× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 38527d20338fb35717b349176b976610465d368123c083fb88115e982b367918
File name: svchosd.exe
Detection ratio: 50 / 60
Analysis date: 2017-05-25 18:44:26 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.184158 20170525
AegisLab Troj.W32.Gen.mCYi 20170525
AhnLab-V3 Malware/Win32.Generic.C1465743 20170525
ALYac Gen:Variant.Zusy.184158 20170525
Antiy-AVL Trojan[Ransom]/Win32.Agent 20170525
Arcabit Trojan.Zusy.D2CF5E 20170525
Avast Win32:Malware-gen 20170525
AVG Win32/DH{gmBi?} 20170525
Avira (no cloud) TR/Ransom.psxmn 20170525
AVware Trojan.Win32.Generic!BT 20170525
BitDefender Gen:Variant.Zusy.184158 20170525
CAT-QuickHeal Ransomware.DMALocker.A5 20170525
ClamAV Win.Trojan.DMALocker-1 20170525
Comodo TrojWare.Win32.Ransom.DMALocker.A 20170525
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/DMALocker.A.gen!Eldorado 20170525
DrWeb Trojan.Encoder.4199 20170525
Emsisoft Gen:Variant.Zusy.184158 (B) 20170525
Endgame malicious (high confidence) 20170515
ESET-NOD32 a variant of Win32/Filecoder.DMALocker.C 20170525
F-Prot W32/DMALocker.A.gen!Eldorado 20170525
F-Secure Trojan:W32/DMALocker.A 20170525
Fortinet W32/Kryptik.35100!tr 20170525
GData Win32.Trojan-Ransom.DMALocker.B 20170525
Ikarus Trojan.Win32.Filecoder 20170525
Sophos ML trojan.win32.sabresac.a!bit 20170519
Jiangmin Trojan.Agent.vhn 20170525
K7AntiVirus Trojan ( 004ddcc51 ) 20170525
K7GW Trojan ( 004ddcc51 ) 20170525
Kaspersky HEUR:Trojan-Ransom.Win32.Agent.ilw 20170525
Malwarebytes Ransom.DMALocker 20170525
McAfee GenericRXAJ-NF!34636AC34D6E 20170525
McAfee-GW-Edition GenericRXAJ-NF!34636AC34D6E 20170525
Microsoft Ransom:Win32/DMALocker.B 20170525
eScan Gen:Variant.Zusy.184158 20170525
NANO-Antivirus Trojan.Win32.Agent.ebasjq 20170525
Palo Alto Networks (Known Signatures) generic.ml 20170525
Panda Trj/Genetic.gen 20170525
Qihoo-360 Win32/Trojan.Ransom.f7b 20170525
Rising Malware.Generic.5!tfe (thunder:5:KwJ1oF1bxbG) 20170525
Sophos AV Mal/Generic-S 20170525
Symantec Downloader 20170525
TheHacker Trojan/Filecoder.DMALocker.c 20170525
TrendMicro Ransom_MADLOCKER.SMLV 20170525
TrendMicro-HouseCall Ransom_MADLOCKER.SMLV 20170525
VIPRE Trojan.Win32.Generic!BT 20170525
Webroot W32.Trojan.Gen 20170525
Yandex Trojan.Filecoder!OZjrpV9ZVJY 20170518
Zillya Trojan.Agent.Win32.669299 20170525
ZoneAlarm by Check Point HEUR:Trojan-Ransom.Win32.Agent.ilw 20170525
Alibaba 20170525
Bkav 20170525
CMC 20170525
Kingsoft 20170525
nProtect 20170525
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170525
Symantec Mobile Insight 20170525
Tencent 20170525
Trustlook 20170525
VBA32 20170525
ViRobot 20170525
WhiteArmor 20170524
Zoner 20170525
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-10 14:33:55
Entry Point 0x000065BB
Number of sections 5
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
RegSetValueExW
CryptGenRandom
RegOpenKeyExW
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptImportKey
GetOpenFileNameA
DeleteDC
SelectObject
CreateFontA
GetStockObject
CreateSolidBrush
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
QueryDosDeviceA
TlsGetValue
MoveFileW
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
DecodePointer
OpenProcess
GetStartupInfoW
WaitForMultipleObjects
GetProcessHeap
CompareStringW
GetFileInformationByHandle
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
Process32NextW
FileTimeToLocalFileTime
Wow64DisableWow64FsRedirection
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
CreateProcessW
Sleep
WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
GetMessageA
UpdateWindow
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
DispatchMessageA
EnableWindow
MessageBoxA
TranslateMessage
IsWindowEnabled
RegisterClassExA
SetWindowTextA
SendMessageA
GetClientRect
GetDlgItem
CreateWindowExA
LoadCursorA
LoadIconA
SetWindowTextW
EndPaint
SetForegroundWindow
DestroyWindow
Number of PE resources by type
RT_BITMAP 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:03:10 15:33:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
75264

LinkerVersion
10.0

EntryPoint
0x65bb

InitializedDataSize
130048

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 34636ac34d6ed369974d45e68d9902ea
SHA1 01ef24f1122bf5117a411c80ad02a70885435f00
SHA256 38527d20338fb35717b349176b976610465d368123c083fb88115e982b367918
ssdeep
1536:9kR7Hlwjb5lBNHi+q3AotK9qdqeZ0Vd7ZskJizNfQKhJRCKjPc/NNsWh0GVwmNm:6RLWjbBNCTAdeCJJ8XJRdw/DJh0GV

authentihash 76246a6fa44916ccdd5b9ecff66490a9ec1ad536ee35d3e7b83574fa9fc44c9e
imphash 1faa1f41ff65fec472802847d7ad22ce
File size 201.5 KB ( 206336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-23 12:14:13 UTC ( 1 year, 10 months ago )
Last submission 2018-05-10 06:20:05 UTC ( 10 months, 2 weeks ago )
File names svchosd.exe
localfile~
svchosd.exe
svchosd.exe
38527d20338fb35717b349176b976610465d368123c083fb88115e982b367918
38527d20338fb35717b349176b976610465d368123c083fb88115e982b367918
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!