× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 613af1bf17a11dbf12849568ce08186cc4109a5cdb32d0bcce7c1bd81306f5c6
File name: LockedIn.exe
Detection ratio: 52 / 66
Analysis date: 2017-10-18 19:03:37 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12008084 20171018
AegisLab Troj.Ransom.W32.Gen!c 20171018
AhnLab-V3 Trojan/Win32.Ransom.C2039820 20171018
ALYac Trojan.Ransom.Oxar 20171018
Antiy-AVL Trojan[Ransom]/Win32.AGeneric 20171018
Arcabit Trojan.Generic.DB73A94 20171018
Avast Win32:Malware-gen 20171018
AVG Win32:Malware-gen 20171018
Avira (no cloud) TR/FileCoder.btuqq 20171018
AVware Trojan.Win32.Generic!BT 20171018
BitDefender Trojan.GenericKD.12008084 20171018
CAT-QuickHeal TrojanRansom.Agent 20171018
Comodo UnclassifiedMalware 20171018
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170804
Cyren W32/Trojan.QWMT-0369 20171018
eGambit malicious_confidence_86% 20171018
Emsisoft Trojan.GenericKD.12008084 (B) 20171018
Endgame malicious (moderate confidence) 20171016
ESET-NOD32 a variant of MSIL/Filecoder.IO 20171018
F-Secure Trojan.GenericKD.12008084 20171018
Fortinet MSIL/Generic.AP.110D6E!tr 20171018
GData Win32.Trojan-Ransom.Filecoder.BK 20171018
Ikarus Trojan.MSIL.Filecoder 20171018
Sophos ML heuristic 20170914
Jiangmin Trojan.Gen.lf 20171018
K7AntiVirus Trojan ( 00511f351 ) 20171017
K7GW Trojan ( 00511f351 ) 20171016
Kaspersky Trojan-Ransom.Win32.Gen.etm 20171018
Malwarebytes Ransom.Oxar 20171018
MAX malware (ai score=89) 20171018
McAfee Ransomware-FTD!E9E34A4DBF0C 20171018
McAfee-GW-Edition Ransomware-FTD!E9E34A4DBF0C 20171018
Microsoft Ransom:MSIL/Oxarcrypt.A 20171018
eScan Trojan.GenericKD.12008084 20171018
NANO-Antivirus Trojan.Win32.Encoder.eqvfyr 20171018
nProtect Ransom/W32.Agent.665600 20171018
Palo Alto Networks (Known Signatures) generic.ml 20171018
Panda Trj/GdSda.A 20171018
Qihoo-360 Trojan.Generic 20171018
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Troj/Cryptear-G 20171018
Symantec Ransom.HiddenTear 20171018
Tencent Win32.Trojan.Gen.Anzf 20171018
TrendMicro Ransom_HiddenTearOXAR.A 20171018
TrendMicro-HouseCall Ransom_HiddenTearOXAR.A 20171018
VBA32 Hoax.Gen 20171018
VIPRE Trojan.Win32.Generic!BT 20171018
ViRobot Trojan.Win32.Ransom.665600 20171018
Webroot W32.Trojan.Gen 20171018
Yandex Trojan.Gen!PznkTPGd94s 20171018
Zillya Trojan.Gen.Win32.1349 20171018
ZoneAlarm by Check Point Trojan-Ransom.Win32.Gen.etm 20171018
Alibaba 20170911
Avast-Mobile 20171018
Baidu 20171018
Bkav 20171018
ClamAV 20171018
CMC 20171018
Cylance 20171018
F-Prot 20171018
Kingsoft 20171018
Rising 20171018
SUPERAntiSpyware 20171018
Symantec Mobile Insight 20171011
TheHacker 20171017
TotalDefense 20171018
Trustlook 20171018
WhiteArmor 20171016
Zoner 20171018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
OXAR @ Copyright 2017

Product OXAR
Original name Data Locker.exe
Internal name Data Locker.exe
File version 4.0.0.0
Description OXAR
Comments OXAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-10 10:18:48
Entry Point 0x000831BE
Number of sections 3
.NET details
Module Version ID ce9da9f9-be70-4dd9-bc29-6b6ca18a6e46
TypeLib ID c51673b0-1894-4289-bf78-d22ea7afdf08
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 12
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 15
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
OXAR

SubsystemVersion
4.0

Comments
OXAR

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
OXAR

CharacterSet
Unicode

InitializedDataSize
136192

EntryPoint
0x831be

OriginalFileName
Data Locker.exe

MIMEType
application/octet-stream

LegalCopyright
OXAR @ Copyright 2017

FileVersion
4.0.0.0

TimeStamp
2017:07:10 11:18:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Data Locker.exe

ProductVersion
4.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
OXAR

CodeSize
528896

ProductName
OXAR

ProductVersionNumber
4.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
4.0.0.0

Compressed bundles
File identification
MD5 e9e34a4dbf0c9fe5fb595b0282b0b4f0
SHA1 4f3f6bc4aff97eecb9ab52d47520e248c618da45
SHA256 613af1bf17a11dbf12849568ce08186cc4109a5cdb32d0bcce7c1bd81306f5c6
ssdeep
12288:dl6aKEZf4r/s6IzjtyHQDWcFXXGmmBJ0d35O3CEkk4zglJaKfZf4m:dlNCr/sFFmmmHIpKCEx4sljCm

authentihash 7be2ffb53e3c7f2e611a4d924760062c914e688edab564f50029b1f644bcd98d
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 650.0 KB ( 665600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-07-10 16:50:21 UTC ( 5 months, 1 week ago )
Last submission 2017-10-18 19:03:37 UTC ( 2 months ago )
File names e9e34a4dbf0c9fe5fb595b0282b0b4f0
LockedIn.exe
Data Locker.exe
LockedIn.exe
LockedIn.exe
LockedIn.exe
613af1bf17a11dbf12849568ce08186cc4109a5cdb32d0bcce7c1bd81306f5c6.exe
LockedIn.exe
613af1bf17a11dbf12849568ce08186cc4109a5cdb32d0bcce7c1bd81306f5c6.exe
LockedIn.exe
Data Locker.exe
Data Locker.exe
e9e34a4dbf0c9fe5fb595b0282b0b4f0.virobj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!