× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 387680bed90775d8b3d57dcc78cd41c9db1bb930db11148d15975ea9c0e4f3f3
File name: Win32.Ransom.Cerber@387680bed90775d8b3d57dcc78cd41c9db1bb930db111...
Detection ratio: 40 / 58
Analysis date: 2017-02-24 01:18:25 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4426461 20170223
AegisLab Troj.Ransom.W32.Zerber!c 20170223
AhnLab-V3 Trojan/Win32.Cerber.R195524 20170223
ALYac Trojan.GenericKD.4426461 20170223
Antiy-AVL Trojan[Ransom]/Win32.Zerber 20170223
Arcabit Trojan.Generic.D438ADD 20170223
Avast Win32:Trojan-gen 20170223
AVG Ransom_s.LX 20170224
Avira (no cloud) TR/Crypt.ZPACK.tgpjj 20170223
AVware Trojan.Win32.Generic!BT 20170223
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170223
BitDefender Trojan.GenericKD.4426461 20170223
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
DrWeb Trojan.Encoder.10295 20170223
Emsisoft Trojan.GenericKD.4426461 (B) 20170223
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/Kryptik.FOMM 20170224
F-Secure Trojan.GenericKD.4426461 20170224
Fortinet W32/Kryptik.FONH!tr 20170223
GData Trojan.GenericKD.4426461 20170224
Sophos ML generic.a 20170203
K7AntiVirus Trojan ( 00505cfd1 ) 20170223
K7GW Trojan ( 00505cfd1 ) 20170223
Kaspersky Trojan-Ransom.Win32.Zerber.cfrz 20170224
Malwarebytes Ransom.Cerber 20170224
McAfee Ransomware-FMJ!0B1F079C4464 20170224
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20170223
Microsoft Trojan:Win32/Dynamer!ac 20170224
eScan Trojan.GenericKD.4426461 20170224
NANO-Antivirus Trojan.Win32.Foreign.elqkvk 20170223
Panda Trj/Genetic.gen 20170223
Qihoo-360 Win32/Trojan.Ransom.a5a 20170224
Rising Malware.Generic.2!tfe (thunder:2:gS1Xy3A2yHI) 20170223
Sophos AV Mal/Elenoocka-E 20170224
Symantec Packed.Generic.493 20170223
Tencent Win32.Trojan.Zerber.Eot 20170224
TrendMicro Ransom_Zerber.R021C0EBJ17 20170224
TrendMicro-HouseCall Ransom_Zerber.R021C0EBJ17 20170224
VIPRE Trojan.Win32.Generic!BT 20170223
Yandex Trojan.Kryptik!NUnqzAen9Iw 20170222
Alibaba 20170223
Bkav 20170223
CAT-QuickHeal 20170223
ClamAV 20170223
CMC 20170223
Comodo 20170223
Cyren 20170223
F-Prot 20170224
Ikarus 20170223
Jiangmin 20170224
Kingsoft 20170224
nProtect 20170223
SUPERAntiSpyware 20170224
TheHacker 20170223
Trustlook 20170224
VBA32 20170223
ViRobot 20170223
Webroot 20170224
WhiteArmor 20170222
Zillya 20170223
Zoner 20170223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-02 10:01:36
Entry Point 0x00003524
Number of sections 4
PE sections
Overlays
MD5 32aa5321ea8f01cdd2dde224095157ac
File type data
Offset 258048
Size 809
Entropy 7.11
PE imports
CoCreateActivity
CoLoadServices
OpenThread
ReplaceFileA
CreateJobObjectA
UpdateResourceW
WaitForSingleObject
lstrcmp
GetTickCount
GetVolumeInformationA
GetCurrentProcessId
GetPrivateProfileIntA
CreateDirectoryA
OpenFileMappingA
GetDateFormatW
InterlockedDecrement
GetCommandLineA
GetProcAddress
OpenMutexA
CreateMutexA
MoveFileExW
GetModuleHandleA
CloseHandle
SetLocalTime
GetGeoInfoW
SetEnvironmentVariableA
ReadConsoleA
SetCurrentDirectoryA
GetLogicalDriveStringsW
FindAtomA
TlsGetValue
GetFullPathNameW
CreateFileA
GetCurrentThreadId
GetNumberFormatW
OpenJobObjectA
CPEncrypt
CPDeriveKey
CPCreateHash
DragQueryFileW
FindExecutableA
SHChangeNotify
ShellExecuteW
ExtractIconW
SHBrowseForFolderA
StrChrA
SHGetDataFromIDListA
StrStrW
ShellMessageBoxA
SHFileOperationA
SHEmptyRecycleBinA
FormatEx
Extend
Number of PE resources by type
FEDC 2
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:09:02 11:01:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
5.12

FileTypeExtension
exe

InitializedDataSize
237568

SubsystemVersion
4.0

EntryPoint
0x3524

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 0b1f079c44640eb93235477ea1ceac2b
SHA1 30932bd4b2e79e8401484c783072560a7accfef6
SHA256 387680bed90775d8b3d57dcc78cd41c9db1bb930db11148d15975ea9c0e4f3f3
ssdeep
3072:Xm8XtDut2RQntsNX6z+ct7jr5+zj0MEWyPXU+1ynbA3akvSTmVsQjrGKAJf7kELu:XmL7tAUtl+zA1nP4nFTAPg7kOJc

authentihash 94538bd47d0491872d310573500aa8c114726ca55d1057d24a4fbc6484faad3b
imphash 298da78626759c32264fba0c10e5162c
File size 252.8 KB ( 258857 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe suspicious-udp overlay

VirusTotal metadata
First submission 2017-02-23 15:14:20 UTC ( 1 year, 11 months ago )
Last submission 2017-02-24 01:18:25 UTC ( 1 year, 11 months ago )
File names Win32.Ransom.Cerber@387680bed90775d8b3d57dcc78cd41c9db1bb930db11148d15975ea9c0e4f3f3.bin
search.php.exe.bin
localfile~
2.exe
2017.2.24-03.Ransom.Cerber.exe%
387680bed90775d8b3d57dcc78cd41c9db1bb930db11148d15975ea9c0e4f3f3.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications