× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50119da56e84ae4baa207a9391a0143fe5aa66c212aeba08e2d6d864af0a0d83
File name: 20691435
Detection ratio: 47 / 70
Analysis date: 2018-12-27 18:10:19 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ulise.20915 20181227
AegisLab Trojan.Win32.Fsysna.4!c 20181227
AhnLab-V3 Trojan/Win32.Shade.C2904490 20181227
ALYac Trojan.Ransom.Shade 20181227
Arcabit Trojan.Ulise.D51B3 20181227
Avast Win32:Malware-gen 20181227
AVG Win32:Malware-gen 20181227
BitDefender Gen:Variant.Ulise.20915 20181227
Bkav HW32.Packed. 20181227
Comodo Malware@#3u2abxjtlt8ow 20181227
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181227
Cyren W32/Trojan.KEZE-4823 20181227
DrWeb Trojan.Encoder.26818 20181227
Emsisoft Trojan-Ransom.Shade (A) 20181227
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CVCG 20181227
F-Prot W32/Ransom.KV.gen!Eldorado 20181227
F-Secure Gen:Variant.Ulise.20915 20181227
Fortinet W32/Kryptik.GJCI!tr 20181227
GData Gen:Variant.Ulise.20915 20181227
Ikarus Win32.Outbreak 20181227
Sophos ML heuristic 20181128
Jiangmin Trojan.Shade.pb 20181227
K7GW Trojan ( 005447f31 ) 20181227
Kaspersky Trojan.Win32.Fsysna.ezbi 20181227
Malwarebytes Ransom.Troldesh 20181227
MAX malware (ai score=100) 20181227
McAfee GenericRXGS-OE!0A0AE5D80427 20181227
McAfee-GW-Edition Artemis!Trojan 20181227
Microsoft Ransom:Win32/Troldesh.A 20181227
eScan Gen:Variant.Ulise.20915 20181227
NANO-Antivirus Trojan.Win32.Kryptik.fllozm 20181227
Palo Alto Networks (Known Signatures) generic.ml 20181227
Panda Trj/GdSda.A 20181226
Qihoo-360 Win32/Trojan.a78 20181227
Rising Ransom.Shade!8.12CC (CLOUD) 20181227
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20181227
Symantec Ransom.Troldesh 20181226
Tencent Win32.Trojan.Fsysna.Duw 20181227
Trapmine malicious.high.ml.score 20181205
TrendMicro-HouseCall TROJ_GEN.R002H05LQ18 20181227
VBA32 BScope.TrojanPSW.Papras 20181227
ViRobot Trojan.Win32.Ransom.1070344.A 20181227
Webroot W32.Trojan.Gen 20181227
ZoneAlarm by Check Point Trojan.Win32.Fsysna.ezbi 20181227
Acronis 20181227
Alibaba 20180921
Antiy-AVL 20181227
Avast-Mobile 20181227
Avira (no cloud) 20181227
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181227
ClamAV 20181227
CMC 20181226
Cybereason 20180225
eGambit 20181227
K7AntiVirus 20181227
Kingsoft 20181227
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TACHYON 20181227
TheHacker 20181225
TotalDefense 20181227
TrendMicro 20181227
Trustlook 20181227
Yandex 20181226
Zillya 20181227
Zoner 20181227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 7:00 AM 1/30/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-26 03:23:54
Entry Point 0x00001DA0
Number of sections 3
PE sections
Overlays
MD5 6489e844a7ba4d450d2915c484d134be
File type data
Offset 1067008
Size 3336
Entropy 7.35
PE imports
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RevertToSelf
RegCloseKey
OpenProcessToken
FreeSid
ImpersonateSelf
RegQueryValueExA
AccessCheck
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenThreadToken
RegOpenKeyExA
InitializeAcl
RegOpenKeyExW
GetLengthSid
AddAccessAllowedAce
RegEnumKeyExA
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
BeginPath
CreateMetaFileW
GetStdHandle
GetDriveTypeW
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
GetCurrentProcess
FileTimeToDosDateTime
LocalAlloc
GetFileInformationByHandle
GetLocaleInfoW
GetFileTime
GetTempPathA
GetCPInfo
GetTempPathW
HeapReAlloc
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
GetEnvironmentVariableA
GlobalHandle
FindClose
MoveFileW
SetLastError
GetSystemTime
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
LoadLibraryA
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
GetSystemDirectoryW
GetExitCodeThread
CreateMutexW
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
HeapFree
SetHandleCount
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetTempFileNameW
ExpandEnvironmentStringsW
GetTimeFormatA
GetTempFileNameA
FindFirstFileW
DuplicateHandle
GetProcAddress
CreateEventW
CreateFileW
GetFileType
CreateFileA
HeapAlloc
GetLastError
GetSystemInfo
lstrlenA
GlobalFree
OpenEventW
GlobalUnlock
lstrlenW
VirtualFree
FileTimeToLocalFileTime
GetCurrentProcessId
WideCharToMultiByte
GetCommandLineA
QueryPerformanceFrequency
SetFilePointer
ReadFile
CloseHandle
GlobalLock
GetModuleHandleW
HeapCreate
WriteFile
CreateProcessW
Sleep
VirtualAlloc
ResetEvent
SystemParametersInfoA
SetTimer
LoadCursorA
GetParent
UpdateWindow
SendMessageA
GetMenuItemCount
LoadStringA
PostMessageA
CharUpperW
wsprintfA
KillTimer
IsCharUpperW
GetDlgItem
ReleaseDC
GetDC
SetCursor
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:26 04:23:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1da0

InitializedDataSize
1057792

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 0a0ae5d804271f56c1fa5e1e695cc514
SHA1 e8d307b58856cd38c5b43f576a5dfd451f29b11c
SHA256 50119da56e84ae4baa207a9391a0143fe5aa66c212aeba08e2d6d864af0a0d83
ssdeep
12288:Mi94bywx1Dj5+h7ZCn0P5T7lHDbIi9dszYjN5HbPiLsptcyx7tbFEujtgDi:MHx13SZW0x5j5dsYnHeYpuyx7tx/tgDi

authentihash 8046ef1943317f725868453d53a2871e56b437f26aa52049a49b8ef0d3e3b39a
imphash 919a9aec1eff347967bff351784e8b43
File size 1.0 MB ( 1070344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-26 03:37:15 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-27 07:21:16 UTC ( 3 weeks, 2 days ago )
File names output.114801095.txt
output.114812968.txt
output.114772920.txt
20738483
csrss.exe
20691435
ransomware.bb.exe.milo
sserv.exe
output.114770246.txt
output.114812998.txt
output.114800219.txt
csrss.exe
output.114800188.txt
sserv.jpg
csrss.exe
output.114771170.txt
output.114812948.txt
output.114822040.txt
output.114779947.txt
output.114822037.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections