× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f5ff5d9d0615cc04e644297dcbfa999f6d6930850848f038464d0a486e6b8d0
File name: b4ebbe103500652536b8a68d6c0590b9
Detection ratio: 57 / 64
Analysis date: 2017-07-03 06:00:12 UTC ( 2 weeks, 5 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3350547 20170707
AegisLab Troj.Ransom.W32.Locky!c 20170707
AhnLab-V3 Malware/Win32.Locky.R183928 20170707
ALYac Trojan.GenericKD.3350547 20170707
Antiy-AVL Trojan[Ransom]/Win32.Locky 20170707
Avast Win32:Trojan-gen 20170707
AVG Win32:Trojan-gen 20170707
Avira (no cloud) TR/Crypt.ZPACK.smiw 20170707
AVware Trojan.Win32.Generic!BT 20170707
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9985 20170707
BitDefender Trojan.GenericKD.3350547 20170707
CAT-QuickHeal Ransomware.Generic.WR4 20170707
ClamAV Win.Malware.Agent3107984575/CRDF-1 20170707
Comodo TrojWare.Win32.Generic.ruymh 20170707
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cylance Unsafe 20170707
Cyren W32/Locky.HPJV-7761 20170707
DrWeb Trojan.Encoder.4947 20170707
Emsisoft Trojan.GenericKD.3350547 (B) 20170707
Endgame malicious (high confidence) 20170706
ESET-NOD32 Win32/Filecoder.Locky.C 20170707
F-Prot W32/Locky.GI 20170707
F-Secure Trojan.GenericKD.3350547 20170707
Fortinet W32/Malicious_Behavior.VEX 20170629
GData Win32.Trojan.Agent.EBNRUV 20170707
Ikarus Trojan.Win32.Filecoder 20170707
Sophos ML heuristic 20170607
Jiangmin Trojan.Locky.aok 20170707
K7AntiVirus Trojan ( 004f00a01 ) 20170707
K7GW Trojan ( 004f00a01 ) 20170707
Kaspersky Trojan-Ransom.Win32.Locky.akd 20170707
Malwarebytes Ransom.Locky 20170707
MAX malware (ai score=87) 20170707
McAfee Generic.yx 20170707
McAfee-GW-Edition BehavesLike.Win32.PUPXBK.dc 20170706
Microsoft Ransom:Win32/Locky.A 20170707
eScan Trojan.GenericKD.3350547 20170707
NANO-Antivirus Trojan.Win32.Encoder.efgzeg 20170707
Palo Alto Networks (Known Signatures) generic.ml 20170707
Panda Trj/WLT.C 20170706
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170707
Rising Malware.Obscure/Heur!1.9E03 (cloud:do80rJxylOJ) 20170707
Sophos AV Troj/Ransom-DHV 20170707
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20170707
Symantec Trojan.Smoaler 20170707
Tencent Win32.Trojan.Raas.Auto 20170707
TheHacker Trojan/Filecoder.Locky.c 20170704
TrendMicro Ransom_LOCKY.DSD 20170707
TrendMicro-HouseCall Ransom_LOCKY.DSD 20170707
VBA32 Trojan.Ransom.05716 20170707
VIPRE Trojan.Win32.Generic!BT 20170707
ViRobot Trojan.Win32.Z.Locky.251695 20170707
Webroot W32.Trojan.Gen 20170707
Yandex Trojan.Locky! 20170706
Zillya Trojan.Kryptik.Win32.908770 20170707
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.akd 20170707
Zoner Trojan.Locky 20170707
Alibaba 20170707
Arcabit 20170707
Bkav 20170706
CMC 20170707
Kingsoft 20170707
nProtect 20170707
SentinelOne (Static ML) 20170516
Symantec Mobile Insight 20170707
TotalDefense 20170707
Trustlook 20170707
WhiteArmor 20170706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-24 23:09:15
Entry Point 0x0000CD2F
Number of sections 4
PE sections
Overlays
MD5 b5456cae18976e3f3fe3863dffe1ca97
File type data
Offset 127488
Size 124207
Entropy 8.00
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetThreadPriorityBoost
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetSystemDirectoryA
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
CreateDirectoryA
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetTapePosition
HeapSize
LeaveCriticalSection
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
CreateFileMappingA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcAddress
ExitProcess
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_DIALOG 1
Struct(240) 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:25 00:09:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
91648

LinkerVersion
10.0

EntryPoint
0xcd2f

InitializedDataSize
34816

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b4ebbe103500652536b8a68d6c0590b9
SHA1 84d5f8561141817f7382e33032c695504924d333
SHA256 3f5ff5d9d0615cc04e644297dcbfa999f6d6930850848f038464d0a486e6b8d0
ssdeep
6144:xgsH2HXVc3PneNSWUHYVmPKNOABLY501tqAzEPs:msW3VOneMHYV5YMKPs

authentihash 4bc35cab412286b11d2cb915059fa60da8350187c51f2836c82f5c8ce7678b8e
imphash b15f80ae5560cfa462035d058fa85ae8
File size 245.8 KB ( 251695 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-06-27 10:48:45 UTC ( 1 year ago )
Last submission 2016-10-15 20:08:01 UTC ( 9 months, 1 week ago )
File names yVrLrAwIvU.exe
aa
B4EBBE103500652536B8A68D6C0590B9
command-deleted-shadow-copy_3f5ff5d9d0615cc04e644297dcbfa999f6d6930850848f038464d0a486e6b8d0
09ujnb76v5
b4ebbe103500652536b8a68d6c0590b9
09ujnb76v5[1].3176.dr
b4ebbe103500652536b8a68d6c0590b9
09ujnb76v5[1].txt
b4ebbe103500652536b8a68d6c0590b9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications