× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6af164bccbcbc4782b29ad1ef9ce72ac5652c067f1f38bd3a0cbf0dcf3fa63a6
File name: a3bb65ec328fd9a6f11495ffbac5fa17.virus
Detection ratio: 54 / 70
Analysis date: 2019-02-15 07:01:04 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Trojan.GenericKDZ.44416 20190215
AhnLab-V3 Win-Trojan/Gandcrab.Exp 20190214
ALYac Trojan.GenericKDZ.44416 20190215
Antiy-AVL Trojan[Ransom]/Win32.GandCrypt 20190215
Arcabit Trojan.Generic.DAD80 20190214
Avast Win32:Malware-gen 20190215
AVG Win32:Malware-gen 20190215
Avira (no cloud) TR/Dropper.Gen 20190215
BitDefender Trojan.GenericKDZ.44416 20190215
CAT-QuickHeal Trojan.Cloxer.A06 20190214
ClamAV Win.Packed.Gandcrab-6520432-4 20190214
Comodo TrojWare.Win32.PSW.Coins.GH@7ohrdk 20190215
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.c328fd 20190109
Cylance Unsafe 20190215
Cyren W32/S-468a6143!Eldorado 20190215
DrWeb Trojan.Encoder.24384 20190215
Emsisoft Trojan.GenericKDZ.44416 (B) 20190215
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GHKK 20190215
F-Prot W32/S-468a6143!Eldorado 20190215
F-Secure Trojan.TR/Dropper.Gen 20190215
Fortinet W32/GenKryptik.CNAR!tr 20190215
GData Trojan.GenericKDZ.44416 20190215
Ikarus Trojan-Ransom.GandCrab 20190214
Sophos ML heuristic 20181128
Jiangmin Trojan.GandCrypt.ge 20190215
K7AntiVirus Trojan ( 005338861 ) 20190215
K7GW Trojan ( 005338861 ) 20190215
Kaspersky HEUR:Trojan.Win32.Generic 20190215
Malwarebytes Trojan.MalPack 20190215
MAX malware (ai score=83) 20190215
McAfee Packed-FGQ!A3BB65EC328F 20190215
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20190215
Microsoft Ransom:Win32/GandCrab.AG!bit 20190215
eScan Trojan.GenericKDZ.44416 20190215
NANO-Antivirus Trojan.Win32.Encoder.fdpoxe 20190215
Panda Trj/Genetic.gen 20190214
Qihoo-360 HEUR/QVM10.1.3D40.Malware.Gen 20190215
Rising Dropper.Generic!8.35E (TFE:dGZlOgWnZTmDJypJXg) 20190215
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/GandCrab-B 20190215
SUPERAntiSpyware Ransom.GandCrab/Variant 20190213
Symantec Packed.Generic.525 20190215
TACHYON Ransom/W32.GandCrab 20190215
Trapmine malicious.high.ml.score 20190123
TrendMicro Mal_HPGen-37b 20190215
TrendMicro-HouseCall Mal_HPGen-37b 20190215
VBA32 BScope.TrojanRansom.GandCrypt 20190214
ViRobot Trojan.Win32.GandCrab.Gen.A 20190215
Yandex Trojan.GandCrypt! 20190215
Zillya Trojan.GandCrypt.Win32.321 20190214
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190215
AegisLab 20190215
Alibaba 20180921
Avast-Mobile 20190214
Babable 20180918
Baidu 20190215
Bkav 20190215
CMC 20190214
eGambit 20190215
Kingsoft 20190215
Palo Alto Networks (Known Signatures) 20190215
Symantec Mobile Insight 20190207
Tencent 20190215
TheHacker 20190212
TotalDefense 20190215
Trustlook 20190215
Webroot 20190215
Zoner 20190215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-04 08:46:25
Entry Point 0x00005E0E
Number of sections 6
PE sections
Overlays
MD5 eab28a57a7047ca7ab1a9063b3379bab
File type ASCII text
Offset 329216
Size 9
Entropy 2.50
PE imports
DeviceIoControl
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
GetConsoleOutputCP
FileTimeToSystemTime
LoadLibraryW
GetLastError
GetConsoleCP
CreateMailslotW
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
WaitForSingleObjectEx
RtlUnwind
GetCommandLineW
GetStdHandle
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LCMapStringW
EnumSystemLocalesW
LoadLibraryExW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
SetFileShortNameA
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetLocaleInfoW
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
FindFirstFileExA
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
FindClose
FindNextFileA
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
ExitProcess
FreeLibrary
GetSystemTimeAdjustment
TerminateProcess
CreateEventW
ResetEvent
GetModuleHandleExW
GetUserDefaultLCID
WriteFile
CreateFileW
FindAtomA
TlsGetValue
SetLastError
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
SetPropA
GetMenuStringW
Number of PE resources by type
RT_STRING 2
RT_BITMAP 2
RT_ACCELERATOR 1
OXQXCJQ 1
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 7
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:06:04 10:46:25+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
115712

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
252928

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x5e0e

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a3bb65ec328fd9a6f11495ffbac5fa17
SHA1 f92098c27b0b3c7971cfcc360e10074f4677ebef
SHA256 6af164bccbcbc4782b29ad1ef9ce72ac5652c067f1f38bd3a0cbf0dcf3fa63a6
ssdeep
6144:VfwD/eHK1rGTAOfrIV/QHxOtJkkgYsGGdzKLK:VfwDz1+q4Hsi+LK

authentihash 90e598958dd572c2bbf114c1917782ac0aa3de9ab364c2976db4e97b95694789
imphash 9e85bc8cd0863f7512a06d6eb4c79827
File size 321.5 KB ( 329225 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay nxdomain

VirusTotal metadata
First submission 2019-02-15 07:01:04 UTC ( 2 months, 1 week ago )
Last submission 2019-02-15 07:01:04 UTC ( 2 months, 1 week ago )
File names a3bb65ec328fd9a6f11495ffbac5fa17.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications