× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3ac9ab7ddd73531c3d5b7438f6bb74a7711c7f523770d61c338da4664993e7b1
File name: BSmIimqLX.exe
Detection ratio: 17 / 64
Analysis date: 2017-09-04 09:15:47 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Locky.R208029 20170904
Avast FileRepMalware 20170904
AVG FileRepMalware 20170904
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170831
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170904
DrWeb Trojan.Encoder.13570 20170904
Endgame malicious (high confidence) 20170821
Fortinet W32/Kryptik.FVZV!tr 20170904
Sophos ML heuristic 20170822
McAfee GenericRXCK-AC!62E8B88FB3AC 20170904
Qihoo-360 HEUR/QVM20.1.9DEA.Malware.Gen 20170904
Symantec ML.Attribute.HighConfidence 20170904
TrendMicro Ransom_CERBER.SMALY0 20170904
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170904
ViRobot Trojan.Win32.Locky.667648 20170904
WhiteArmor Malware.HighConfidence 20170829
Ad-Aware 20170904
AegisLab 20170904
Alibaba 20170904
ALYac 20170904
Antiy-AVL 20170904
Arcabit 20170904
Avira (no cloud) 20170904
AVware 20170904
BitDefender 20170904
CAT-QuickHeal 20170904
ClamAV 20170904
CMC 20170902
Comodo 20170904
Cyren 20170904
Emsisoft 20170904
ESET-NOD32 20170904
F-Prot 20170904
F-Secure 20170904
GData 20170904
Ikarus 20170904
Jiangmin 20170904
K7AntiVirus 20170904
K7GW 20170904
Kaspersky 20170904
Kingsoft 20170904
Malwarebytes 20170904
MAX 20170904
McAfee-GW-Edition 20170904
Microsoft 20170904
eScan 20170904
NANO-Antivirus 20170904
nProtect 20170904
Palo Alto Networks (Known Signatures) 20170904
Panda 20170903
Rising 20170901
SentinelOne (Static ML) 20170806
Sophos AV 20170904
SUPERAntiSpyware 20170904
Symantec Mobile Insight 20170901
Tencent 20170904
TheHacker 20170904
TotalDefense 20170904
Trustlook 20170904
VBA32 20170901
VIPRE 20170904
Webroot 20170904
Yandex 20170901
Zillya 20170902
ZoneAlarm by Check Point 20170904
Zoner 20170904
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-24 11:48:16
Entry Point 0x00009E56
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegReplaceKeyA
RegLoadKeyA
OpenEventLogA
ClearEventLogA
LogonUserA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
InitializeSid
CryptSignHashA
CAEnumFirstCA
CADeleteCA
CAEnumNextCA
CACloseCA
CACloseCertType
CryptHashMessage
CertFreeCTLContext
CertGetNameStringA
CertOpenStore
CertDuplicateStore
CryptMemRealloc
CryptMsgUpdate
CertCloseStore
CryptDecodeMessage
CertFindExtension
CryptProtectData
CertDuplicateCTLContext
CryptFindOIDInfo
CertFindCTLInStore
CertCreateCRLContext
ConnectionVer
ConnectionRead
ConnectionError
ConnectionWrite
InterlockedExchange
MapViewOfFile
Heap32First
GetModuleHandleA
OpenEventW
WaitForSingleObject
GetConsoleAliasW
GetTempPathW
LoadLibraryExW
OpenWaitableTimerW
CreateFileMappingA
GetACP
GetProfileSectionA
MoveFileExA
GetProcAddress
PathCommonPrefixW
PathAppendA
PathIsURLA
UrlCompareA
PathIsRootA
UrlCombineA
UrlIsNoHistoryA
UrlHashA
UrlCanonicalizeW
UrlGetPartA
UrlGetLocationA
PathCombineW
GetMessageA
LoadMenuA
LoadCursorA
wsprintfA
DrawStateA
GetPropW
LoadBitmapW
PostMessageA
LoadStringW
PeekMessageA
InsertMenuW
DialogBoxParamA
GetDlgItemTextW
CreateDesktopW
GetClassLongA
CharToOemA
Number of PE resources by type
RT_RCDATA 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:24 12:48:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
14.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x9e56

InitializedDataSize
609280

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 62e8b88fb3ace80dfa83361a53e690ef
SHA1 14533245823e065e325b792bf7c5808c8007f4e1
SHA256 3ac9ab7ddd73531c3d5b7438f6bb74a7711c7f523770d61c338da4664993e7b1
ssdeep
12288:opkF2PxTIvLZKw5HydaMn2QrXzDkmN8N+33x9/gJDgL6dKXK0i:opkcJuL4hrXzDk28ohQMLjK0i

authentihash 5663682b737737ae134c46de5dccd3812cf4bc958e1817335d0b34c725051f17
imphash e5a438f3eb5e8aa70e8234b5408a30ef
File size 652.0 KB ( 667648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-04 09:15:47 UTC ( 1 year, 5 months ago )
Last submission 2018-05-25 17:59:20 UTC ( 9 months ago )
File names akcEgbW.exe
BSmIimqLX.exe
locky2
PAYLOAD LOCKY RANSOMWARE (6)
3ac9ab7ddd73531c3d5b7438f6bb74a7711c7f523770d61c338da4664993e7b1
62e8b88fb3ace80dfa83361a53e690ef.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications