× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3df7e9af468531fe085592a4b84191733c8c99af443f302611627a0752c312ef
File name: SubfolderMonitors
Detection ratio: 53 / 65
Analysis date: 2017-08-13 01:57:33 UTC ( 1 week, 1 day ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4952445 20170813
AegisLab Uds.Dangerousobject.Multi!c 20170813
AhnLab-V3 Trojan/Win32.Locky.R194755 20170812
ALYac Trojan.Ransom.LockyCrypt 20170812
Antiy-AVL Trojan[Ransom]/Win32.Locky 20170812
Avast Win32:Malware-gen 20170813
AVG Win32:Malware-gen 20170813
Avira (no cloud) TR/AD.Locky.mzmxg 20170812
AVware Trojan.Win32.Generic!BT 20170813
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170811
BitDefender Trojan.GenericKD.4952445 20170812
CAT-QuickHeal Ransom.Filecryptor 20170812
ClamAV Win.Trojan.Agent-6161071-0 20170813
CMC Trojan.Win32.Swizzor.1!O 20170812
Comodo UnclassifiedMalware 20170813
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170813
Cyren W32/Trojan.XLOF-2260 20170813
DrWeb Trojan.Encoder.10121 20170813
Emsisoft Trojan.GenericKD.4952445 (B) 20170813
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/Filecoder.Locky.C 20170813
F-Secure Trojan-Spy:W32/Ranbyus.A 20170813
Fortinet W32/Locky.C!tr 20170812
GData Trojan.GenericKD.4952445 20170813
Ikarus Trojan-Ransom.Locky 20170812
Sophos ML heuristic 20170607
Jiangmin Trojan.Locky.den 20170813
K7AntiVirus Trojan ( 004f00a01 ) 20170813
K7GW Trojan ( 004f00a01 ) 20170813
Kaspersky Trojan-Ransom.Win32.Locky.xjn 20170813
Malwarebytes Ransom.Locky 20170813
MAX malware (ai score=87) 20170813
McAfee Ransomware-Locky.g 20170813
McAfee-GW-Edition BehavesLike.Win32.Locky.fc 20170813
Microsoft Ransom:Win32/Locky 20170813
eScan Trojan.GenericKD.4952445 20170812
NANO-Antivirus Trojan.Win32.AD.elkqgp 20170813
nProtect Ransom/W32.Osiris.338944 20170813
Palo Alto Networks (Known Signatures) generic.ml 20170813
Panda Trj/CI.A 20170812
Qihoo-360 Win32/Trojan.Multi.daf 20170813
Rising Trojan.Ransom-Locky!8.4655 (cloud:BPHupLPzdu) 20170813
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170813
Symantec Ransom.TeslaCrypt 20170812
Tencent Win32.Trojan.Filecoder.Tcvp 20170813
VBA32 Hoax.Locky 20170811
VIPRE Trojan.Win32.Generic!BT 20170813
ViRobot Trojan.Win32.Z.Ranbyus.338944 20170813
Yandex Trojan.Locky! 20170807
Zillya Trojan.Locky.Win32.2544 20170811
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.xjn 20170813
Alibaba 20170811
Arcabit 20170813
Bkav 20170812
F-Prot 20170813
Kingsoft 20170813
SUPERAntiSpyware 20170812
Symantec Mobile Insight 20170811
TheHacker 20170810
TotalDefense 20170812
TrendMicro 20170813
TrendMicro-HouseCall 20170813
Trustlook 20170813
Webroot 20170813
WhiteArmor 20170731
Zoner 20170813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999 - 2014

Product SubfolderMonitors
Internal name SubfolderMonitors
Description Plane Perreault Videos Extensins
Comments Plane Perreault Videos Extensins
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-05 07:39:12
Entry Point 0x00007760
Number of sections 5
PE sections
PE imports
Ord(4)
Ord(3)
Ord(6)
Ord(5)
GetTokenInformation
CloseServiceHandle
RegCloseKey
OpenServiceA
OpenProcessToken
RegSetValueExA
AllocateAndInitializeSid
OpenThreadToken
GetUserNameA
StartServiceA
RegCreateKeyExA
GetNamedSecurityInfoA
OpenSCManagerA
RegisterServiceCtrlHandlerA
EnumServicesStatusExA
AuthzFreeResourceManager
AuthzInitializeResourceManager
GetOpenFileNameA
CreateDIBPatternBrushPt
ExcludeClipRect
SetBrushOrgEx
SetMapMode
DeleteDC
SetBkMode
GetMapMode
SelectObject
GetDIBits
BitBlt
CreateCompatibleDC
DeleteObject
SetTextColor
GetTcpTable
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InterlockedDecrement
FormatMessageA
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
GetVolumeNameForVolumeMountPointW
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
OpenProcess
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetComputerNameA
IsValidLocale
GetProcAddress
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
GradientFill
NetUserGetGroups
NetApiBufferFree
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayLock
UuidToStringA
RpcStringFreeA
UuidCreate
SHBindToParent
SHGetFolderPathW
SHParseDisplayName
SHGetFolderPathA
PathAppendA
PathRemoveFileSpecW
PathAddBackslashW
StrDupA
PathCompactPathA
PathRemoveBackslashW
InitializeSecurityContextA
GetUserNameExW
GetUserNameExA
InitSecurityInterfaceA
AcquireCredentialsHandleW
InitializeSecurityContextW
MapWindowPoints
GetForegroundWindow
EndDialog
GetRawInputDeviceList
ClipCursor
SetWindowPos
GetWindowThreadProcessId
SendDlgItemMessageA
MessageBoxW
GetWindowRect
InflateRect
SetDlgItemTextA
GetDialogBaseUnits
GetDlgItemTextA
MessageBoxA
GetClassNameA
GetSysColor
GetDC
InsertMenuItemA
ReleaseDC
CreatePopupMenu
GetClipCursor
GetWindowPlacement
SendMessageA
GetDlgItem
DrawMenuBar
CreateDialogParamA
EnableMenuItem
RegisterClassA
GetWindowLongA
CreateWindowExA
LoadIconA
ImpersonateDdeClientWindow
FillRect
LoadImageA
GetSystemMenu
GetWindowTextA
GetAncestor
DestroyWindow
GetAppliedGPOListA
FreeGPOListA
GetGPOListA
GetFileVersionInfoW
waveOutPrepareHeader
waveOutWrite
waveOutOpen
waveOutClose
gethostname
socket
bind
WSACleanup
WSAStartup
gethostbyname
WSAIoctl
inet_ntoa
closesocket
WSAGetLastError
WTSEnumerateProcessesA
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
CLSIDFromString
CoInitialize
Number of PE resources by type
RT_ICON 6
RT_DIALOG 5
RT_STRING 5
RT_RCDATA 5
RT_BITMAP 4
BIN 2
RCDATA 1
RT_MANIFEST 1
RT_VERSION 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 32
PE resources
ExifTool file metadata
LegalTrademarks
Copyright 1999 - 2014

UninitializedDataSize
0

Comments
Plane Perreault Videos Extensins

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.8.6.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
245760

EntryPoint
0x7760

MIMEType
application/octet-stream

LegalCopyright
Copyright 1999 - 2014

TimeStamp
2017:02:05 08:39:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SubfolderMonitors

SubsystemVersion
5.1

ProductVersion
6.8.6.2

FileDescription
Plane Perreault Videos Extensins

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
World Wide Technology

CodeSize
92160

ProductName
SubfolderMonitors

ProductVersionNumber
6.8.6.2

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ceb1aa2805aeb28555af92aa2494d80f
SHA1 a4632e19d75e534f5eb4e65f3860d2c477d6bc40
SHA256 3df7e9af468531fe085592a4b84191733c8c99af443f302611627a0752c312ef
ssdeep
6144:IdZFrR4jCjIagP7HFVfVh96Rcy30D9Wycoce7H93Lj3IbxJh:qFrGjCjIagzRh9hy30QVoh3LYh

authentihash e0182f3371cf5282d24a84a1d5baed53c26598469b5bdbeab3ee4d8698d56f90
imphash a9d85b1c6907411b5096c28b55a704be
File size 331.0 KB ( 338944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-06 04:16:22 UTC ( 6 months, 2 weeks ago )
Last submission 2017-06-07 03:35:01 UTC ( 2 months, 2 weeks ago )
File names 4505811
-ceb1aa2805aeb28555af92aa2494d80f
aa
ba.png
ceb1aa2805aeb28555af92aa2494d80f.exe
6hSkkn.jpeg
ceb1aa2805aeb28555af92aa2494d80f.exe
ceb1aa2805aeb28555af92aa2494d80f.exe
locky.exe
one.exe
yukk.exe
ceb1aa2805aeb28555af92aa2494d80f.exe
SubfolderMonitors
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications