× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 40c331e661c2d5079af5aaf6c4d706f5bbb3eee077853291235f0a470c94fbfb
File name: 40C331E661C2D5079AF5AAF6C4D706F5BBB3EEE077853291235F0A470C94FBFB
Detection ratio: 47 / 56
Analysis date: 2016-08-17 11:10:42 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Locky.13 20160817
AegisLab Troj.Ransom.W32.Locky!c 20160817
AhnLab-V3 Trojan/Win32.Locky.N2009445402 20160817
ALYac Trojan.Ransom.LockyCrypt 20160817
Avast Win32:Malware-gen 20160817
AVG Atros3.AZXD 20160817
Avira (no cloud) TR/Crypt.EPACK.rupi 20160817
AVware Trojan.Win32.Generic!BT 20160817
Baidu Win32.Trojan.WisdomEyes.151026.9950.9975 20160817
BitDefender Gen:Variant.Locky.13 20160817
Bkav W32.DroxpesLTL.Trojan 20160816
CAT-QuickHeal Ransom.Locky.A3 20160817
ClamAV Win.Malware.Locky-24481 20160817
Comodo TrojWare.Win32.Filecoder.a 20160817
Cyren W32/Locky.B.gen!Eldorado 20160817
DrWeb Trojan.Encoder.3976 20160817
Emsisoft Gen:Variant.Locky.13 (B) 20160817
ESET-NOD32 Win32/Filecoder.Locky.C 20160817
F-Prot W32/Locky.B.gen!Eldorado 20160817
F-Secure Gen:Variant.Locky.13 20160817
Fortinet W32/Malicious_Behavior.VEX 20160817
GData Gen:Variant.Locky.13 20160817
Ikarus Trojan.Win32.Filecoder 20160817
Jiangmin Trojan.Locky.afa 20160817
K7AntiVirus Trojan ( 004f00a01 ) 20160817
K7GW Trojan ( 004f00a01 ) 20160817
Kaspersky Trojan-Ransom.Win32.Locky.ayu 20160817
Malwarebytes Ransom.Locky 20160817
McAfee Generic.xu 20160817
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160816
Microsoft Ransom:Win32/Locky 20160817
eScan Gen:Variant.Locky.13 20160817
NANO-Antivirus Trojan.Win32.Encoder.ecpxwn 20160817
nProtect Trojan/W32.Locky.241664 20160817
Panda Trj/Locky.A 20160816
Qihoo-360 HEUR/QVM09.0.Malware.Gen 20160817
Rising Trojan.Ransom-Locky!8.4655-hCoHlTrmAWS (Cloud) 20160817
Sophos AV Troj/Ransom-DCP 20160816
Symantec Trojan.Cryptolocker.N 20160817
Tencent Win32.Trojan.Raas.Auto 20160817
TrendMicro Ransom_LOCKY.FC 20160817
TrendMicro-HouseCall Ransom_LOCKY.FC 20160817
VBA32 Hoax.Locky 20160817
VIPRE Trojan.Win32.Generic!BT 20160817
ViRobot Trojan.Win32.Locky.241664[h] 20160817
Yandex Trojan.Locky! 20160816
Zillya Trojan.Locky.Win32.294 20160816
Alibaba 20160817
Antiy-AVL 20160817
Arcabit 20160817
CMC 20160816
Kingsoft 20160817
SUPERAntiSpyware 20160817
TheHacker 20160816
TotalDefense 20160817
Zoner 20160817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-25 12:54:15
Entry Point 0x00018345
Number of sections 3
PE sections
PE imports
HeapSize
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
HeapDestroy
HeapAlloc
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeLibrary
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
GetLocaleInfoA
SetConsoleCtrlHandler
GetCurrentProcessId
GetCommandLineW
LCMapStringA
GetCurrentProcess
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetCurrentThread
CompareStringW
RaiseException
InterlockedExchangeAdd
GetCPInfo
GetTimeFormatA
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
ResetEvent
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
SetEnvironmentVariableA
GetProcessHeap
IsDebuggerPresent
TerminateProcess
GetTimeZoneInformation
WideCharToMultiByte
InitializeCriticalSection
HeapCreate
CompareStringA
VirtualFree
FatalAppExitA
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
GetLocaleInfoW
VirtualAlloc
SetLastError
LeaveCriticalSection
CoUninitialize
CoInitialize
OleGetClipboard
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:05:25 13:54:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
212992

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
28672

SubsystemVersion
4.0

EntryPoint
0x18345

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 1b4bb57ddc3b95528194fabaf01ac054
SHA1 d43099bcf31d5a9e9fb0cec6b624ed7c722486a4
SHA256 40c331e661c2d5079af5aaf6c4d706f5bbb3eee077853291235f0a470c94fbfb
ssdeep
3072:sP+D7NlbPpxizdtA3ibLfTPCpex39g6EXY3SbltwLiI2c6qt+9X:79P7+bIww23TSblt++

authentihash a52e651a5ff05915d6ae64e46131324542170e2960629dcc3a8f1549555612a6
imphash 6916b43a23d551bb77c09bf0bb145c71
File size 236.0 KB ( 241664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-25 13:02:51 UTC ( 2 years ago )
Last submission 2018-04-27 09:30:13 UTC ( 4 weeks, 1 day ago )
File names k7jhrt4hertg.exe.pe
TlsNCqz.exe_
3g34t3t4tggrt.exe
3g34t3t4tggrt
k7jhrt4hertg.exe
hendibe.ex0
k7jhrt4hertg
xgGKjGXzopE.exe
k7jhrt4hertg(2)
gotpage.BIN
TlsNCqz.exe
k7jhrt4hertg(1)
hendibe.exe
mal.exe
1b4bb57ddc3b95528194fabaf01ac054.exe
3g34t3t4tggrt (2)
k7jhrt4hertg.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications