× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832
File name: 3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832
Detection ratio: 55 / 68
Analysis date: 2018-08-22 14:29:05 UTC ( 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Ransom.75 20180822
AegisLab Troj.W32.Inject.toPD 20180822
AhnLab-V3 Trojan/Win32.Cerber.R193930 20180822
ALYac Gen:Variant.Ransom.75 20180822
Antiy-AVL Trojan/Win32.Inject 20180822
Arcabit Trojan.Ransom.75 20180822
Avast Win32:Trojan-gen 20180822
AVG Win32:Trojan-gen 20180822
Avira (no cloud) HEUR/AGEN.1004222 20180822
AVware Trojan.Win32.Generic!BT 20180822
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9918 20180820
BitDefender Gen:Variant.Ransom.75 20180822
CAT-QuickHeal Trojan.Zenshirsh.SL7 20180822
ClamAV Win.Trojan.Generic-5633697-0 20180821
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.29f8fe 20180225
Cylance Unsafe 20180822
Cyren W32/Trojan.EOBA-0569 20180822
DrWeb Trojan.PWS.Papras.2460 20180822
Emsisoft Gen:Variant.Ransom.75 (B) 20180822
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 Win32/Spy.Ursnif.AO 20180822
F-Prot W32/Trojan2.PBGB 20180822
F-Secure Gen:Variant.Ransom.75 20180822
Fortinet W32/Injector.DJZH!tr 20180822
GData Gen:Variant.Ransom.75 20180822
Ikarus Trojan.Win32.Injector 20180822
Sophos ML heuristic 20180717
Jiangmin Trojan.Inject.wjo 20180822
K7AntiVirus Riskware ( 0040eff71 ) 20180822
K7GW Riskware ( 0040eff71 ) 20180822
Kaspersky Trojan.Win32.Inject.wnck 20180822
MAX malware (ai score=100) 20180822
McAfee Ransomware-Locky.g 20180822
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20180822
Microsoft TrojanSpy:Win32/Ursnif 20180822
eScan Gen:Variant.Ransom.75 20180822
NANO-Antivirus Trojan.Win32.DKBB.ekrboi 20180822
Palo Alto Networks (Known Signatures) generic.ml 20180822
Panda Trj/Genetic.gen 20180822
Qihoo-360 Win32/Trojan.7a6 20180822
Rising Ransom.Cerber!8.3058 (CLOUD) 20180822
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Locky-ZA 20180822
Symantec Trojan Horse 20180822
Tencent Win32.Trojan.Inject.Pgmz 20180822
TrendMicro TSPY_URSNIF.YYSYR 20180822
TrendMicro-HouseCall TSPY_URSNIF.YYSYR 20180822
VBA32 Trojan.Inject 20180822
VIPRE Trojan.Win32.Generic!BT 20180822
ViRobot Trojan.Win32.Agent.353725 20180822
Webroot W32.Malware.gen 20180822
Yandex Trojan.Inject!kjOgR5l312M 20180822
Zillya Trojan.Inject.Win32.204728 20180822
ZoneAlarm by Check Point Trojan.Win32.Inject.wnck 20180822
Alibaba 20180713
Avast-Mobile 20180822
Babable 20180822
Bkav 20180822
CMC 20180822
Comodo 20180822
eGambit 20180822
Kingsoft 20180822
Malwarebytes 20180822
SUPERAntiSpyware 20180822
Symantec Mobile Insight 20180822
TACHYON 20180822
TheHacker 20180821
TotalDefense 20180822
Trustlook 20180822
Zoner 20180822
Compressed bundles
File identification
MD5 4da11c829f8fea1b690f317837af8387
SHA1 00c6ce1031f88b5276a5335e68fba663e769dadd
SHA256 3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832
ssdeep
6144:FTxtYFLPUV+Go1wAOEKjhGSL+IolFXeqaBfRbzqbWO0sLma++3JBsj6At:FELP4+GC58GSLbolFXbaPabWORl+Us

authentihash e02491c7f524a531e5474db5ee8b621374e7b5fafd34c8b4198359ce5e00360d
File size 345.4 KB ( 353725 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-01-18 05:42:48 UTC ( 2 years, 4 months ago )
Last submission 2018-06-13 08:23:36 UTC ( 11 months, 2 weeks ago )
File names xfs_extension.exe
3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832
xfs_extension.ex_
xfs_extension_2.exe
3af18232a9175dea624a7947e6edef6a57457bdf6d3ba0ead58856a139db2832.ex_
xfs_extension.exe
xfs_extension.exe
xfs_extension.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications