× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 610b95cf91c1a6c8488942a7301cefdf9ce94c9bd6feba7f60f951cdc008720d
Detection ratio: 44 / 67
Analysis date: 2018-11-02 16:34:53 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Ransom.GandCrab.1841 20181102
AhnLab-V3 Trojan/Win32.Agent.R238646 20181102
ALYac Gen:Variant.Ransom.GandCrab.1841 20181102
Antiy-AVL Trojan[Spy]/Win32.Stealer 20181102
Arcabit Trojan.Ransom.GandCrab.D731 20181102
Avast Win32:Malware-gen 20181102
AVG Win32:Malware-gen 20181102
BitDefender Gen:Variant.Ransom.GandCrab.1841 20181102
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20181022
Cylance Unsafe 20181102
Cyren W32/Kryptik.JY.gen!Eldorado 20181102
Emsisoft Gen:Variant.Ransom.GandCrab.1841 (B) 20181102
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLKY 20181102
F-Prot W32/Kryptik.JY.gen!Eldorado 20181102
F-Secure Gen:Variant.Ransom.GandCrab.1841 20181102
Fortinet W32/GenKryptik.CNHV!tr 20181102
GData Gen:Variant.Ransom.GandCrab.1841 20181102
Ikarus Trojan.Win32.Crypt 20181102
Sophos ML heuristic 20180717
Jiangmin TrojanSpy.Stealer.ed 20181102
K7AntiVirus Trojan ( 00516fdf1 ) 20181102
K7GW Trojan ( 00516fdf1 ) 20181102
Kaspersky Trojan-Spy.Win32.Stealer.agu 20181102
Malwarebytes Trojan.MalPack.GS 20181102
MAX malware (ai score=100) 20181102
McAfee Trojan-FPST!7BCEBE5DB575 20181102
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20181102
Microsoft Ransom:Win32/Gandcrab.G!MTB 20181102
eScan Gen:Variant.Ransom.GandCrab.1841 20181102
NANO-Antivirus Trojan.Win32.Stealer.fiulii 20181102
Palo Alto Networks (Known Signatures) generic.ml 20181102
Panda Trj/GdSda.A 20181102
Qihoo-360 Win32/Trojan.Spy.660 20181102
Rising Downloader.Vigorf!8.F626 (TFE:5:2TY0UnGzS5V) 20181102
Sophos AV Mal/Kryptik-CQ 20181102
Symantec Packed.Generic.525 20181102
Tencent Win32.Trojan-spy.Stealer.Alji 20181102
TrendMicro TROJ_GEN.R011C0OJ918 20181102
TrendMicro-HouseCall TROJ_GEN.R011C0OJ918 20181102
VBA32 BScope.Trojan.Propagate 20181102
Webroot W32.Adware.Installcore 20181102
Zillya Trojan.Stealer.Win32.817 20181102
ZoneAlarm by Check Point Trojan-Spy.Win32.Stealer.agu 20181102
AegisLab 20181102
Alibaba 20180921
Avast-Mobile 20181102
Avira (no cloud) 20181102
Babable 20180918
Baidu 20181102
Bkav 20181102
CAT-QuickHeal 20181102
ClamAV 20181102
CMC 20181102
Cybereason 20180225
DrWeb 20181102
eGambit 20181102
Kingsoft 20181102
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181102
TheHacker 20181031
TotalDefense 20181102
Trustlook 20181102
ViRobot 20181102
Yandex 20181102
Zoner 20181102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-12 23:42:05
Entry Point 0x000020E1
Number of sections 5
PE sections
PE imports
PlayMetaFileRecord
SetPolyFillMode
SetPixel
SetStretchBltMode
CreateCompatibleDC
StretchBlt
StretchDIBits
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
TerminateThread
LoadLibraryW
GetComputerNameW
GetOEMCP
GetEnvironmentStringsW
IsDebuggerPresent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FindFirstChangeNotificationW
HeapAlloc
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetLocaleInfoA
LocalAlloc
LCMapStringW
GetCommandLineW
LCMapStringA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetProcAddress
AddAtomW
GetProcessHeap
SetStdHandle
GetModuleHandleA
RaiseException
CreateFileA
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
GetConsoleCP
GetMailslotInfo
GetSystemTimes
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
FindAtomW
QueryPerformanceCounter
WriteConsoleA
IsValidCodePage
HeapCreate
FatalExit
VirtualFree
WriteConsoleOutputCharacterA
InterlockedDecrement
Sleep
SetLastError
SetEndOfFile
TlsSetValue
CloseHandle
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
WriteConsoleW
InterlockedIncrement
TransparentBlt
DragAcceptFiles
DragQueryFileW
ShellExecuteW
DragFinish
DragQueryPoint
GetDlgCtrlID
GetMenu
RegisterClassExW
BeginPaint
GetDesktopWindow
DlgDirSelectExW
LoadImageA
GetRawInputDeviceInfoA
EndPaint
LoadCursorFromFileW
LoadBitmapA
GetAltTabInfoW
Number of PE resources by type
RT_BITMAP 2
RT_ICON 2
RT_ACCELERATOR 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 5
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
89088

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unknown (A56B)

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.0.0.1

TimeStamp
2017:08:13 00:42:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
asdgsdfgsdfg.exe

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
150016

FileSubtype
0

ProductVersionNumber
3.0.0.0

EntryPoint
0x20e1

ObjectFileType
Executable application

File identification
MD5 7bcebe5db5751d11e95e19d340a3203f
SHA1 e0be5729a31d141772df93230bd9d4cf3b7e8a13
SHA256 610b95cf91c1a6c8488942a7301cefdf9ce94c9bd6feba7f60f951cdc008720d
ssdeep
3072:0DL7dyBKtWBJRWLHMvIGOBkWH2/OxKkN2LchDrGSJ8Owiy3T6zx887055N8X8Cpw:0DLcktOR7v2BkU2/OJM/SJ8OwHOzKiL

authentihash c671efd0ed86086b235757d7ded66e68d393cac0eedccd7cfcc905109b2356a3
imphash bc9670aae7e733b4c28af3b7a5f7798a
File size 227.5 KB ( 232960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe nxdomain

VirusTotal metadata
First submission 2018-10-08 02:35:49 UTC ( 2 months, 1 week ago )
Last submission 2018-10-08 02:35:49 UTC ( 2 months, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications