× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 404ae50b0e1bce4b8421cc654b54591fcc84edd600c76e1a2dda1e0653a6cfe9
File name: messg.exe
Detection ratio: 43 / 67
Analysis date: 2019-02-09 18:11:59 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190208
Ad-Aware Trojan.GenericKD.31670500 20190209
AegisLab Trojan.Multi.Generic.4!c 20190209
ALYac Trojan.GenericKD.31670500 20190209
Antiy-AVL Trojan/Win32.Agent 20190209
Avast Win32:Malware-gen 20190209
AVG Win32:Malware-gen 20190209
Avira (no cloud) TR/AD.Troldesh.mewnv 20190209
BitDefender Trojan.GenericKD.31670500 20190209
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181023
Cyren W32/Risk.TNPZ-9342 20190209
DrWeb Trojan.Encoder.26818 20190209
eGambit PE.Heur.InvalidSig 20190209
Emsisoft Trojan.GenericKD.31670500 (B) 20190209
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Filecoder.Shade.A 20190209
F-Prot W32/Shade.T 20190209
F-Secure Trojan.TR/AD.Troldesh.mewnv 20190209
Fortinet W32/Kryptik.GOJP!tr.ransom 20190209
GData Trojan.GenericKD.31670500 20190209
Ikarus Trojan-Ransom.Shade 20190209
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190209
K7GW Riskware ( 0040eff71 ) 20190209
Kaspersky Trojan-Ransom.Win32.Shade.pnu 20190209
Malwarebytes Ransom.Troldesh 20190209
McAfee Artemis!050522542461 20190209
McAfee-GW-Edition Artemis!Trojan 20190209
Microsoft Ransom:Win32/Troldesh.A 20190209
eScan Trojan.GenericKD.31670500 20190209
Palo Alto Networks (Known Signatures) generic.ml 20190209
Panda Trj/GdSda.A 20190209
Rising Ransom.FileCryptor!8.1A7 (RDM+:cmRtazon7IcSXkGX1sROCwpZaDY9) 20190209
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/Ransom-FFQ 20190209
Symantec ML.Attribute.HighConfidence 20190209
Tencent Win32.Trojan.Shade.Bxl 20190209
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_FRS.VSN08B19 20190209
TrendMicro-HouseCall TROJ_FRS.VSN08B19 20190209
VBA32 BScope.TrojanPSW.Papras 20190208
ViRobot Trojan.Win32.S.Agent.1624776 20190209
ZoneAlarm by Check Point Trojan-Ransom.Win32.Shade.pnu 20190209
AhnLab-V3 20190209
Alibaba 20180921
Arcabit 20190208
Avast-Mobile 20190209
Babable 20180918
Baidu 20190202
Bkav 20190201
CAT-QuickHeal 20190209
CMC 20190209
Comodo 20190209
Cybereason 20190109
Jiangmin 20190209
Kingsoft 20190209
MAX 20190209
NANO-Antivirus 20190209
Qihoo-360 20190209
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190209
TheHacker 20190203
Trustlook 20190209
Webroot 20190209
Yandex 20190208
Zillya 20190208
Zoner 20190209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 1:42 AM 5/25/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-08 02:29:10
Entry Point 0x000263F0
Number of sections 3
PE sections
Overlays
MD5 d525a2a951a1593f505e6020099e34dd
File type data
Offset 1622016
Size 2760
Entropy 7.39
PE imports
RegOpenKeyExA
RegQueryValueExW
CloseEnhMetaFile
AddFontResourceA
GetEnhMetaFileW
CloseFigure
GetColorSpace
CreateMetaFileA
CancelDC
GetTextCharset
PathToRegion
GdiFlush
BeginPath
CreateMetaFileW
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
LoadLibraryW
WaitForSingleObject
LockResource
FreeLibrary
QueryPerformanceCounter
LocalAlloc
GetTickCount
OutputDebugStringA
TlsAlloc
VirtualProtect
GetVersionExA
GetFileAttributesW
LoadLibraryA
DeleteCriticalSection
GetStartupInfoA
IsBadWritePtr
EnterCriticalSection
SizeofResource
CompareFileTime
GetCurrentProcessId
GetSystemDefaultLCID
IsDBCSLeadByte
DeleteFileA
GetCurrentDirectoryA
GetDateFormatW
LoadLibraryExW
MultiByteToWideChar
lstrlenW
IsDebuggerPresent
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
InterlockedExchange
GetFileTime
GetTimeFormatW
GetTempPathA
RaiseException
lstrcmpiA
UnhandledExceptionFilter
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
GetSystemDirectoryW
GetFileAttributesA
GlobalAddAtomA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetProfileStringA
CloseHandle
GetSystemTimeAsFileTime
lstrcmpA
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
GetProcessHeap
TerminateProcess
VirtualAlloc
InitializeCriticalSection
LoadResource
FindResourceW
TlsGetValue
Sleep
TlsSetValue
CreateFileA
GetCurrentThreadId
GetVersion
FindResourceA
lstrcmpW
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
GetForegroundWindow
GetInputState
DestroyMenu
GetMessagePos
DispatchMessageA
VkKeyScanA
GrayStringA
GetMessageTime
GetClipboardSequenceNumber
GetMenuItemID
GetAsyncKeyState
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
AnyPopup
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
GetTopWindow
GetWindowTextW
GetActiveWindow
GetWindowTextA
GetMenuContextHelpId
DestroyWindow
GetMessageA
MapDialogRect
SystemParametersInfoA
SetPropA
GetMenuState
ShowWindow
GetPropA
GetDesktopWindow
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringA
GetQueueStatus
CloseWindow
EnableMenuItem
RegisterClassA
TabbedTextOutA
DrawFocusRect
IsDialogMessageW
CopyRect
DeferWindowPos
IsWindowUnicode
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetSubMenu
IsDialogMessageA
CharPrevA
GetOpenClipboardWindow
CopyIcon
GetMonitorInfoA
DefWindowProcA
SendDlgItemMessageA
SetWindowLongW
DrawIcon
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
BringWindowToTop
SetWindowsHookExA
DialogBoxIndirectParamW
ValidateRect
SetWindowsHookExW
GetDC
DialogBoxIndirectParamA
GetCursorPos
GetCaretBlinkTime
CreateDialogIndirectParamW
ReleaseDC
EndDialog
LoadMenuA
CharNextA
CreateDialogIndirectParamA
LoadMenuW
ShowCaret
BeginDeferWindowPos
MessageBoxW
SetMenu
MessageBoxA
DestroyCursor
AdjustWindowRectEx
GetKeyState
EndDeferWindowPos
IsCharAlphaNumericA
IsWindowVisible
WinHelpA
MonitorFromWindow
TranslateAcceleratorA
ModifyMenuW
CallWindowProcA
GetClassNameA
ModifyMenuA
UnhookWindowsHookEx
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:02:08 03:29:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
153600

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x263f0

InitializedDataSize
1467904

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 050522542461760a14f494ebf773b379
SHA1 cb8fe1a86a10d92370437a79a0c7fab89c84ab9d
SHA256 404ae50b0e1bce4b8421cc654b54591fcc84edd600c76e1a2dda1e0653a6cfe9
ssdeep
24576:xYk/M+6NAAYYLvYQinzG34vLlNICwZPu0fFot:w2AYYLPp34DuJot

authentihash a181c0bd8bc5eab8905727662fc19252bab5e53000fd4c10ac4679fb02b89b70
imphash 977ebc4937129faa4ea697c66c04219f
File size 1.5 MB ( 1624776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-08 07:26:24 UTC ( 3 months, 2 weeks ago )
Last submission 2019-03-22 15:31:22 UTC ( 2 months ago )
File names messg.jpg
messg.exe
csrss.exe
VirusShare_050522542461760a14f494ebf773b379
output.115200276.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections