× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b5fe7497864d07f78af15fa3e1aa3702b303b89f9644624871d83dd0f484749
File name: vn.exe
Detection ratio: 53 / 68
Analysis date: 2018-11-14 22:02:41 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.GandCrab.W 20181114
AegisLab Trojan.Win32.GandCrypt.4!c 20181114
AhnLab-V3 Trojan/Win32.Gandcrab.C2736954 20181114
ALYac Trojan.Ransom.GandCrab 20181114
Antiy-AVL Trojan[Ransom]/Win32.GandCrypt 20181114
Arcabit Trojan.Ransom.GandCrab.W 20181114
Avast Win32:RansomX-gen [Ransom] 20181114
AVG Win32:RansomX-gen [Ransom] 20181114
Avira (no cloud) HEUR/AGEN.1036379 20181114
BitDefender Trojan.Ransom.GandCrab.W 20181114
Bkav W32.PorusidLTS.Trojan 20181114
CAT-QuickHeal Ransom.Gandcrab.S3989043 20181114
ClamAV Win.Ransomware.Gandcrab-6667060-0 20181114
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.018ad2 20180225
Cylance Unsafe 20181114
Cyren W32/Trojan.TYEA-0759 20181114
DrWeb Trojan.Encoder.26667 20181114
Emsisoft Trojan.Ransom.GandCrab.W (B) 20181114
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Filecoder.GandCrab.D 20181114
F-Secure Trojan.Ransom.GandCrab.W 20181114
Fortinet W32/GandCrab.D!tr.ransom 20181114
GData Trojan.Ransom.GandCrab.W 20181114
Ikarus Trojan-Ransom.GandCrab 20181114
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0053d33d1 ) 20181113
K7GW Trojan ( 0053d33d1 ) 20181114
Kaspersky Trojan-Ransom.Win32.GandCrypt.fbd 20181114
Malwarebytes Ransom.GandCrab 20181114
MAX malware (ai score=100) 20181114
McAfee Ran-GandCrabv4!24275604649A 20181114
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20181114
Microsoft Ransom:Win32/Gandcrab.AW!bit 20181114
eScan Trojan.Ransom.GandCrab.W 20181114
NANO-Antivirus Trojan.Win32.GandCrypt.fjrarj 20181114
Palo Alto Networks (Known Signatures) generic.ml 20181114
Panda Trj/Genetic.gen 20181114
Qihoo-360 HEUR/QVM20.1.E8BB.Malware.Gen 20181114
Rising Trojan.Filecoder!1.B42B (CLOUD) 20181114
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/GandCrab-E 20181114
Symantec Ransom.GandCrab!g4 20181114
Tencent Win32.Trojan.Raas.Auto 20181114
TrendMicro Ransom_Gandcrab.R039C0CK218 20181114
TrendMicro-HouseCall Ransom.Win32.GANDCRAB.SMK 20181114
VBA32 BScope.TrojanRansom.Cryptor 20181114
VIPRE Trojan.Win32.Generic!BT 20181114
ViRobot Trojan.Win32.Agent.142336.AE 20181114
Webroot W32.Malware.gen 20181114
Zillya Trojan.GandCrypt.Win32.1154 20181114
ZoneAlarm by Check Point Trojan-Ransom.Win32.GandCrypt.fbd 20181114
Zoner Trojan.Gandcrab 20181114
Alibaba 20180921
Avast-Mobile 20181114
Babable 20180918
Baidu 20181114
CMC 20181114
eGambit 20181114
F-Prot 20181114
Jiangmin 20181114
Kingsoft 20181114
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181114
TheHacker 20181113
TotalDefense 20181114
Trustlook 20181114
Yandex 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-26 08:47:08
Entry Point 0x00006229
Number of sections 5
PE sections
PE imports
GetTokenInformation
GetSidSubAuthorityCount
RegCreateKeyExW
GetSidSubAuthority
CryptGetKeyParam
OpenProcessToken
GetUserNameW
CryptDestroyKey
RegSetValueExW
CryptReleaseContext
RegOpenKeyExW
CryptExportKey
CryptAcquireContextW
CryptEncrypt
RegCloseKey
CryptGenKey
RegQueryValueExW
CryptImportKey
GetDeviceCaps
GetBitmapBits
DeleteDC
SetBitmapBits
SelectObject
GetStockObject
CreateFontW
SetPixel
GetPixel
GetDIBits
GetObjectW
CreateBitmap
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetStdHandle
GetDriveTypeW
WaitForSingleObject
GetDriveTypeA
EncodePointer
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
VirtualLock
lstrcatW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
GetDiskFreeSpaceW
GetTempPathW
GetStringTypeW
LocalFree
ConnectNamedPipe
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
LoadLibraryA
VerSetConditionMask
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
GetSystemDirectoryW
MoveFileExW
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
lstrcmpiA
GetOEMCP
GetTickCount
FlushFileBuffers
lstrcmpiW
RtlUnwind
UnlockFile
GetWindowsDirectoryW
OpenProcess
GetProcAddress
CreateNamedPipeW
GetProcessHeap
GetComputerNameW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
FindFirstFileW
lstrcmpW
FindFirstFileExW
WaitForMultipleObjects
CreateEventW
CreateFileW
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
GetShortPathNameW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GlobalAlloc
lstrlenW
Process32NextW
GetCurrentProcessId
GetCPInfo
GetCommandLineA
Process32FirstW
GetModuleHandleA
VirtualUnlock
ReadFile
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
IsValidCodePage
WriteFile
VirtualFree
Sleep
VirtualAlloc
WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW
NdrClientCall2
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
ReleaseDC
GetForegroundWindow
SetProcessWindowStation
DrawTextA
wsprintfA
FillRect
wsprintfW
SystemParametersInfoW
CreateWindowStationW
DrawTextW
GetDC
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoA
InternetOpenW
HttpOpenRequestW
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:26 01:47:08-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
80896

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x6229

InitializedDataSize
68096

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
File identification
MD5 24275604649ac0abafe99b981b914fbc
SHA1 818b0e3018ad27be9887e9e5f4ef1971f422652c
SHA256 4b5fe7497864d07f78af15fa3e1aa3702b303b89f9644624871d83dd0f484749
ssdeep
1536:JLMVCWvZ8URtqOz3d+1Qs6H9Mk2e3E2avMWC3yMgYxf6+okbdWsWjcdpKCaIxWzX:VM9ntZ3s1QJdnU2SQdf64ZZ8CaIxWec

authentihash f60a5e77fa6c49529ce42130c21c662d3ac8fbd7cce0eaaebb046b22f86f8547
imphash 34fc9f1d705d6f6d4e6c04b364ef13e0
File size 139.0 KB ( 142336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-02 20:51:03 UTC ( 4 months, 2 weeks ago )
Last submission 2018-12-24 17:06:03 UTC ( 2 months, 3 weeks ago )
File names crb.exe
vn.exe
output.114478546.txt
20181026_084708.exe
c.exe
vn.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!