× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3b1fae1e523e7d8615d557b0f977b5a02246c7caee2977baa79e2bf3bb9eaa0e
File name: hJBoTJ.exe
Detection ratio: 17 / 65
Analysis date: 2017-08-30 09:59:01 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Lukitus.C2111094 20170830
Avira (no cloud) TR/Crypt.XPACK.Gen2 20170830
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170830
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170830
DrWeb Trojan.Encoder.13570 20170830
Endgame malicious (high confidence) 20170821
Sophos ML heuristic 20170822
Malwarebytes Ransom.Locky 20170830
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jc 20170830
Qihoo-360 HEUR/QVM20.1.81D0.Malware.Gen 20170830
Rising Ransom.Locky!8.1CD4 (tfe:1:id9GxZzUzTH) 20170830
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170830
Symantec ML.Attribute.HighConfidence 20170830
TrendMicro Ransom_CERBER.SMALY0 20170830
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170830
Ad-Aware 20170830
AegisLab 20170830
Alibaba 20170830
ALYac 20170830
Antiy-AVL 20170830
Arcabit 20170830
Avast 20170830
AVG 20170830
AVware 20170830
BitDefender 20170830
Bkav 20170830
CAT-QuickHeal 20170829
ClamAV 20170830
CMC 20170828
Comodo 20170830
Cyren 20170830
Emsisoft 20170830
ESET-NOD32 20170830
F-Prot 20170830
F-Secure 20170830
Fortinet 20170830
GData 20170830
Ikarus 20170830
Jiangmin 20170830
K7AntiVirus 20170829
K7GW 20170828
Kaspersky 20170830
Kingsoft 20170830
MAX 20170830
McAfee 20170830
Microsoft 20170830
eScan 20170830
NANO-Antivirus 20170830
nProtect 20170830
Palo Alto Networks (Known Signatures) 20170830
Panda 20170829
SUPERAntiSpyware 20170830
Symantec Mobile Insight 20170830
Tencent 20170830
TheHacker 20170828
TotalDefense 20170830
Trustlook 20170830
VBA32 20170829
VIPRE 20170830
ViRobot 20170830
Webroot 20170830
WhiteArmor 20170829
Yandex 20170829
Zillya 20170829
ZoneAlarm by Check Point 20170830
Zoner 20170830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-26 14:06:56
Entry Point 0x000090E2
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegUnLoadKeyA
RegReplaceKeyA
RegLoadKeyA
RegSaveKeyA
RegDeleteValueW
LogonUserA
RegCreateKeyExA
RegEnumKeyA
RegDeleteTreeA
InitializeSid
CryptSignHashA
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
CertFreeCRLContext
CertDeleteCRLFromStore
CertGetNameStringA
CertDuplicateCRLContext
CertDuplicateStore
CertCompareCertificate
CertFindExtension
CryptEnumOIDInfo
CertFindChainInStore
CryptFindOIDInfo
CertOpenStore
CertCreateContext
CertFindCRLInStore
Ctl3dRegister
Ctl3dGetVer
Ctl3dEnabled
lstrcmpiA
WaitForSingleObject
GetConsoleAliasW
CreateJobObjectW
GetTickCount
OpenWaitableTimerW
CreateMailslotA
GetFileAttributesW
GetCurrentProcess
GetDateFormatA
LoadLibraryExW
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProfileSectionA
GetModuleHandleA
InterlockedExchange
WaitNamedPipeA
GetTempPathW
GetCommandLineA
FindFirstFileW
GetACP
ReadConsoleA
MoveFileA
SearchPathW
GetLogicalDriveStringsA
GetLongPathNameA
GetVersion
UrlCombineA
PathIsURLA
UrlIsOpaqueW
UrlCompareA
PathIsRootA
UrlIsNoHistoryA
PathCommonPrefixA
UrlCanonicalizeW
UrlGetLocationA
PathCombineW
GetMessageA
LoadCursorA
IsCharUpperA
wsprintfA
GetPropW
LoadMenuA
PostMessageA
GetClassLongA
PeekMessageA
DispatchMessageW
InsertMenuW
DialogBoxParamA
GetDlgItemTextW
CreateDesktopW
IsDialogMessageA
CharToOemA
Number of PE resources by type
TEX 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:26 15:06:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
47104

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
623616

SubsystemVersion
5.1

EntryPoint
0x90e2

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 3ab0431c534a4910e7a9ce4f1f4e631c
SHA1 276f93cb01eaaf626c0fce84b5f82b81853e8aaa
SHA256 3b1fae1e523e7d8615d557b0f977b5a02246c7caee2977baa79e2bf3bb9eaa0e
ssdeep
12288:NQpOeL9gKu011WcLpn04jqH65fc40aRnO8UV7YOzNvn4VAhkj:NQUeLKKx3tp04jqH6B3RnqaA4VHj

authentihash ae6a80397dfb7d5ea4f486185093cf1711a2078550c1a382bae1da1fb09d4efa
imphash 3e71d5a57dae0869a5823930b2479ab1
File size 656.0 KB ( 671744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-30 09:59:01 UTC ( 1 year, 7 months ago )
Last submission 2018-05-18 17:12:53 UTC ( 11 months ago )
File names hJBoTJ.exe
hJBoTJ.vir
localfile~
3b1fae1e523e7d8615d557b0f977b5a02246c7caee2977baa79e2bf3bb9eaa0e
3ab0431c534a4910e7a9ce4f1f4e631c.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!