× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6500a1baa13e0698e3ed41b4465e5824e9a316b22209223754f0ab04a6e1b853
Detection ratio: 18 / 67
Analysis date: 2017-12-11 06:40:06 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.HiddenTear.M 20171211
AegisLab Troj.Ransom.Gen!c 20171211
Arcabit Trojan.Ransom.HiddenTear.M 20171211
Avast Win32:Malware-gen 20171211
AVG FileRepMalware 20171211
BitDefender Trojan.Ransom.HiddenTear.M 20171211
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.659df7 20171103
Emsisoft Trojan.Ransom.HiddenTear.M (B) 20171211
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of MSIL/Filecoder.LB 20171211
F-Secure Trojan.Ransom.HiddenTear.M 20171211
K7GW Trojan ( 005202f81 ) 20171211
Malwarebytes Ransom.HiddenTear 20171211
McAfee Artemis!67D5ABDA3BE6 20171211
McAfee-GW-Edition Artemis 20171211
eScan Trojan.GenericKD.12668779 20171211
Sophos AV Troj/Spider-J 20171211
AhnLab-V3 20171211
Alibaba 20171211
ALYac 20171210
Antiy-AVL 20171211
Avast-Mobile 20171210
Avira (no cloud) 20171210
AVware 20171211
Baidu 20171209
Bkav 20171208
CAT-QuickHeal 20171209
ClamAV 20171211
CMC 20171211
Comodo 20171211
Cylance 20171211
Cyren 20171211
DrWeb 20171211
eGambit 20171211
F-Prot 20171211
Fortinet 20171211
Ikarus 20171210
Sophos ML 20170914
Jiangmin 20171211
K7AntiVirus 20171211
Kaspersky 20171211
Kingsoft 20171211
MAX 20171211
Microsoft 20171211
NANO-Antivirus 20171211
nProtect 20171211
Palo Alto Networks (Known Signatures) 20171211
Panda 20171210
Qihoo-360 20171211
Rising 20171211
SentinelOne (Static ML) 20171207
SUPERAntiSpyware 20171211
Symantec 20171210
Symantec Mobile Insight 20171207
Tencent 20171211
TheHacker 20171210
TotalDefense 20171211
TrendMicro 20171211
TrendMicro-HouseCall 20171211
Trustlook 20171211
VBA32 20171208
VIPRE 20171211
ViRobot 20171211
Webroot 20171211
WhiteArmor 20171204
Yandex 20171208
Zillya 20171209
ZoneAlarm by Check Point 20171211
Zoner 20171211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product YpnZR
Original name YpnZR.exe
Internal name YpnZR.exe
File version 1.0.0.0
Description YpnZR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-26 22:54:59
Entry Point 0x0000878A
Number of sections 3
.NET details
Module Version ID 244a6b16-5f0a-4ab6-aa8f-9ff3731a8517
TypeLib ID a730e693-f013-45c4-a38e-039a144213dd
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
YpnZR

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x878a

OriginalFileName
YpnZR.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
1.0.0.0

TimeStamp
2017:07:26 23:54:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
YpnZR.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
26624

ProductName
YpnZR

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 67d5abda3be629b820341d1baad668e3
SHA1 8457715659df74a647fb07fa4d5645f9bbd0da42
SHA256 6500a1baa13e0698e3ed41b4465e5824e9a316b22209223754f0ab04a6e1b853
ssdeep
768:TSsV2+c54YqevfBzUmvjOPMEgAnbrdRM1NuJ01xPtOHQw3yBhtQu77+GPvXSUrp:GsVM0eHOmvaPMEg4brdRskJ0rPtxw3yz

authentihash de718998caf8c5a987e4ed054e7ea7f3f8b566fc983df416a3f4d64c5b48ea58
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 28.5 KB ( 29184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-12-10 05:38:13 UTC ( 1 year, 1 month ago )
Last submission 2017-12-26 16:24:11 UTC ( 1 year ago )
File names YpnZR.exe
enc.exe
6500a1baa13e0698e3ed41b4465e5824e9a316b22209223754f0ab04a6e1b853.bin
enc.exe
_enc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!