× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a9d5976fbf41daf80f0eb9e6b7aadcece52a82fe9609984ef7f8ea166048547
File name: mnbTREkfDS.exe
Detection ratio: 7 / 68
Analysis date: 2017-12-26 15:18:58 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.39F2 20171226
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
DrWeb Trojan.MulDrop7.53731 20171226
Fortinet W32/Kryptik.L!tr.ransom 20171226
McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.dc 20171226
Palo Alto Networks (Known Signatures) generic.ml 20171226
Qihoo-360 HEUR/QVM20.1.1A7C.Malware.Gen 20171226
Ad-Aware 20171225
AegisLab 20171226
AhnLab-V3 20171226
Alibaba 20171226
ALYac 20171226
Antiy-AVL 20171226
Arcabit 20171226
Avast 20171226
Avast-Mobile 20171226
AVG 20171226
Avira (no cloud) 20171226
AVware 20171226
Baidu 20171226
BitDefender 20171226
CAT-QuickHeal 20171226
ClamAV 20171226
CMC 20171226
Comodo 20171226
Cybereason 20171103
Cylance 20171226
Cyren 20171226
eGambit 20171226
Emsisoft 20171226
Endgame 20171130
ESET-NOD32 20171226
F-Prot 20171226
F-Secure 20171226
GData 20171226
Ikarus 20171226
Sophos ML 20170914
Jiangmin 20171226
K7AntiVirus 20171226
K7GW 20171226
Kaspersky 20171226
Kingsoft 20171226
Malwarebytes 20171226
MAX 20171226
McAfee 20171226
Microsoft 20171226
eScan 20171226
NANO-Antivirus 20171226
nProtect 20171226
Panda 20171226
Rising 20171226
SentinelOne (Static ML) 20171224
Sophos AV 20171226
SUPERAntiSpyware 20171226
Symantec 20171225
Symantec Mobile Insight 20171222
Tencent 20171226
TheHacker 20171219
TotalDefense 20171226
TrendMicro 20171226
TrendMicro-HouseCall 20171226
Trustlook 20171226
VBA32 20171226
VIPRE 20171226
ViRobot 20171226
Webroot 20171226
WhiteArmor 20171204
Yandex 20171225
Zillya 20171226
ZoneAlarm by Check Point 20171226
Zoner 20171226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-11 21:50:59
Entry Point 0x000032E1
Number of sections 5
PE sections
Overlays
MD5 090e7127a4bd6a3f910719232b87180d
File type font/x-snf
Offset 108544
Size 130560
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
GetExitCodeProcess
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 12
VERSION INFO 1
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:11 22:50:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25088

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
217088

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x32e1

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
1024

File identification
MD5 2ca016fa98dd5227625befe9edfaba98
SHA1 d0e9dea7f6bf547d854573dd03b6fbeaa1965752
SHA256 3a9d5976fbf41daf80f0eb9e6b7aadcece52a82fe9609984ef7f8ea166048547
ssdeep
6144:qBRZICtd773pX0YcvwUCX/BdEDZtA1hoan4vR:i0Cb7bpetsZOD01hoakR

authentihash ce57bf2392387dde080757a5e5a0ed862f96e62981970e1ba04ed411d411920b
imphash 4f67aeda01a0484282e8c59006b0b352
File size 233.5 KB ( 239104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2017-12-26 15:18:58 UTC ( 1 year, 4 months ago )
Last submission 2018-07-23 06:50:57 UTC ( 10 months ago )
File names 2ca016fa98dd5227625befe9edfaba98_exe
mnbTREkfDS[1].txt.1.dr
output.112645535.txt
2ca016fa.gxe
Globe-Imposter-ransomware-huVyja2.exe
output.112645939.txt
output.112645541.txt
2017-12-26-Globe-Imposter-ransomware-huVyja2.exe.rename
mnbTREkfDS.exe
huVyja2.exe
mnbTREkfDS
mnbTREkfDS.exe
mnbTREkfDS[1].txt
output.112645941.txt
1010-d0e9dea7f6bf547d854573dd03b6fbeaa1965752
2017-12-26-Globe-Imposter-ransomware-huVyja2.exe.rename.rename
ilaehkcu4.exe
2017-12-26-Globe-Imposter-ransomware-huVyja2.exe
mnbTREkfDS.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications