× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50624b1338349dcab4ad8345e0100ea75d3b643ef1e3a487b32fd711418b281b
File name: sindy_hot_2016_sex_party_in_the_club.exe
Detection ratio: 52 / 62
Analysis date: 2017-08-06 01:54:06 UTC ( 1 week, 3 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4225294 20170805
AhnLab-V3 Trojan/Win32.SageCrypt.R194378 20170805
Antiy-AVL Trojan/Win32.TGeneric 20170805
Arcabit Trojan.Generic.D40790E 20170805
Avast Win32:Malware-gen 20170805
AVG Win32:Malware-gen 20170805
Avira (no cloud) TR/AD.Cerber.pvxdy 20170805
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9746 20170804
BitDefender Trojan.GenericKD.4225294 20170805
CAT-QuickHeal Ransom.Sage.A4 20170805
ClamAV Win.Trojan.Agent-5676959-0 20170805
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170710
Cylance Unsafe 20170806
Cyren W32/Trojan.PIEM-7840 20170805
DrWeb Trojan.Encoder.10175 20170805
Emsisoft Trojan.GenericKD.4225294 (B) 20170805
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/Filecoder.NHQ 20170805
F-Prot W32/Trojan3.YEO 20170805
F-Secure Trojan.GenericKD.4225294 20170805
Fortinet W32/Generic.AC.3C3C7A!tr 20170805
GData Win32.Trojan.Agent.O22W8X 20170805
Ikarus Trojan.Win32.Filecoder 20170805
Sophos ML heuristic 20170607
Jiangmin Trojan.SageCrypt.b 20170805
K7AntiVirus Trojan ( 004f78ba1 ) 20170804
K7GW Trojan ( 004f78ba1 ) 20170805
Kaspersky Trojan-Ransom.Win32.SageCrypt.b 20170805
Malwarebytes Ransom.SageLocker 20170805
MAX malware (ai score=80) 20170805
McAfee Generic.aam 20170804
McAfee-GW-Edition Generic.aam 20170805
Microsoft Ransom:Win32/Milicry.A 20170805
eScan Trojan.GenericKD.4225294 20170805
NANO-Antivirus Trojan.Win32.SageCrypt.ektuwy 20170805
Palo Alto Networks (Known Signatures) generic.ml 20170806
Panda Trj/WLT.C 20170805
Qihoo-360 HEUR/QVM07.1.B8B9.Malware.Gen 20170806
Rising Trojan.Win32.generic.cl (ktse) 20170805
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Troj/Ransom-EDF 20170805
SUPERAntiSpyware Ransom.SageLocker/Variant 20170805
Symantec Ransom.Cry 20170805
Tencent Win32.Trojan.Sagecrypt.Pgdo 20170806
VBA32 SScope.TrojanRansom.WannaCry 20170803
VIPRE Trojan.Win32.Generic!BT 20170805
ViRobot Trojan.Win32.Z.Milicry.352414 20170805
Webroot W32.Trojan.Gen 20170806
Yandex Trojan.SageCrypt! 20170801
Zillya Trojan.SageCrypt.Win32.3 20170804
ZoneAlarm by Check Point Trojan-Ransom.Win32.SageCrypt.b 20170805
Zoner Trojan.Filecoder 20170805
AegisLab 20170805
Alibaba 20170804
Bkav 20170805
CMC 20170805
Comodo 20170805
Kingsoft 20170806
nProtect 20170805
Symantec Mobile Insight 20170804
TheHacker 20170804
TotalDefense 20170805
TrendMicro-HouseCall 20170805
Trustlook 20170806
WhiteArmor 20170731
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © cuv heapf zeecuiyv

Product Zqjrvwom ykf nurepz xsk
Original name Bsubblqcvzbl
Internal name Bsubblqcvzbl
File version 5.601
Description Ynxfxsr wze lu
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-23 15:17:17
Entry Point 0x0001D1E0
Number of sections 4
PE sections
Overlays
MD5 56f2d4001be495ec21bea74b48ce2f31
File type data
Offset 352256
Size 158
Entropy 3.54
PE imports
RegGetKeySecurity
LsaClose
RegisterServiceCtrlHandlerW
ReplaceTextA
JetOpenTempTable3
GetCurrentObject
SetDCPenColor
EnumObjects
SetLayout
SetBitmapBits
SetRectRgn
SetStdHandle
SetProcessWorkingSetSize
ResumeThread
lstrcpynA
ReadFileEx
SetConsoleMode
ProcessIdToSessionId
SetEvent
GetStartupInfoA
Sleep
CloseHandle
ReadProcessMemory
GetProcAddress
VirtualAlloc
LoadLibraryA
GetModuleHandleA
SetEnvironmentVariableA
__p__fmode
_cwait
fgetc
__dllonexit
_access
__winitenv
_except_handler3
_HUGE
_tzset
_onexit
frexp
_strrev
exit
_XcptFilter
_strdup
__setusermatherr
_controlfp
_adjust_fdiv
_acmdln
__p__commode
__getmainargs
_wexecve
_rotl
fgetwc
__p___winitenv
_initterm
_exit
_mbsbtype
__set_app_type
strtol
iswdigit
_CIsqrt
__toascii
RtlMoveMemory
isprint
RtlUnwind
SQLTablesW
SQLStatisticsW
SQLBrowseConnectW
SQLColumnPrivilegesA
ODBCInternalConnectW
SQLStatisticsA
SQLTablesA
DllBidEntryPoint
SQLBrowseConnectA
SQLSetCursorNameA
SQLExtendedFetch
SQLParamData
SQLGetConnectAttrW
SQLPrepareA
ODBCGetTryWaitValue
OpenODBCPerfData
SQLPrepareW
SQLGetConnectAttrA
SQLSetPos
SQLGetDiagRecW
GetODBCSharedData
SQLAllocHandle
SQLFreeEnv
SQLDriversW
SQLGetDiagRecA
CursorLibTransact
SQLDriversA
SQLBulkOperations
g_hHeapMalloc
SQLPutData
SQLConnectW
SQLSetCursorNameW
SQLConnectA
SQLGetConnectOptionW
SQLErrorW
ODBCSetTryWaitValue
SQLGetCursorNameW
SQLDescribeParam
SQLEndTran
SearchStatusCode
SQLGetTypeInfoW
SQLGetDiagFieldA
VFreeErrors
SQLColAttributesA
SQLSetScrollOptions
SQLFetchScroll
SQLGetDiagFieldW
SQLAllocConnect
CloseODBCPerfData
SQLColAttributesW
SQLSetDescFieldW
SQLSetStmtAttrW
SQLNumParams
SQLColAttributeA
SQLBindParam
SQLProcedureColumnsA
SQLFetch
SQLGetConnectOptionA
SQLSetStmtAttrA
SQLProcedureColumnsW
SQLColAttributeW
SQLBindCol
SQLGetTypeInfoA
SQLSetDescRec
SQLDisconnect
SQLMoreResults
SQLColumnsA
SQLGetCursorNameA
SQLTablePrivilegesW
SQLTransact
SQLAllocHandleStd
SQLGetInfoW
SQLSetParam
SQLParamOptions
SQLTablePrivilegesA
SQLExecute
SQLFreeStmt
SQLAllocStmt
SQLGetInfoA
SQLGetFunctions
SQLNativeSqlA
SQLPrimaryKeysW
SQLGetEnvAttr
PostODBCError
SQLPrimaryKeysA
SQLNativeSqlW
SQLGetDescFieldW
SQLCloseCursor
SQLSetDescFieldA
SQLGetDescFieldA
VRetrieveDriverErrorsRowCol
PostODBCComponentError
SQLDriverConnectW
SQLDescribeColA
SQLSetEnvAttr
SQLFreeConnect
SQLDriverConnectA
SQLDescribeColW
ODBCQualifyFileDSNW
SQLProceduresA
SQLCancel
SQLForeignKeysA
SQLSpecialColumnsW
SQLColumnPrivilegesW
SQLForeignKeysW
SQLSpecialColumnsA
SQLNumResultCols
SQLRowCount
SQLColumnsW
CursorLibLockStmt
SQLCopyDesc
CollectODBCPerfData
SQLSetStmtOption
SQLGetStmtOption
SQLAllocEnv
SQLGetData
SQLGetDescRecW
CursorLibLockDbc
SQLSetConnectAttrW
PostComponentError
SQLGetDescRecA
ValidateErrorQueue
SQLFreeHandle
SQLSetConnectAttrA
SQLGetStmtAttrW
SQLExecDirectW
LockHandle
SQLSetConnectOptionA
SQLDataSourcesW
SQLExecDirectA
CursorLibLockDesc
SQLDataSourcesA
SQLBindParameter
SQLProceduresW
CoFreeLibrary
ReadFmtUserTypeStg
SafeArrayLock
ColorRGBToHLS
SHGetInverseCMAP
CoInstall
ValidateRgn
DtcGetTransactionManager
DtcGetTransactionManagerC
Number of PE resources by type
RT_ICON 6
RT_GROUP_CURSOR 4
RT_MENU 4
RT_CURSOR 4
RT_STRING 3
RT_ACCELERATOR 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 27
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
294912

ImageVersion
0.0

ProductName
Zqjrvwom ykf nurepz xsk

FileVersionNumber
5.601.0.0

UninitializedDataSize
0

LanguageCode
Unknown (0013)

FileFlagsMask
0x003f

CharacterSet
Unknown (0007)

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Bsubblqcvzbl

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.601

TimeStamp
2017:01:23 16:17:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bsubblqcvzbl

ProductVersion
5.601

FileDescription
Ynxfxsr wze lu

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright cuv heapf zeecuiyv

MachineType
Intel 386 or later, and compatibles

CompanyName
Axbmzam iprby poa

CodeSize
118784

FileSubtype
0

ProductVersionNumber
5.601.0.0

EntryPoint
0x1d1e0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 4bbc2b40ca476c9d2dae44c86258ae80
SHA1 02b03ccc8c392eacfd41f7cbc4906c6b453aee58
SHA256 50624b1338349dcab4ad8345e0100ea75d3b643ef1e3a487b32fd711418b281b
ssdeep
6144:UpLjg9XY9SMA6ZHmzlN2PK78IyO8LOSZPzXgal/V05GXiHP1c:YGI9zAEYz2S7fy1O2ic

authentihash b1f744e9266a8326dd117f0924141fed9e929be76d141bfb29709ada264c67ad
imphash e82ab8c873fa0cbee0bbfdbaf07a0d9c
File size 344.2 KB ( 352414 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-01-24 09:08:33 UTC ( 6 months, 3 weeks ago )
Last submission 2017-07-25 14:01:18 UTC ( 3 weeks, 1 day ago )
File names SageLocker.exe
4bbc2b40ca476c9d2dae44c86258ae80.exe
Bsubblqcvzbl
4xaQRNmL.exe
4bbc2b40ca476c9d2dae44c86258ae80.exe
sindy_hot_2016_sex_party_in_the_club.exe
3ec3623b0daa82aabb610489ac310b340c8f531c
sage 2.0 ransomware
sagelocker.exe
4bbc2b40ca476c9d2dae44c86258ae80.exe
4bbc2b40.exe
1b.exe
va3F4DVu.exe
bwyzOC6a.exe
ss.exe
sindy_hot_2016_sex_party_in_the_club.exe
sindy_hot_2016_20171251732.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications