× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 697bae7775a48c02185319973763e398459b7efd56ecd878917f3e921388253c
File name: gtfiFcl4zLnoagOr8.exe
Detection ratio: 16 / 64
Analysis date: 2017-10-05 10:27:42 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.Xpack.ykdkx 20171005
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170930
Cylance Unsafe 20171005
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FXIQ 20171005
Fortinet W32/Kryptik.FXEG!tr 20171005
Sophos ML heuristic 20170914
McAfee Ransomware-GFS!E61AD32C42D6 20171005
Qihoo-360 HEUR/QVM19.1.4C9C.Malware.Gen 20171005
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazq6rJDjZjkyWcvFJ3APDBU4) 20171005
Sophos AV Mal/Elenoocka-E 20171005
Symantec ML.Attribute.HighConfidence 20171005
TrendMicro Ransom_CERBER.SMALY0 20171005
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20171005
Webroot W32.Trojan.Gen 20171005
WhiteArmor Malware.HighConfidence 20170927
Ad-Aware 20171005
AegisLab 20171005
AhnLab-V3 20171004
Alibaba 20170911
ALYac 20171005
Antiy-AVL 20171005
Arcabit 20171005
Avast 20171005
Avast-Mobile 20171005
AVG 20171005
AVware 20171005
BitDefender 20171005
Bkav 20171005
CAT-QuickHeal 20171005
ClamAV 20171005
CMC 20171004
Comodo 20171005
CrowdStrike Falcon (ML) 20170804
Cyren 20171005
DrWeb 20171005
Emsisoft 20171005
F-Prot 20171005
F-Secure 20171005
GData 20171005
Ikarus 20171005
Jiangmin 20171005
K7AntiVirus 20171005
K7GW 20171005
Kaspersky 20171005
Kingsoft 20171005
Malwarebytes 20171005
MAX 20171005
McAfee-GW-Edition 20171005
Microsoft 20171005
eScan 20171005
NANO-Antivirus 20171005
nProtect 20171005
Palo Alto Networks (Known Signatures) 20171005
Panda 20171004
SentinelOne (Static ML) 20171001
SUPERAntiSpyware 20171005
Symantec Mobile Insight 20171005
Tencent 20171005
TheHacker 20171002
Trustlook 20171005
VBA32 20171004
VIPRE 20171005
ViRobot 20171005
Yandex 20171004
Zillya 20171004
ZoneAlarm by Check Point 20171005
Zoner 20171005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-25 09:43:35
Entry Point 0x0000B7DF
Number of sections 4
PE sections
PE imports
Ctl3dGetVer
Ctl3dEnabled
SystemTimeToFileTime
GetFileAttributesA
WaitForSingleObject
CreateJobObjectW
GetTickCount
LoadLibraryA
GetLocalTime
GetCurrentDirectoryW
GetPrivateProfileStringA
lstrcatA
GetCommandLineW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetModuleHandleA
GlobalAddAtomA
CreateSemaphoreW
CreateMutexW
OpenMutexW
CreateWaitableTimerA
FindFirstFileW
CreateProcessA
CreateEventW
OpenEventW
ReadConsoleW
FindResourceA
GetEnvironmentVariableW
InsertMenuA
GetMessageA
LoadCursorA
LoadIconA
wsprintfA
DispatchMessageA
LoadMenuA
DrawStateA
CreateWindowExW
PostMessageW
LoadBitmapA
Number of PE resources by type
RT_GROUP_CURSOR 5
RT_STRING 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:25 10:43:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
66048

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
23552

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0xb7df

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e61ad32c42d649b87e0c7a106f770991
SHA1 9826666c52b651215262fbbef44c751ba0307b86
SHA256 697bae7775a48c02185319973763e398459b7efd56ecd878917f3e921388253c
ssdeep
3072:4nrokNWR8nCUY0BxBlAldA3LXEZnPcz2Qaem8fbY8u6okr2A:4nrokNcAx30ZnPcnaybFNok

authentihash 8a797fa1abaff886f33e0a49c7adce00d499fbd89c8cff428f1556df046e520e
imphash 27b0f77fe356f48dcac73d0e7916921d
File size 215.5 KB ( 220672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-05 10:27:42 UTC ( 1 year, 4 months ago )
Last submission 2018-07-23 03:36:58 UTC ( 7 months ago )
File names gtfiFcl4zLnoagOr8.exe
e61ad32c42d649b87e0c7a106f770991.vir
e61ad32c42d649b87e0c7a106f770991.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications