× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4707e6afa403fbb21145e6c3c55b7c384554da188b4ad4410cd526a1ba4b8815
File name: crypt0l0cker.exe
Detection ratio: 24 / 55
Analysis date: 2016-02-24 19:52:37 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.60891 20160224
AhnLab-V3 Trojan/Win32.Teerac 20160224
ALYac Gen:Variant.Symmi.60891 20160224
Arcabit Trojan.Symmi.DEDDB 20160224
Avast Win32:Malware-gen 20160224
AVG Generic37.ANII 20160224
Avira (no cloud) TR/Crypt.ZPACK.193078 20160224
BitDefender Gen:Variant.Symmi.60891 20160224
DrWeb Trojan.Encoder.3882 20160224
Emsisoft Gen:Variant.Symmi.60891 (B) 20160224
ESET-NOD32 a variant of Win32/Injector.CSEF 20160224
F-Secure Gen:Variant.Symmi.60891 20160224
Fortinet W32/Injector.CSEF!tr 20160224
GData Gen:Variant.Symmi.60891 20160224
Ikarus Trojan-Ransom.CryptoWall3 20160224
Kaspersky Trojan.Win32.Waldek.cxa 20160224
Malwarebytes Ransom.TorrentLocker 20160224
McAfee Ransom-Teerac!105038FF0A9D 20160224
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.ch 20160224
Microsoft Trojan:Win32/Skeeyah.A!rfn 20160224
eScan Gen:Variant.Symmi.60891 20160224
Panda Generic Suspicious 20160224
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160224
Sophos AV Mal/Ransom-EF 20160224
AegisLab 20160224
Yandex 20160221
Alibaba 20160224
Antiy-AVL 20160224
AVware 20160224
Baidu-International 20160224
Bkav 20160224
ByteHero 20160224
CAT-QuickHeal 20160224
ClamAV 20160224
CMC 20160223
Comodo 20160224
Cyren 20160224
F-Prot 20160224
Jiangmin 20160224
K7AntiVirus 20160224
K7GW 20160224
NANO-Antivirus 20160224
nProtect 20160224
Rising 20160224
SUPERAntiSpyware 20160224
Symantec 20160224
Tencent 20160224
TheHacker 20160222
TrendMicro 20160224
TrendMicro-HouseCall 20160224
VBA32 20160224
VIPRE 20160224
ViRobot 20160224
Zillya 20160224
Zoner 20160224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-07 14:35:12
Entry Point 0x000116E6
Number of sections 4
PE sections
Overlays
MD5 097d64d01900bdacdd01863531aa1759
File type data
Offset 184320
Size 1107
Entropy 6.07
PE imports
CreatePolygonRgn
DeleteEnhMetaFile
CreateFontIndirectW
OffsetRgn
GetBkMode
CreateICW
SetDeviceGammaRamp
LPtoDP
GetClipBox
ModifyWorldTransform
GetDeviceCaps
CreateDCA
DeleteDC
SetMetaFileBitsEx
ScaleViewportExtEx
GetTextExtentExPointW
FillPath
CreateDCW
GetCharWidthA
GetObjectA
GetCurrentObject
RectVisible
GetStockObject
GetCurrentPositionEx
SelectPalette
GetOutlineTextMetricsW
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleDC
StretchBlt
SetStretchBltMode
CloseEnhMetaFile
SetBrushOrgEx
EndPage
GetWinMetaFileBits
EnumEnhMetaFile
ExtCreatePen
SetTextCharacterExtra
GetTextExtentPoint32W
ImmSetOpenStatus
AreFileApisANSI
GetCommTimeouts
GetEnvironmentStrings
DosDateTimeToFileTime
GetCurrentDirectoryW
GetShortPathNameW
GetStartupInfoA
GetModuleHandleA
GetPrivateProfileIntA
GetVolumeInformationW
GetProcessPriorityBoost
Ord(324)
Ord(3825)
Ord(2648)
Ord(3147)
Ord(2124)
Ord(5199)
Ord(3830)
Ord(4627)
Ord(3597)
Ord(1021)
Ord(4853)
Ord(3136)
Ord(3259)
Ord(2982)
Ord(561)
Ord(3079)
Ord(3262)
Ord(4234)
Ord(5241)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(1047)
Ord(3798)
Ord(1002)
Ord(1041)
Ord(3081)
Ord(5065)
Ord(4407)
Ord(2446)
Ord(6374)
Ord(4079)
Ord(1020)
Ord(2725)
Ord(2554)
Ord(5289)
Ord(1076)
Ord(6376)
Ord(1066)
Ord(3831)
Ord(3346)
Ord(1084)
Ord(5280)
Ord(5302)
Ord(1727)
Ord(1168)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(1043)
Ord(4486)
Ord(4078)
Ord(2396)
Ord(5300)
Ord(1098)
Ord(4698)
Ord(4998)
Ord(3922)
Ord(4353)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(2512)
Ord(5277)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(5731)
__p__fmode
log
__CxxFrameHandler
_acmdln
wcsspn
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
ldexp
__getmainargs
_initterm
_controlfp
_lseeki64
_EH_prolog
_adjust_fdiv
__set_app_type
RasHangUpA
DestroyIcon
Number of PE resources by type
RT_RCDATA 12
RT_ICON 4
RT_GROUP_ICON 4
RT_DIALOG 2
cn2b08 1
cS34300dC 1
skEw732214 1
ti2Q18 1
W2112Fo71 1
aT661 1
V0M300E 1
xOX5K 1
nmsvg1M5v 1
iu2RC5ex1 1
RT_VERSION 1
JCqCN2w 1
Number of PE resources by language
NEUTRAL 34
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.89.148.191

UninitializedDataSize
0

LanguageCode
Unknown (DISA)

FileFlagsMask
0x003f

CharacterSet
Unknown (SSEMBLER)

InitializedDataSize
110592

EntryPoint
0x116e6

MIMEType
application/octet-stream

LegalCopyright
2015 (C) 2013

FileVersion
0.246.236.55

TimeStamp
2009:03:07 15:35:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Caldron

ProductVersion
0.169.25.76

FileDescription
Cattery Dime Enlistment

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Timex Corporation

CodeSize
69632

ProductName
Commendable Drays

ProductVersionNumber
0.250.29.156

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 105038ff0a9d0dd4a539f5b040c0522b
SHA1 62372737d83b4a7098c0de01b8c4b1bf4898e752
SHA256 4707e6afa403fbb21145e6c3c55b7c384554da188b4ad4410cd526a1ba4b8815
ssdeep
3072:6HcMMDm36Xno73RINeMX2uNLbGsUFgBzGiwtHu25ijJWbs1vnvlQymbcuMIy:6HyK+oa5D2sf8HB5ijJis1nif/Mj

authentihash 273f9e3e90cbc38e181bd89dc47268a509186891940ceba065b4a66c519c74ae
imphash 1133c6540c63437058a3b8e5215ad53d
File size 181.1 KB ( 185427 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-24 19:52:37 UTC ( 3 years ago )
Last submission 2016-02-24 19:52:37 UTC ( 3 years ago )
File names crypt0l0cker.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!