× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68bc8b53b67d611b4aaa9bb4c963260b5a9c21389b06fce9adbee42a16a687f0
File name: AirGoldyPro.exe
Detection ratio: 38 / 60
Analysis date: 2017-03-10 02:45:52 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zbot.191 20170309
AhnLab-V3 Malware/Win32.Generic.C1768929 20170310
ALYac Gen:Variant.Zbot.191 20170310
Antiy-AVL Trojan/Win32.AGeneric 20170310
Arcabit Trojan.Zbot.191 20170310
Avast Win32:Ransom-AZF [Trj] 20170310
AVG Win32/DH{gRsxE4EP?} 20170310
Avira (no cloud) TR/Dropper.Gen2 20170309
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9969 20170309
BitDefender Gen:Variant.Zbot.191 20170310
ClamAV Win.Ransomware.Satan-5713061-0 20170310
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Emsisoft Gen:Variant.Zbot.191 (B) 20170310
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/Injector.DKPS 20170309
F-Secure Gen:Variant.Zbot.191 20170310
Fortinet W32/Generic.AC.3D6041!tr 20170310
GData Gen:Variant.Zbot.191 20170310
Ikarus Trojan-Ransom.Satan 20170309
Sophos ML virus.win32.sality.at 20170203
Jiangmin Trojan.Generic.aslcn 20170310
K7AntiVirus Trojan ( 005043871 ) 20170309
K7GW Trojan ( 005043871 ) 20170309
Kaspersky HEUR:Trojan.Win32.Generic 20170309
Malwarebytes Ransom.Satan 20170310
McAfee GenericRXAY-GP!7182FA43D9B3 20170310
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20170309
eScan Gen:Variant.Zbot.191 20170310
NANO-Antivirus Trojan.Win32.DKPS.elolak 20170310
Palo Alto Networks (Known Signatures) Trojan/Win32.dynamer.axbx 20170310
Panda Trj/Genetic.gen 20170309
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170310
Rising Malware.Generic.2!tfe (thunder:2:R08ybTlbdJU) 20170309
Sophos AV Troj/Ransom-ECZ 20170310
Symantec ML.Attribute.HighConfidence 20170309
Webroot Malicious 20170310
Zillya Trojan.Injector.Win32.474808 20170309
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170310
AegisLab 20170310
Alibaba 20170228
AVware 20170310
Bkav 20170309
CAT-QuickHeal 20170309
CMC 20170309
Comodo 20170309
Cyren 20170310
DrWeb 20170310
F-Prot 20170310
Kingsoft 20170310
Microsoft 20170310
nProtect 20170310
SUPERAntiSpyware 20170309
Tencent 20170310
TheHacker 20170308
TrendMicro 20170310
TrendMicro-HouseCall 20170309
Trustlook 20170310
VBA32 20170309
VIPRE 20170310
ViRobot 20170309
WhiteArmor 20170303
Yandex 20170309
Zoner 20170310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 19:28:24
Entry Point 0x000013B9
Number of sections 4
PE sections
Overlays
MD5 1d18bcd115bbe694e3d51aa8c1f2dc20
File type data
Offset 102400
Size 86950
Entropy 8.00
PE imports
CryptReleaseContext
GetUserNameW
CryptGetHashParam
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptCreateHash
CreateToolhelp32Snapshot
HeapFree
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RtlUnwind
Process32NextW
VirtualFree
GetCurrentProcess
GetFileSize
OpenProcess
GetCommandLineW
UnhandledExceptionFilter
DeleteFileW
GetProcAddress
GetThreadContext
Process32FirstW
GetProcessHeap
LoadLibraryW
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
CloseHandle
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
AddVectoredExceptionHandler
CreateFileW
VirtualQuery
CreateProcessW
Sleep
ExitProcess
GetCurrentThread
VirtualAlloc
RemoveVectoredExceptionHandler
FindWindowW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:23 20:28:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
18432

LinkerVersion
12.0

EntryPoint
0x13b9

InitializedDataSize
84992

SubsystemVersion
5.1

ImageVersion
1.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 7182fa43d9b39877b14d8c421e951c8b
SHA1 ef233ce6371e06f9d39400fbb689a7bdb77f269e
SHA256 68bc8b53b67d611b4aaa9bb4c963260b5a9c21389b06fce9adbee42a16a687f0
ssdeep
3072:HCIBtQnE7OhssdWJ5jy392aCmCbBq1Y/Cox0Cfof+UFViNrhZop1sr:rqvhssdu5jyYaCmCQyCoxFXSqHii

authentihash 6b978e30ab8b453eec6cd827ee0e7a27af5402d8e6f750f873ae6aced836eaeb
imphash 65e9607e6f28a7852bb41a6e2e439a92
File size 184.9 KB ( 189350 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-10 02:45:52 UTC ( 1 year, 8 months ago )
Last submission 2017-03-13 02:28:30 UTC ( 1 year, 8 months ago )
File names AirGoldyPro.exe
Win32.Ransom.Satan@68bc8b53b67d611b4aaa9bb4c963260b5a9c21389b06fce9adbee42a16a687f0.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.