× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f5ff5d9d0615cc04e644297dcbfa999f6d6930850848f038464d0a486e6b8d0
File name: b4ebbe103500652536b8a68d6c0590b9
Detection ratio: 51 / 55
Analysis date: 2017-01-09 22:00:48 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3350547 20170109
AegisLab Troj.Ransom.W32.Locky!c 20170109
AhnLab-V3 Malware/Win32.Locky.R183928 20170109
ALYac Trojan.GenericKD.3350547 20170109
Antiy-AVL Trojan[Ransom]/Win32.Locky 20170109
Arcabit Trojan.Generic.D332013 20170109
Avast Win32:Trojan-gen 20170109
AVG Generic_r.KMP 20170109
Avira (no cloud) TR/Crypt.ZPACK.smiw 20170109
AVware Trojan.Win32.Generic!BT 20170109
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9985 20170109
BitDefender Trojan.GenericKD.3350547 20170109
Bkav W32.Clod8b8.Trojan.95ef 20170109
CAT-QuickHeal Ransomware.Generic.WR3 20170109
ClamAV Win.Malware.Agent3107984575/CRDF-1 20170109
Comodo TrojWare.Win32.Generic.ruymh 20170109
Cyren W32/Locky.HPJV-7761 20170109
DrWeb Trojan.Encoder.4947 20170109
Emsisoft Trojan.GenericKD.3350547 (B) 20170109
ESET-NOD32 Win32/Filecoder.Locky.C 20170109
F-Prot W32/Locky.GI 20170109
F-Secure Trojan.GenericKD.3350547 20170109
Fortinet W32/Malicious_Behavior.VEX 20170109
GData Trojan.GenericKD.3350547 20170109
Ikarus Trojan.Win32.Filecoder 20170109
Invincea ransom.win32.criakl.d 20161216
Jiangmin Trojan.Locky.aok 20170109
K7AntiVirus Trojan ( 004f00a01 ) 20170109
K7GW Trojan ( 004f00a01 ) 20170109
Kaspersky Trojan-Ransom.Win32.Locky.akd 20170109
Malwarebytes Ransom.Locky 20170109
McAfee Generic.yx 20170108
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20170109
Microsoft Ransom:Win32/Locky.A 20170109
eScan Trojan.GenericKD.3350547 20170109
NANO-Antivirus Trojan.Win32.Encoder.efgzeg 20170109
Panda Generic Malware 20170109
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170109
Rising Malware.Obscure/Heur!1.9E03-do80rJxylOJ (cloud) 20170109
Sophos Troj/Ransom-DHV 20170109
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20170109
Tencent Win32.Trojan.Raas.Auto 20170109
TheHacker Trojan/Filecoder.Locky.c 20170108
TrendMicro Ransom_LOCKY.DSD 20170109
TrendMicro-HouseCall Ransom_LOCKY.DSD 20170109
VBA32 Trojan.Ransom.05716 20170109
VIPRE Trojan.Win32.Generic!BT 20170109
ViRobot Trojan.Win32.Z.Locky.251695[h] 20170109
Yandex Trojan.Locky! 20170109
Zillya Trojan.Kryptik.Win32.908770 20170109
Zoner Trojan.Locky 20170109
Alibaba 20170109
CMC 20170109
CrowdStrike Falcon (ML) 20161024
Kingsoft 20170109
nProtect 20170109
Trustlook 20170109
WhiteArmor 20170109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-24 23:09:15
Entry Point 0x0000CD2F
Number of sections 4
PE sections
Overlays
MD5 b5456cae18976e3f3fe3863dffe1ca97
File type data
Offset 127488
Size 124207
Entropy 8.00
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetThreadPriorityBoost
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetSystemDirectoryA
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
CreateDirectoryA
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetTapePosition
HeapSize
LeaveCriticalSection
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
CreateFileMappingA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcAddress
ExitProcess
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_DIALOG 1
Struct(240) 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:25 00:09:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
91648

LinkerVersion
10.0

EntryPoint
0xcd2f

InitializedDataSize
34816

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b4ebbe103500652536b8a68d6c0590b9
SHA1 84d5f8561141817f7382e33032c695504924d333
SHA256 3f5ff5d9d0615cc04e644297dcbfa999f6d6930850848f038464d0a486e6b8d0
ssdeep
6144:xgsH2HXVc3PneNSWUHYVmPKNOABLY501tqAzEPs:msW3VOneMHYV5YMKPs

authentihash 4bc35cab412286b11d2cb915059fa60da8350187c51f2836c82f5c8ce7678b8e
imphash b15f80ae5560cfa462035d058fa85ae8
File size 245.8 KB ( 251695 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-06-27 10:48:45 UTC ( 11 months ago )
Last submission 2016-10-15 20:08:01 UTC ( 7 months, 2 weeks ago )
File names yVrLrAwIvU.exe
B4EBBE103500652536B8A68D6C0590B9
command-deleted-shadow-copy_3f5ff5d9d0615cc04e644297dcbfa999f6d6930850848f038464d0a486e6b8d0
09ujnb76v5
b4ebbe103500652536b8a68d6c0590b9
09ujnb76v5[1].3176.dr
b4ebbe103500652536b8a68d6c0590b9
09ujnb76v5[1].txt
b4ebbe103500652536b8a68d6c0590b9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications