× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5fa15568f82ebe5bd3c70930b93d7ef0a348d06c80e441d18f53724408be65d9
File name: c2ca40c0.gxe
Detection ratio: 43 / 71
Analysis date: 2018-12-10 10:55:32 UTC ( 6 days, 17 hours ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.348560 20181210
AhnLab-V3 Win-Trojan/VBKrypt.RP05 20181210
ALYac Trojan.VBKrypt.gen 20181210
Antiy-AVL Trojan[Ransom]/Win32.GandCrypt 20181210
Arcabit Trojan.Ursu.D55190 20181210
BitDefender Gen:Variant.Ursu.348560 20181210
Comodo Malware@#ptpmgknowth7 20181210
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Cybereason malicious.07147d 20180225
Cylance Unsafe 20181210
Cyren W32/GenBl.C2CA40C0!Olympus 20181210
DrWeb Trojan.Encoder.26667 20181210
Emsisoft Gen:Variant.Ursu.348560 (B) 20181210
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECCZ 20181210
F-Secure Gen:Variant.Ursu.348560 20181210
Fortinet W32/Injector.ECCS!tr 20181210
GData Gen:Variant.Ursu.348560 20181210
Ikarus Trojan.VB.Agent 20181209
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00542f981 ) 20181210
K7GW Trojan ( 00542f981 ) 20181210
Kaspersky Trojan-Ransom.Win32.GandCrypt.gwt 20181210
Malwarebytes Trojan.VBCrypt 20181210
MAX malware (ai score=100) 20181210
McAfee Fareit-FNA!C2CA40C07147 20181210
McAfee-GW-Edition Packed-FOW!C2CA40C07147 20181210
Microsoft Trojan:Win32/Skeeyah.A!bit 20181210
eScan Gen:Variant.Ursu.348560 20181210
NANO-Antivirus Trojan.Win32.GandCrypt.fkwdql 20181210
Palo Alto Networks (Known Signatures) generic.ml 20181210
Panda Trj/GdSda.A 20181209
Qihoo-360 Win32/Trojan.Ransom.32b 20181210
Rising Trojan.Injector!1.B459 (CLOUD) 20181210
Sophos AV Mal/FareitVB-N 20181210
Symantec Downloader 20181210
Trapmine malicious.moderate.ml.score 20181205
TrendMicro-HouseCall TrojanSpy.Win32.FAREIT.THABAOAH 20181210
VBA32 BScope.Trojan.Fuerboos 20181207
VIPRE Trojan.Win32.Generic!BT None
ViRobot Trojan.Win32.GandCrab.646952 20181209
Webroot W32.Malware.Gen 20181210
ZoneAlarm by Check Point Trojan-Ransom.Win32.GandCrypt.gwt 20181210
AegisLab 20181210
Alibaba 20180921
Avast 20181210
Avast-Mobile 20181209
AVG 20181210
Avira (no cloud) 20181209
AVware 20180925
Babable 20180918
Baidu 20181207
Bkav 20181208
CAT-QuickHeal 20181210
ClamAV 20181210
CMC 20181209
eGambit 20181210
F-Prot 20181210
Jiangmin 20181210
Kingsoft 20181210
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181207
TACHYON 20181210
Tencent 20181210
TheHacker 20181202
TotalDefense 20181210
TrendMicro 20181210
Trustlook 20181210
Yandex 20181207
Zillya 20181208
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product RAIKE
Original name PANPRA.exe
Internal name PANPRA
File version 5.01.0006
Description VATICINATION4
Comments Colleyville
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 11:42 AM 12/10/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-11-16 02:17:48
Entry Point 0x00001810
Number of sections 3
PE sections
Overlays
MD5 b35001f52663768e95d89a2cb9c64b49
File type data
Offset 643072
Size 3880
Entropy 7.63
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
Ord(521)
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(617)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaStrToUnicode
__vbaInStr
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
__vbaStrMove
Ord(618)
_adj_fdiv_r
Ord(517)
__vbaFreeVar
__vbaVarTstNe
_adj_fprem1
Ord(100)
__vbaObjSetAddref
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_CIcos
Ord(713)
__vbaVarTstEq
_adj_fptan
Ord(537)
__vbaFpCmpCy
__vbaI4Var
__vbaVarMove
Ord(646)
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
_CIexp
__vbaStrI2
__vbaStrToAnsi
Ord(588)
_adj_fdivr_m32
__vbaStrCat
__vbaFPFix
_CItan
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Colleyville

LinkerVersion
6.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
5.1.0.6

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
VATICINATION4

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0x1810

OriginalFileName
PANPRA.exe

MIMEType
application/octet-stream

FileVersion
5.01.0006

TimeStamp
2005:11:16 03:17:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PANPRA

ProductVersion
5.01.0006

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Podocarpineae6

CodeSize
610304

ProductName
RAIKE

ProductVersionNumber
5.1.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c2ca40c07147d27d76d90a069aaaea2a
SHA1 94c83c046e3c7c23c918f0cc89b8c35f3479b976
SHA256 5fa15568f82ebe5bd3c70930b93d7ef0a348d06c80e441d18f53724408be65d9
ssdeep
12288:UxI1EtSREjkHWkGBIlPb/6M8WxO9WhwDmBhZUXTb11dmrDHLL6RVmHf/DkAwvAlP:UxIEK7NDxOzyVxr4En5fKAqLWzdj

authentihash b49dd77aeceac1cf8123fb6943d6e9d24410478171895b2e08687d86f3815f57
imphash d8e9d901be5b2c363d3131f2e816174e
File size 631.8 KB ( 646952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-04 17:33:05 UTC ( 1 week, 5 days ago )
Last submission 2018-12-10 10:55:32 UTC ( 6 days, 17 hours ago )
File names r111111.exe
PANPRA
PANPRA.exe
3JRDNMFNPP0ZZEDB3LFT7VVPP.EXE
c2ca40c0.gxe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.