× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 614bfea6b81f56b59bd0f2222b65b57571796245a7886a8e31be8a3ccd0e5617
File name: RSkfsNR7.exe
Detection ratio: 16 / 65
Analysis date: 2017-09-20 08:41:19 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170920
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170920
Endgame malicious (high confidence) 20170821
Fortinet W32/Kryptik.FWSD!tr.ransom 20170920
Sophos ML heuristic 20170914
McAfee Ransom-Locky!051ABECC907D 20170920
Qihoo-360 HEUR/QVM20.1.F7F3.Malware.Gen 20170920
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazqHtWs5lnYY++eAUB+6XUDJ) 20170920
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170920
Symantec ML.Attribute.HighConfidence 20170920
Tencent Trojan.Ransomware.Gen.b.0 20170920
TrendMicro Ransom_CERBER.SMALY0 20170920
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170920
WhiteArmor Malware.HighConfidence 20170829
Ad-Aware 20170920
AegisLab 20170920
AhnLab-V3 20170920
Alibaba 20170911
ALYac 20170919
Antiy-AVL 20170920
Arcabit 20170920
Avast 20170920
Avast-Mobile 20170829
AVG 20170920
Avira (no cloud) 20170920
AVware 20170919
BitDefender 20170920
CAT-QuickHeal 20170919
ClamAV 20170920
CMC 20170919
Comodo 20170920
Cyren 20170920
DrWeb 20170920
Emsisoft 20170920
ESET-NOD32 20170920
F-Prot 20170920
F-Secure 20170920
GData 20170920
Ikarus 20170919
Jiangmin 20170920
K7AntiVirus 20170920
K7GW 20170920
Kaspersky 20170920
Kingsoft 20170920
Malwarebytes 20170920
MAX 20170920
McAfee-GW-Edition 20170920
Microsoft 20170920
eScan 20170920
NANO-Antivirus 20170920
nProtect 20170920
Palo Alto Networks (Known Signatures) 20170920
Panda 20170919
SUPERAntiSpyware 20170920
Symantec Mobile Insight 20170920
TheHacker 20170916
TotalDefense 20170920
Trustlook 20170920
VBA32 20170919
VIPRE 20170920
ViRobot 20170920
Webroot 20170920
Yandex 20170908
Zillya 20170919
ZoneAlarm by Check Point 20170920
Zoner 20170920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-09 05:09:20
Entry Point 0x00002666
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
RegCreateKeyExW
RegLoadKeyA
LogonUserW
CryptSignHashW
RegOpenKeyA
ClearEventLogW
ControlService
InitializeAcl
RegReplaceKeyW
OpenEventLogA
RegEnumKeyA
RegDeleteValueA
GetACP
GetDateFormatA
GetConsoleAliasA
SearchPathA
CreateFileMappingA
LoadLibraryA
InitializeCriticalSection
lstrcmpiA
WaitForSingleObject
GetModuleHandleW
GetLogicalDriveStringsW
GetFileAttributesW
SetErrorMode
ReadConsoleW
GetCommandLineA
DeleteFileW
GetModuleFileNameA
CreateMailslotW
GetProcAddress
NDdeShareGetInfoA
NDdeShareDelA
NDdeShareAddA
StrStrA
SHCreateShellItem
StrChrW
SHFree
ShellAboutW
SHGetFolderPathA
FindExecutableW
SHGetFileInfoW
ExtractIconW
DllRegisterServer
wsprintfA
LoadBitmapW
GetMessageA
GetClassLongW
DrawStateA
LoadStringA
CreateDesktopA
PostMessageA
LoadIconW
DispatchMessageW
InsertMenuW
DialogBoxParamA
GetDlgItemTextW
LoadMenuA
GetPropW
IsDialogMessageA
CharToOemA
Number of PE resources by type
SERT 3
RT_STRING 1
RT_MENU 1
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:05:09 06:09:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46080

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x2666

InitializedDataSize
608768

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 051abecc907d95bac508bb5445bd55eb
SHA1 80a93c80a18cc4ae3189a944a0c721989f7ad337
SHA256 614bfea6b81f56b59bd0f2222b65b57571796245a7886a8e31be8a3ccd0e5617
ssdeep
12288:93gnzZfZfZfZfZfZfZGZ2XsHUKwbNWuTncBxPMRS8SUC9H4jlNEz9vBiptAE43/:uzZfZfZfZfZfZfZGZ2XsHUK8ni0U8SU0

authentihash 3180e1fbd6bd826096757a26d40de23b7fcdcb1fd674a14637263197d70445c7
imphash ed36d6b5bc2364ec85cc07421435bb85
File size 640.5 KB ( 655872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-20 08:41:19 UTC ( 1 year, 5 months ago )
Last submission 2018-05-21 05:00:03 UTC ( 9 months ago )
File names RSkfsNR7.exe
RSkfsNR7
051abecc.gxe
MALWARE SAMPLE 20_09_2017 (35)
RSkfsNR7.exe
614bfea6b81f56b59bd0f2222b65b57571796245a7886a8e31be8a3ccd0e5617
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs