× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50112b9d1137171909355a15646952dd6119f088b9790adabeee1fa85dd5b42c
File name: jackripper.exe
Detection ratio: 6 / 71
Analysis date: 2018-12-19 08:30:27 UTC ( 3 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Cylance Unsafe 20181219
Fortinet W32/Generic.AP.23A17C!tr 20181219
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgXfBgvstflxdw) 20181219
Trapmine malicious.high.ml.score 20181205
VBA32 BScope.Trojan.Fuery 20181218
Acronis 20180726
Ad-Aware 20181219
AegisLab 20181219
AhnLab-V3 20181219
Alibaba 20180921
Antiy-AVL 20181218
Arcabit 20181219
Avast 20181219
Avast-Mobile 20181218
AVG 20181219
Avira (no cloud) 20181219
AVware 20180925
Babable 20180918
Baidu 20181207
BitDefender 20181219
Bkav 20181217
CAT-QuickHeal 20181218
ClamAV 20181219
CMC 20181218
Comodo 20181219
Cybereason 20180225
Cyren 20181219
DrWeb 20181219
eGambit 20181219
Emsisoft 20181219
Endgame 20181108
ESET-NOD32 20181219
F-Prot 20181219
F-Secure 20181219
GData 20181219
Ikarus 20181219
Sophos ML 20181128
Jiangmin 20181219
K7AntiVirus 20181219
K7GW 20181219
Kaspersky 20181219
Kingsoft 20181219
Malwarebytes 20181219
MAX 20181219
McAfee 20181219
McAfee-GW-Edition 20181219
Microsoft 20181218
eScan 20181219
NANO-Antivirus 20181219
Palo Alto Networks (Known Signatures) 20181219
Panda 20181218
Qihoo-360 20181219
SentinelOne (Static ML) 20181011
Sophos AV 20181219
SUPERAntiSpyware 20181212
Symantec 20181219
Symantec Mobile Insight 20181215
TACHYON 20181219
Tencent 20181219
TheHacker 20181216
TotalDefense 20181218
TrendMicro 20181219
TrendMicro-HouseCall 20181219
Trustlook 20181219
VIPRE None
ViRobot 20181218
Webroot 20181219
Yandex 20181218
Zillya 20181217
ZoneAlarm by Check Point 20181219
Zoner 20181219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-24 03:57:18
Entry Point 0x0000378E
Number of sections 5
PE sections
PE imports
FreeEnvironmentStringsW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
LCMapStringA
HeapReAlloc
IsDebuggerPresent
GetTickCount
TlsAlloc
GetCommMask
GetHandleInformation
FlushFileBuffers
LoadLibraryA
HeapSize
RtlUnwind
GetModuleFileNameA
GetACP
HeapAlloc
GetCurrentProcess
GetLocaleInfoA
GetConsoleMode
SetConsoleCtrlHandler
LocalAlloc
LCMapStringW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
GetFileInformationByHandle
GetProcAddress
GetStringTypeA
GetFileType
SetStdHandle
SetFilePointer
lstrcpyW
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
GetCommConfig
GetStringTypeW
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
LocalFileTimeToFileTime
GetEnvironmentStringsW
TlsGetValue
Sleep
SetLastError
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
WriteConsoleW
InterlockedIncrement
Number of PE resources by type
RT_ICON 15
RT_STRING 4
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
191488

EntryPoint
0x378e

MIMEType
application/octet-stream

TimeStamp
2018:03:24 04:57:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
rupirahiw.exe

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
63488

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6c0b7719f6a9317535b81a30901f2092
SHA1 a0cf699510bc9a367484dd9ab9919ce72580a1a7
SHA256 50112b9d1137171909355a15646952dd6119f088b9790adabeee1fa85dd5b42c
ssdeep
3072:syV6LUCjOZTBNVX3AZ5x+ldOVQ1jgAUDs9p0ky5:eLxaZd/wdO0d3s0F5

authentihash 359c298b64b25639ab730ee00bf45cea1c5e28ff8143f1c4b3a07bd7d67c002b
imphash f19e865dd2fad18a6d830cf5a2ad3efd
File size 242.5 KB ( 248320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-19 08:30:27 UTC ( 3 months ago )
Last submission 2018-12-19 08:30:27 UTC ( 3 months ago )
File names jackripper.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs