× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2
File name: output.114577902.txt
Detection ratio: 54 / 67
Analysis date: 2019-04-09 05:37:06 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190409
Ad-Aware Trojan.GenericKD.31501029 20190409
AegisLab Trojan.Win32.Shade.4!c 20190409
AhnLab-V3 Trojan/Win32.Shade.C2909757 20190408
Alibaba Ransom:Win32/Shade.488029ba 20190402
ALYac Trojan.Ransom.Shade 20190409
Antiy-AVL Trojan[Ransom]/Win32.Shade 20190409
Arcabit Trojan.Generic.D1E0AAE5 20190409
Avast Win32:Malware-gen 20190409
AVG Win32:Malware-gen 20190409
Avira (no cloud) TR/BAS.Samca.mfwsd 20190408
BitDefender Trojan.GenericKD.31501029 20190409
CAT-QuickHeal Trojan.Troldesh 20190407
Comodo Malware@#18vf6qf7r729h 20190409
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.15df65 20190403
Cyren W32/Trojan.SCEX-7997 20190409
DrWeb Trojan.Encoder.858 20190409
eGambit PE.Heur.InvalidSig 20190409
Emsisoft Trojan.GenericKD.31501029 (B) 20190409
Endgame malicious (high confidence) 20190403
ESET-NOD32 Win32/Filecoder.Shade.A 20190409
F-Secure Trojan.TR/BAS.Samca.mfwsd 20190408
FireEye Generic.mg.4c6f64715df65201 20190409
Fortinet W32/Shade.ED!tr 20190409
GData Win32.Trojan-Ransom.Shade.UDNJ5J 20190409
Ikarus Trojan-Ransom.Crypted007 20190408
Sophos ML heuristic 20190313
Jiangmin Trojan.Shade.pg 20190409
K7AntiVirus Trojan ( 004b8aa51 ) 20190409
K7GW Trojan ( 004b8aa51 ) 20190409
Kaspersky Trojan-Ransom.Win32.Shade.pho 20190409
Malwarebytes Ransom.Troldesh 20190409
McAfee Generic.bus 20190409
McAfee-GW-Edition Generic.bus 20190409
Microsoft VirTool:Win32/CeeInject.AAK!bit 20190409
eScan Trojan.GenericKD.31501029 20190409
NANO-Antivirus Trojan.Win32.Encoder.floyfc 20190409
Palo Alto Networks (Known Signatures) generic.ml 20190409
Panda Trj/WLT.E 20190408
Qihoo-360 Win32/Trojan.Ransom.f3d 20190409
Rising Trojan.Win32.Generic.1A0D010A (RDM+:cmRtazq2fJL1peVHk8v0fC3gbNcM) 20190409
SentinelOne (Static ML) DFI - Malicious PE 20190407
Sophos AV Mal/Cerber-AL 20190409
Tencent Win32.Trojan.Shade.Peqh 20190409
Trapmine malicious.high.ml.score 20190325
TrendMicro-HouseCall Ransom.Win32.SHADE.SM 20190409
VBA32 BScope.Trojan-Spy.Zbot 20190408
VIPRE Trojan.Win32.Generic!BT 20190409
ViRobot Trojan.Win32.Ransom.1490120 20190409
Yandex Trojan.Shade! 20190408
Zillya Trojan.Shade.Win32.953 20190408
ZoneAlarm by Check Point Trojan-Ransom.Win32.Shade.pho 20190409
Zoner Trojan.Win32.75968 20190409
Avast-Mobile 20190408
Babable 20180918
Baidu 20190318
Bkav 20190408
ClamAV 20190408
CMC 20190321
Kingsoft 20190409
MAX 20190409
SUPERAntiSpyware 20190404
Symantec Mobile Insight 20190408
TACHYON 20190409
TheHacker 20190405
TotalDefense 20190409
Trustlook 20190409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 2:03 AM 5/17/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-29 03:12:27
Entry Point 0x00156560
Number of sections 3
PE sections
Overlays
MD5 13944cb2cb91524e398ae6416dcf4b50
File type data
Offset 1487360
Size 2760
Entropy 7.40
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExW
InitCommonControlsEx
PlayMetaFileRecord
DeleteEnhMetaFile
CreateFontIndirectW
CreateHalftonePalette
GetBkMode
SaveDC
GdiInitSpool
SetDCBrushColor
GdiGradientFill
GdiConvertBrush
GdiGetCharDimensions
GetPixel
GetGlyphOutlineA
GetLayout
PolyDraw
ExcludeClipRect
LineTo
EngAlphaBlend
StartFormPage
DeleteDC
CancelDC
RestoreDC
SetBkMode
GetTextCharacterExtra
EngQueryLocalTime
SetPixel
EngQueryEMFInfo
GdiGetLocalBrush
CLIPOBJ_cEnumStart
BitBlt
GetTextAlign
Polyline
CreateCompatibleBitmap
EnumFontFamiliesA
SetTextColor
GetDeviceCaps
GetCurrentObject
MoveToEx
GdiReleaseDC
BRUSHOBJ_hGetColorTransform
SetMiterLimit
GetGlyphOutline
DrawEscape
CloseMetaFile
GetStockObject
GetDCBrushColor
CreateEnhMetaFileA
ExtCreateRegion
GdiFlush
CreateCompatibleDC
StrokeAndFillPath
HT_Get8BPPMaskPalette
FONTOBJ_pQueryGlyphAttrs
ExtEscape
CreateScalableFontResourceW
CloseFigure
SelectObject
DeleteObject
GdiGetSpoolMessage
Ellipse
SetWindowExtEx
CreateColorSpaceW
GetTextColor
CreateSolidBrush
GdiConvertMetaFilePict
GetMapMode
SetBkColor
SetWinMetaFileBits
GetCharWidth32A
GetTextExtentPoint32W
SetRectRgn
ImmDisableIME
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
HeapSize
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
InterlockedDecrement
SetLastError
GetSystemTime
OpenThread
TlsGetValue
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
LoadLibraryA
EnumResourceLanguagesW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
GetVolumeNameForVolumeMountPointA
CreateThread
GetSystemDirectoryW
CreateSemaphoreW
CreateMutexW
MulDiv
IsProcessorFeaturePresent
SetEnvironmentVariableA
FindAtomW
SetUnhandledExceptionFilter
WriteConsoleA
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
DeviceIoControl
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetEnvironmentStrings
GetFileSize
GetStartupInfoW
CreateDirectoryW
GetProcAddress
GetPrivateProfileIntW
AddAtomW
GetProcessHeap
CompareStringW
WriteFile
GetFileSizeEx
ExpandEnvironmentStringsW
GetModuleHandleA
CompareStringA
TerminateProcess
GetPrivateProfileSectionW
GetTimeZoneInformation
ReadDirectoryChangesW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrcpyW
GlobalAlloc
lstrlenW
VirtualFree
Module32FirstW
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
GetAtomNameW
GetCommandLineA
InterlockedCompareExchange
WritePrivateProfileStringW
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
DeleteAtom
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
FindResourceExW
GetLongPathNameW
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
OpenSemaphoreW
VirtualAlloc
SHGetFolderPathW
SHLoadInProc
DoEnvironmentSubstA
ShellExecuteW
ExtractAssociatedIconExA
SHFileOperationW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHSetValueW
StrStrIA
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
StrCmpNIW
StrStrIW
PathAppendW
StrCmpNA
PathCombineW
StrToIntW
SHGetValueW
GetForegroundWindow
SetWindowRgn
DestroyWindow
LoadCursorFromFileA
PostQuitMessage
GetWindowContextHelpId
IsWindow
GrayStringW
SetDeskWallpaper
EndPaint
OpenIcon
VkKeyScanA
OpenWindowStationW
GetDC
ReleaseDC
LoadBitmapW
SendMessageW
UnregisterClassA
AnyPopup
GetClientRect
DrawTextW
IsClipboardFormatAvailable
GetActiveWindow
GetWindowTextW
LoadAcceleratorsW
GetMenuItemID
PtInRect
GetClassInfoExW
UpdateWindow
GetGuiResources
EnumWindows
CheckRadioButton
GetMessageW
ShowWindow
CallMsgFilterW
ValidateRgn
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
GetDlgItemTextW
LoadStringA
RegisterClassW
CharLowerA
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
IsIconic
InvertRect
GetSubMenu
SetTimer
FillRect
EnumThreadWindows
CharNextA
GetDialogBaseUnits
CreateWindowExW
GetWindowLongW
GetWindowInfo
CharNextW
BeginPaint
OffsetRect
DefWindowProcW
CheckMenuRadioItem
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
GetMessageExtraInfo
WINNLSGetEnableStatus
CharLowerW
PostMessageW
CheckDlgButton
WaitMessage
CreatePopupMenu
GetTitleBarInfo
SetWindowTextW
CreateMenu
GetDlgItem
CreateIconIndirect
IsDlgButtonChecked
GetDesktopWindow
LoadCursorW
LoadIconW
DispatchMessageW
IntersectRect
EndDialog
GetMessagePos
FindWindowW
GetWindowThreadProcessId
MessageBoxW
GetMenu
RegisterClassExW
MoveWindow
DialogBoxParamW
MessageBoxA
SetDlgItemTextW
EnableMenuItem
GetAltTabInfoA
IsWindowVisible
WinHelpW
UnionRect
FrameRect
SetRect
RealGetWindowClassA
InvalidateRect
CallWindowProcW
CloseDesktop
IsMenu
SendMessageTimeoutW
wsprintfW
TranslateAcceleratorW
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:29 04:12:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1401344

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x156560

InitializedDataSize
85504

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
File identification
MD5 4c6f64715df65201b347a48ac66d3daa
SHA1 2c4ff72e0f17af6dad7146a2f9de06e1187e0b69
SHA256 414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2
ssdeep
24576:AcH4RyUdH474qoYqDDBfdcxVrGpw+yf2fJala9wth/j9O/1:jgh4sqoYiDge3o2xaASZMd

authentihash ddfc8758fe67050e4aa53c42e7115ac8d96273ed40cc8417232eb12364c860f6
imphash c0b56bf400b50c017c67f5287c8df2b0
File size 1.4 MB ( 1490120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (47.7%)
Windows screen saver (22.6%)
Win32 Dynamic Link Library (generic) (11.3%)
Win32 Executable (generic) (7.7%)
OS/2 Executable (generic) (3.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-29 03:37:47 UTC ( 4 months, 3 weeks ago )
Last submission 2019-03-12 10:55:59 UTC ( 2 months, 1 week ago )
File names output.114836334.txt
csrss(84).gxe
sserv.jpg
output.114636648.txt
output.115120293.txt
rad1CE0F.tmp
output.114812960.txt
output.114800187.txt
zinf.jpg
output.114882186.txt
output.114812995.txt
output.114591102.txt
output.114750315.txt
radF671A.tmp
csrss.exe
output.114882382.txt
output.114882783.txt
output.114794729.txt
output.114744735.txt
csrss.exe
output.114812970.txt
output.114770246.txt
output.114882635.txt
output.114577902.txt
4c6f64715df65201b347a48ac66d3daa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections