505344 20170620
Palo Alto Networks (Known Signatures) generic.ml 20170620
Panda Trj/CI.A 20170619
Rising Ransom.FileCryptor!8.1A7 (cloud:Gj0RrKHqqQI) 20170620
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Troj/Ransom-EEZ 20170620
Symantec Trojan.FakeAV 20170620
Tencent Win32.Trojan.Blocker.Akfv 20170620
TrendMicro Ransom_Nojocrypt.R03BC0DB817 20170620
TrendMicro-HouseCall Ransom_Nojocrypt.R03BC0DB817 20170620
VBA32 Hoax.Blocker 20170620
VIPRE Trojan.Win32.Generic!BT 20170620
ViRobot Trojan.Win32.S.Ransom.505344[h] 20170620
Webroot W32.Trojan.Gen 20170620
Yandex Trojan.Blocker!GdKOiz/4E1A 20170619
ZoneAlarm by Check Point Trojan-Ransom.Win32.Blocker.jwzl 20170620
Alibaba 20170620
Antiy-AVL 20170620
ClamAV 20170620
CMC 20170619
Jiangmin 20170620
Kingsoft 20170620
Qihoo-360 20170620
SUPERAntiSpyware 20170620
Symantec Mobile Insight 20170620
TheHacker 20170618
Trustlook 20170620
WhiteArmor 20170616
Zillya 20170619
Zoner 20170620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product File Locker
Original name FileLocker.exe
Internal name FileLocker.exe
File version 0.3.0.0
Description File Locker
Comments File Locker
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-06 02:07:16
Entry Point 0x0000CCEF
Number of sections 4
PE sections
PE imports
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
lstrlenA
WriteConsoleW
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
FreeEnvironmentStringsW
LockResource
GetCPInfo
Module32First
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
SetHandleCount
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
SetStdHandle
SetFilePointer
RaiseException
CompareStringA
UnhandledExceptionFilter
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
GetConsoleOutputCP
Module32Next
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeResource
SetEnvironmentVariableA
CompareStringW
TerminateProcess
GetEnvironmentStrings
QueryPerformanceCounter
WriteConsoleA
IsValidCodePage
LoadResource
VirtualFree
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
FindResourceA
VirtualAlloc
GetStartupInfoA
SetLastError
LeaveCriticalSection
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayCreate
VariantInit
SysFreeString
SafeArrayCreateVector
CorBindToRuntimeEx
OleInitialize
Number of PE resources by type
RT_ICON 12
RT_MANIFEST 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 16
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
File Locker

SubsystemVersion
5.0

Comments
File Locker

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.3.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
File Locker

CharacterSet
Unicode

InitializedDataSize
399872

EntryPoint
0xccef

OriginalFileName
FileLocker.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
0.3.0.0

TimeStamp
2017:02:06 03:07:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FileLocker.exe

ProductVersion
0.3.0.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
File Locker

CodeSize
104448

ProductName
File Locker

ProductVersionNumber
0.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.3.0.0

File identification
MD5 75ffe8f34caed9781662448041f4c850
SHA1 a480b3d8d970fc5bbcb2410e4c596dc6d3a811cb
SHA256 383cdd0d52de2b9a0944ae39daaf8d9b5dbb4e70c42670b6a41de853b030f49b
ssdeep
12288:+oL4EnU4T/vjLJtJtfPvEjzCpInl3GIg1wKqLFa6lmTlFY:+wnU4TDLLfPvuCpwsbGN4TlFY

authentihash 4b59c181e2ac530959f62c7669689080f714d2eae83de7035d940f83227034a8
imphash 9dd8c0ff4fc84287e5b766563240f983
File size 493.5 KB ( 505344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-06 10:44:24 UTC ( 5 months, 2 weeks ago )
Last submission 2017-06-20 10:57:10 UTC ( 1 month ago )
File names 22.exe
75ffe8f34caed9781662448041f4c850.exe
Locker.exe
localfile~
75ffe8f34caed9781662448041f4c850.exe
fff.exe
Locker.exe
6.exe
383cdd0d52de2b9a0944ae39daaf8d9b5dbb4e70c42670b6a41de853b030f49b.exe
75f0.exe
75ffe8f34caed9781662448041f4c850.exe
FileLocker.exe
evil.exe
75ffe8f34caed9781662448041f4c850.exe
dae820b519ce7790a5609362712e71c5c18b6c45
Locker.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.