× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6422faf6d7445192bb4f672b492b607d067a8eaf301d4ee5d700753bc597eb01
File name: 65c282301497db5ec15dc0a2b75d1507
Detection ratio: 43 / 57
Analysis date: 2017-02-13 03:01:19 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.CDQW 20170213
AegisLab Uds.Dangerousobject.Multi!c 20170213
AhnLab-V3 Trojan/Win32.Locky.C1779844 20170212
ALYac Trojan.Agent.CDQW 20170213
Antiy-AVL Trojan[Ransom]/Win32.Locky 20170213
Arcabit Trojan.Agent.CDQW 20170212
Avast Win32:Malware-gen 20170212
AVG Ransom_r.BNJ 20170212
Avira (no cloud) TR/Crypt.Xpack.jcemv 20170212
AVware Lookslike.Win32.Crowti.an!ag (v) 20170212
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170210
BitDefender Trojan.Agent.CDQW 20170212
CAT-QuickHeal TrojanRansom.Locky 20170211
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.BMZZ-3601 20170213
DrWeb Trojan.Encoder.10268 20170213
Emsisoft Trojan.Agent.CDQW (B) 20170213
Endgame malicious (moderate confidence) 20170208
ESET-NOD32 Win32/Filecoder.Locky.C 20170213
F-Secure Trojan.Agent.CDQW 20170212
Fortinet W32/Locky.XLI!tr 20170212
GData Trojan.Agent.CDQW 20170213
Ikarus Trojan.Win32.Filecoder 20170212
Sophos ML virus.win32.sality.at 20170203
Jiangmin Trojan.Locky.deu 20170212
K7GW Riskware ( 0040eff71 ) 20170212
Kaspersky Trojan-Ransom.Win32.Locky.xli 20170213
McAfee RDN/Ransom 20170213
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20170213
Microsoft Trojan:Win32/Dynamer!ac 20170212
eScan Trojan.Agent.CDQW 20170213
nProtect Ransom/W32.Locky.341504 20170213
Panda Trj/CI.A 20170212
Qihoo-360 Win32/Trojan.Ransom.4ee 20170213
Rising Trojan.Ransom-Locky!8.4655-i55m3jw0nUR (cloud) 20170213
Sophos AV Troj/Ransom-EFJ 20170213
Symantec Ransom.TeslaCrypt 20170212
Tencent Win32.Trojan.Filecoder.Wqde 20170213
TrendMicro Ransom_HPLOCKY.SME1 20170213
TrendMicro-HouseCall Ransom_HPLOCKY.SME1 20170213
VIPRE Lookslike.Win32.Crowti.an!ag (v) 20170213
ViRobot Trojan.Win32.R.Agent.341504.AF[h] 20170212
Yandex Trojan.Locky! 20170212
Alibaba 20170122
Bkav 20170211
ClamAV 20170212
CMC 20170212
Comodo 20170212
F-Prot 20170213
K7AntiVirus 20170210
Kingsoft 20170213
NANO-Antivirus 20170212
SUPERAntiSpyware 20170213
TheHacker 20170211
TotalDefense 20170212
Trustlook 20170213
VBA32 20170210
WhiteArmor 20170202
Zillya 20170210
Zoner 20170213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright TOTOVPS.COM

Product TOTODialer Application
Original name TOTODialer.exe
Internal name TOTODialer.exe
File version 7.1.2.6
Description TOTODialer Application
Comments TOTO VPS Provides Best Premium VPS|VPN|PROXY|HOSTING Services
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-09 10:26:47
Entry Point 0x00008CF6
Number of sections 5
PE sections
PE imports
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
GetUserNameA
AuthzUnregisterSecurityEventSource
AuthzUninstallSecurityEventSource
AVIFileCreateStreamA
AVIStreamReadFormat
AVIStreamWrite
AVIStreamRead
AVIStreamGetFrame
AVIStreamSetFormat
AVIStreamGetFrameClose
AVIStreamStart
AVIStreamRelease
AVIStreamInfoA
AVIStreamLength
CreatePalette
CreateDCA
SetMapMode
SwapBuffers
SelectObject
GetNearestPaletteIndex
CreatePen
GetStockObject
PatBlt
SetWindowExtEx
CreateSolidBrush
CreateHatchBrush
SetBkMode
DeleteObject
Rectangle
gluLookAt
gluPickMatrix
GetStdHandle
FileTimeToSystemTime
EncodePointer
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
SetFilePointer
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
GetCurrentConsoleFont
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoW
GetUserDefaultLCID
GetComputerNameA
IsValidLocale
GetProcAddress
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
OpenMutexA
RaiseException
TlsFree
GetModuleHandleA
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayLock
glPopMatrix
glMatrixMode
glOrtho
wglMakeCurrent
wglCreateContext
glViewport
glPushMatrix
glEnable
glInitNames
glGetIntegerv
wglGetCurrentDC
glRenderMode
glSelectBuffer
glLoadIdentity
glFinish
glPushName
glBlendFunc
SHBindToParent
SHBrowseForFolderA
SHParseDisplayName
phoneGetVolume
phoneGetRing
GetForegroundWindow
UpdateWindow
CheckRadioButton
TrackMouseEvent
FindWindowA
DefWindowProcA
ShowWindow
SetWindowPos
EnumDisplaySettingsExA
DispatchMessageA
GetWindowLongA
CreatePopupMenu
MessageBoxA
PeekMessageA
SetWindowLongA
GetProcessWindowStation
InvalidateRect
GetSysColor
GetDC
ReleaseDC
SetWindowTextA
LoadStringA
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
FrameRect
LoadIconA
DrawFocusRect
EnumPropsA
CreateWindowExA
GetLayeredWindowAttributes
SetForegroundWindow
DestroyWindow
OpenThemeData
SetWindowTheme
WTSWaitSystemEvent
SCardEstablishContext
SCardListReadersA
CreateILockBytesOnHGlobal
Number of PE resources by type
RT_ICON 18
RT_GROUP_CURSOR 10
RT_STRING 9
UNICODEDATA 4
BIN 3
Struct(240) 3
RT_CURSOR 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 53
PE resources
ExifTool file metadata
SubsystemVersion
5.1

Comments
TOTO VPS Provides Best Premium VPS|VPN|PROXY|HOSTING Services

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.1.2.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
TOTODialer Application

ImageFileCharacteristics
No relocs, Executable, Aggressive working-set trim, 32-bit, No debug, Removable run from swap, Uniprocessor only

CharacterSet
Unicode

InitializedDataSize
243712

EntryPoint
0x8cf6

OriginalFileName
TOTODialer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright TOTOVPS.COM

FileVersion
7.1.2.6

TimeStamp
2017:02:09 11:26:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TOTODialer.exe

ProductVersion
7.1.2.6

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
96768

ProductName
TOTODialer Application

ProductVersionNumber
7.1.2.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 65c282301497db5ec15dc0a2b75d1507
SHA1 0b11dad12f679b4cf6345a36d01e6779f22e4ada
SHA256 6422faf6d7445192bb4f672b492b607d067a8eaf301d4ee5d700753bc597eb01
ssdeep
6144:oATuEQVmmQzJ5kK9ip7LFXDjKS8+j+K/r9dSmzvTtP0NBKLt:rUVmmQzJ5k4ShzjKS8+Jj9UsrN0XK

authentihash d5d1e7e5e6690f8eae28ebfa60ac05c8df0a0e309f3105db37f4af6874f8823b
imphash 8bc2d52a9453bfa5e7479024e8ed2306
File size 333.5 KB ( 341504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-09 11:42:10 UTC ( 2 years ago )
Last submission 2017-06-12 16:30:30 UTC ( 1 year, 8 months ago )
File names 11[1].exe
49939.exe
11.exe
TOTODialer.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications