× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5e56fdcaefadbabbaf0116bc2eb2d783f07101ae303f4b3031f2c3b9fab48e32
File name: ldubijis.exe
Detection ratio: 33 / 54
Analysis date: 2016-02-03 09:28:24 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3024553 20160205
AhnLab-V3 Trojan/Win32.Cryptolocker 20160204
ALYac Trojan.GenericKD.3024553 20160205
Antiy-AVL Trojan/Win32.Waldek 20160205
Arcabit Trojan.Generic.D2E26A9 20160205
Avast Win32:Malware-gen 20160205
AVG Generic_s.GOO 20160205
Avira (no cloud) TR/Crypt.Xpack.441095 20160204
BitDefender Trojan.GenericKD.3024553 20160205
DrWeb Trojan.Encoder.761 20160205
Emsisoft Trojan.GenericKD.3024553 (B) 20160205
ESET-NOD32 a variant of Win32/Injector.CRJA 20160205
F-Secure Trojan.GenericKD.3024553 20160205
Fortinet W32/CRJA.SMC!tr 20160205
GData Trojan.GenericKD.3024553 20160205
Ikarus Trojan.Win32.Injector 20160204
K7AntiVirus Trojan ( 004dd47d1 ) 20160204
K7GW Trojan ( 004dd47d1 ) 20160205
Kaspersky Trojan.Win32.Waldek.cdb 20160205
Malwarebytes Ransom.TorrentLocker.Generic 20160205
McAfee RDN/Ransom 20160205
McAfee-GW-Edition Artemis!Trojan 20160205
Microsoft Ransom:Win32/Teerac 20160205
eScan Trojan.GenericKD.3024553 20160205
nProtect Trojan.GenericKD.3024553 20160204
Panda Generic Malware 20160204
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160205
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160204
Sophos AV Troj/Ransom-CAY 20160205
Symantec Trojan.Gen 20160204
Tencent Win32.Trojan.Waldek.Pfjt 20160205
TrendMicro-HouseCall Ransom_CRILOCK.SMC 20160205
VIPRE Trojan.Win32.Generic!BT 20160205
AegisLab 20160205
Yandex 20160204
Alibaba 20160204
Baidu-International 20160204
Bkav 20160204
ByteHero 20160205
CAT-QuickHeal 20160205
ClamAV 20160204
Comodo 20160204
Cyren 20160205
F-Prot 20160129
Jiangmin 20160205
NANO-Antivirus 20160205
SUPERAntiSpyware 20160205
TheHacker 20160203
TotalDefense 20160204
TrendMicro 20160205
VBA32 20160204
ViRobot 20160204
Zillya 20160204
Zoner 20160205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-27 21:17:27
Entry Point 0x0000D056
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
LookupPrivilegeValueA
SetNamedSecurityInfoA
RegCloseKey
GetSidLengthRequired
SetEntriesInAclW
IsTokenRestricted
RegSetValueA
RegCreateKeyW
LookupAccountSidA
LookupPrivilegeValueW
RegOpenKeyExW
RegCreateKeyExA
RegSetValueW
RegCreateKeyA
GetAclInformation
RegQueryValueExW
EqualPrefixSid
LsaOpenPolicy
SetSecurityDescriptorDacl
LookupAccountNameA
RegReplaceKeyA
GetSidSubAuthority
RegQueryValueA
MakeAbsoluteSD
ClearEventLogW
SetFileSecurityW
AreAnyAccessesGranted
RegisterEventSourceA
SetTokenInformation
LookupAccountNameW
RegReplaceKeyW
LsaRetrievePrivateData
SetSecurityDescriptorSacl
RegQueryValueW
GetTokenInformation
LookupPrivilegeNameW
LsaLookupNames
GetNamedSecurityInfoW
IsValidSid
GetSidIdentifierAuthority
ImpersonateSelf
CreateProcessAsUserA
GetSecurityDescriptorDacl
RegEnumValueW
GetPrivateObjectSecurity
LsaAddAccountRights
GetSecurityDescriptorSacl
CreateRestrictedToken
EncryptFileW
GetSidSubAuthorityCount
GetLengthSid
DeleteAce
RegQueryInfoKeyA
InitializeSid
AccessCheckAndAuditAlarmA
BuildSecurityDescriptorW
RegSetKeySecurity
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
BuildTrusteeWithSidA
MakeSelfRelativeSD
AllocateAndInitializeSid
RegConnectRegistryA
RegQueryMultipleValuesW
MapGenericMask
ReadEventLogW
RegUnLoadKeyW
FreeSid
SetThreadToken
RegEnumKeyExA
GetEffectiveRightsFromAclW
SetNamedSecurityInfoW
BuildTrusteeWithSidW
CallNamedPipeW
GetQueuedCompletionStatus
EnumTimeFormatsW
BuildCommDCBAndTimeoutsA
GetSystemInfo
GetModuleHandleA
Beep
GetStartupInfoA
CreateTapePartition
EscapeCommFunction
Ord(324)
Ord(3825)
Ord(3147)
Ord(2124)
Ord(1775)
Ord(4425)
Ord(4627)
Ord(3597)
Ord(1096)
Ord(3738)
Ord(4853)
Ord(3136)
Ord(1040)
Ord(2982)
Ord(4353)
Ord(561)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(3259)
Ord(641)
Ord(3081)
Ord(2648)
Ord(4407)
Ord(2446)
Ord(3830)
Ord(4079)
Ord(1006)
Ord(2725)
Ord(2985)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(1066)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1058)
Ord(1727)
Ord(1168)
Ord(2976)
Ord(1095)
Ord(5163)
Ord(2385)
Ord(815)
Ord(4486)
Ord(4078)
Ord(1099)
Ord(5300)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(1038)
Ord(5731)
_adjust_fdiv
__p__fmode
_acmdln
__CxxFrameHandler
_unlock
__p__commode
__setusermatherr
_setmbcp
free
_onexit
_putw
__dllonexit
_mbstok
__getmainargs
_initterm
_ctime64
_controlfp
__set_app_type
IsCharLowerA
Number of PE resources by type
RT_DIALOG 10
RT_ICON 9
RT_RCDATA 6
RT_GROUP_ICON 4
sp55baP 1
GiEyW4G5Om 1
RT_MENU 1
E236O 1
QL71xjWIA 1
RT_VERSION 1
DOcCdwt 1
Number of PE resources by language
ENGLISH UK 18
GERMAN LUXEMBOURG 18
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.100.140.34

UninitializedDataSize
0

LanguageCode
Unknown (WASH)

FileFlagsMask
0x003f

CharacterSet
Unknown (BASIN)

InitializedDataSize
495616

EntryPoint
0xd056

MIMEType
application/octet-stream

LegalCopyright
2011 (C) 2018

FileVersion
Blow 0,175,139,96

TimeStamp
2007:01:27 22:17:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Underwater

ProductVersion
0,38,112,149

FileDescription
Unwitting Vindicating Atoms

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Live Software Inc.

CodeSize
53248

ProductName
Atrium Warpath

ProductVersionNumber
0.45.195.49

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 48c9bd24abb1433f9518fbe0bd399d6e
SHA1 c3654cc415b5d55bf1df61f1dbeda260861739b5
SHA256 5e56fdcaefadbabbaf0116bc2eb2d783f07101ae303f4b3031f2c3b9fab48e32
ssdeep
12288:1vMR/4JriUPHTA3l83D3arU4VcnZraOIzLkZScYS7oxyxo4:1ERGriWzUl03aw9nZWzLk8c2yxo

authentihash a030bd1a475a7107d6e2690ce39b93673f6d42d5a872d5d42f8115668f79511c
imphash 16426407f2f1adad02424dc3709cf59f
File size 540.0 KB ( 552960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-02 09:25:23 UTC ( 3 years ago )
Last submission 2016-02-02 14:15:47 UTC ( 3 years ago )
File names okaxyshf.exe
ldubijis.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!