× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4551578e5445ffb08965a1c946b9c4f8934b96f15ad591fea251c8eceda750a6
File name: LUYTbjnrf
Detection ratio: 20 / 65
Analysis date: 2017-09-28 09:05:26 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/RansomCrypt.Exp 20170928
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170928
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170928
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/GenKryptik.AXUK 20170928
Fortinet W32/Locky.FWSD!tr.ransom 20170928
Ikarus Trojan-Ransom.Locky 20170928
Sophos ML heuristic 20170914
McAfee-GW-Edition BehavesLike.Win32.Ransomware.hc 20170928
Microsoft Ransom:Win32/Locky.A 20170928
Palo Alto Networks (Known Signatures) generic.ml 20170928
Qihoo-360 HEUR/QVM20.1.24D8.Malware.Gen 20170928
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazpsCvUXZUjEP+fOoGRKe7/Q) 20170928
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170928
Symantec ML.Attribute.HighConfidence 20170928
TrendMicro Ransom_CERBER.SMALY0 20170928
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170928
WhiteArmor Malware.HighConfidence 20170927
Ad-Aware 20170928
AegisLab 20170928
Alibaba 20170911
ALYac 20170928
Antiy-AVL 20170928
Arcabit 20170928
Avast 20170928
Avast-Mobile 20170928
AVG 20170928
Avira (no cloud) 20170928
AVware 20170928
BitDefender 20170928
CAT-QuickHeal 20170928
ClamAV 20170928
CMC 20170928
Comodo 20170928
Cyren 20170928
DrWeb 20170928
Emsisoft 20170928
F-Prot 20170928
F-Secure 20170928
GData 20170928
Jiangmin 20170928
K7AntiVirus 20170928
K7GW 20170928
Kaspersky 20170928
Kingsoft 20170928
Malwarebytes 20170928
MAX 20170928
McAfee 20170928
eScan 20170928
NANO-Antivirus 20170928
nProtect 20170928
Panda 20170927
SUPERAntiSpyware 20170928
Symantec Mobile Insight 20170928
Tencent 20170928
TheHacker 20170925
TotalDefense 20170928
Trustlook 20170928
VBA32 20170927
VIPRE 20170928
ViRobot 20170928
Webroot 20170928
Yandex 20170908
Zillya 20170927
ZoneAlarm by Check Point 20170928
Zoner 20170928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-24 10:56:05
Entry Point 0x00002AF7
Number of sections 4
PE sections
PE imports
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
SetSetupSave
DowngradeAPL
ComPlusMigrate
CreateMailslotW
CreateJobObjectA
UnmapViewOfFile
GetModuleFileNameW
WaitForSingleObject
GetModuleHandleW
GetOEMCP
GetLogicalDriveStringsW
CreateFileA
GetCommandLineA
GetFileAttributesW
GetProcAddress
MoveFileExA
LoadLibraryA
SetLastError
CPEncrypt
CPGenKey
CPDecrypt
InsertMenuA
LoadCursorA
PeekMessageW
IsDialogMessageW
GetPropW
LoadBitmapA
LoadStringW
LoadIconW
LoadMenuW
GetClassLongA
CharToOemA
Number of PE resources by type
RT_RCDATA 2
RT_STRING 1
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:24 11:56:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
41984

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, Aggressive working-set trim, 32-bit, No debug

EntryPoint
0x2af7

InitializedDataSize
546816

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 09c1bfe8197834c1871857db7044bc3f
SHA1 9acdfb579191f1054e650fc7ee2da75e96d9e716
SHA256 4551578e5445ffb08965a1c946b9c4f8934b96f15ad591fea251c8eceda750a6
ssdeep
12288:HcMCup82qSSqeXKG1vHOTbGDWZcpvVbUfJ:XFp82qfF6GxHOT8WZZf

authentihash b001bc533202192b3ad89fba1644113672e5d6a932c639f4f6325eef7560fb2b
imphash 6620773578a6b1dd14511983b94fc064
File size 576.0 KB ( 589824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-28 09:05:26 UTC ( 1 year, 4 months ago )
Last submission 2018-10-24 17:17:29 UTC ( 3 months, 3 weeks ago )
File names 09c1bfe8197834c1871857db7044bc3f.vir
4551578e5445ffb08965a1c946b9c4f8934b96f15ad591fea251c8eceda750a6
LUYTbjnrf
LUYTbjnrf
09c1bfe8197834c1871857db7044bc3f.vir
ualKDrrvl.exe
09c1bfe8197834c1871857db7044bc3f.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications