× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 608b6877ceadb15dcf37c9fc4e08867c9bab19442f5fbbbf7ce2622492a527ec
File name: a42c5d88af6cd4a57fd7775657249e91.virus
Detection ratio: 46 / 61
Analysis date: 2017-03-17 03:13:02 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4435443 20170316
AegisLab Troj.Ransom.W32!c 20170316
AhnLab-V3 Trojan/Win32.Cerber.R195514 20170316
ALYac Trojan.GenericKD.4435443 20170316
Antiy-AVL Trojan/Win32.TSGeneric 20170316
Arcabit Trojan.Generic.D43ADF3 20170316
Avast Win32:Trojan-gen 20170316
AVG Ransom_r.BPD 20170316
Avira (no cloud) TR/Crypt.ZPACK.synru 20170316
AVware Trojan.Win32.Generic!BT 20170316
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9898 20170316
BitDefender Trojan.GenericKD.4435443 20170316
CAT-QuickHeal Ransom.Cerber 20170316
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Emsisoft Trojan.GenericKD.4435443 (B) 20170316
Endgame malicious (moderate confidence) 20170222
ESET-NOD32 a variant of Win32/Injector.DLMH 20170316
F-Secure Trojan.GenericKD.4435443 20170316
Fortinet W32/Injector.DMJG!tr 20170316
GData Trojan.GenericKD.4435443 20170316
Ikarus Trojan.Win32.Injector 20170316
Sophos ML trojan.win32.dorv.a 20170203
Jiangmin Trojan.Crusis.fx 20170316
K7AntiVirus Trojan ( 00500d011 ) 20170316
K7GW Trojan ( 00500d011 ) 20170316
Kaspersky Trojan-Ransom.Win32.Crusis.py 20170316
Malwarebytes Ransom.Dharma 20170316
McAfee Artemis!A42C5D88AF6C 20170316
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20170316
Microsoft Ransom:Win32/Cerber 20170316
eScan Trojan.GenericKD.4435443 20170316
NANO-Antivirus Trojan.Win32.DLMH.eltmpi 20170316
Palo Alto Networks (Known Signatures) generic.ml 20170317
Panda Trj/Genetic.gen 20170316
Qihoo-360 Win32/Trojan.Ransom.1a6 20170317
Rising Malware.Generic.5!tfe (cloud:HuBNtmNZAXJ) 20170317
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV Mal/Isda-D 20170317
Symantec Trojan.Gen 20170317
Tencent Win32.Trojan.Crusis.Ljts 20170317
TrendMicro Ransom_CERBER.F117CG 20170317
TrendMicro-HouseCall Ransom_CERBER.F117CG 20170317
VIPRE Trojan.Win32.Generic!BT 20170316
Webroot Malicious 20170317
Yandex Trojan.Crusis! 20170315
ZoneAlarm by Check Point Trojan-Ransom.Win32.Crusis.py 20170316
Alibaba 20170228
ClamAV 20170316
CMC 20170316
Comodo 20170316
Cyren 20170316
DrWeb 20170316
F-Prot 20170316
Kingsoft 20170317
nProtect 20170316
SUPERAntiSpyware 20170317
TheHacker 20170315
TotalDefense 20170317
Trustlook 20170317
VBA32 20170316
ViRobot 20170316
WhiteArmor 20170315
Zillya 20170314
Zoner 20170316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-19 14:34:36
Entry Point 0x0002AA50
Number of sections 3
PE sections
Overlays
MD5 d89d38ad2b03aac721f9624825ddb77c
File type data
Offset 60928
Size 143823
Entropy 8.00
PE imports
BeginPath
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
GetAsyncKeyState
Number of PE resources by type
RT_BITMAP 1
RT_RIBBON_XML 1
Number of PE resources by language
FRENCH 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:19 15:34:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
9.0

EntryPoint
0x2aa50

InitializedDataSize
4096

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
114688

File identification
MD5 a42c5d88af6cd4a57fd7775657249e91
SHA1 5711d85e9898bb101ff82ed41dbce86994d24ee6
SHA256 608b6877ceadb15dcf37c9fc4e08867c9bab19442f5fbbbf7ce2622492a527ec
ssdeep
6144:VPrKhdTzs01oSb2ubQan2WCuDy8klgWRxfg9:xMHdoSb2uP2WZbklXRU

authentihash 2037671fd4b9213e2b4db7665bb6f631f4b37dae0149396db2a7f8b614c8ba64
imphash b2c6055690cd4afb7b8e792637e2fe32
File size 200.0 KB ( 204751 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2017-03-15 17:56:31 UTC ( 2 years ago )
Last submission 2017-03-15 17:56:31 UTC ( 2 years ago )
File names a42c5d88af6cd4a57fd7775657249e91.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications