× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d1e7233c698c47c231e7d89500ddca5dc7a2efb12611395848ea024c01f6e57
File name: da.exe
Detection ratio: 30 / 65
Analysis date: 2018-04-13 17:44:59 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.GandCrab.Gen.2 20180413
AegisLab Troj.W32.Gen.lCFe 20180413
ALYac Trojan.Ransom.GandCrab.Gen.2 20180413
Arcabit Trojan.Ransom.GandCrab.Gen.2 20180413
Avast Win32:Malware-gen 20180413
AVG Win32:Malware-gen 20180413
Avira (no cloud) TR/Crypt.Xpack.ncnjj 20180413
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180413
BitDefender Trojan.Ransom.GandCrab.Gen.2 20180413
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180413
Emsisoft Trojan.Ransom.GandCrab.Gen.2 (B) 20180413
Endgame malicious (high confidence) 20180403
F-Secure Trojan.Ransom.GandCrab.Gen.2 20180413
Fortinet W32/Kryptik.GFHY!tr 20180413
GData Trojan.Ransom.GandCrab.Gen.2 20180413
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052908c1 ) 20180413
K7GW Trojan ( 0052908c1 ) 20180413
Kaspersky UDS:DangerousObject.Multi.Generic 20180413
MAX malware (ai score=80) 20180413
McAfee Artemis!389C85C061F2 20180413
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20180413
eScan Trojan.Ransom.GandCrab.Gen.2 20180413
Palo Alto Networks (Known Signatures) generic.ml 20180413
Qihoo-360 HEUR/QVM10.1.7AE1.Malware.Gen 20180413
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180413
Webroot W32.Trojan.Gen 20180413
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180413
AhnLab-V3 20180413
Alibaba 20180413
Antiy-AVL 20180413
Avast-Mobile 20180413
AVware 20180413
Bkav 20180410
CAT-QuickHeal 20180413
ClamAV 20180413
CMC 20180413
Comodo 20180413
Cybereason None
Cyren 20180413
DrWeb 20180413
eGambit 20180413
ESET-NOD32 20180413
F-Prot 20180413
Ikarus 20180413
Jiangmin 20180413
Kingsoft 20180413
Malwarebytes 20180413
Microsoft 20180413
NANO-Antivirus 20180413
nProtect 20180413
Panda 20180413
Rising 20180413
Sophos AV 20180413
SUPERAntiSpyware 20180413
Symantec Mobile Insight 20180412
Tencent 20180413
TheHacker 20180410
TrendMicro 20180413
Trustlook 20180413
VBA32 20180413
VIPRE 20180413
ViRobot 20180413
WhiteArmor 20180408
Yandex 20180412
Zillya 20180413
Zoner 20180412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, gekkerdoug

Internal name toofirtyless.exe
File version 5.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-13 05:07:24
Entry Point 0x00001F17
Number of sections 5
PE sections
Overlays
MD5 62e8758daf7df8d4d97f245c529b54a5
File type ASCII text
Offset 181248
Size 8
Entropy 2.50
PE imports
ReportEventA
GetPolyFillMode
GetTextMetricsA
CreateRectRgnIndirect
GetLogColorSpaceW
CheckColorsInGamut
GetTextExtentPointW
LineDDA
Ellipse
GetDeviceGammaRamp
GetLastError
IsValidCodePage
HeapFree
LocalLock
GetDriveTypeW
LCMapStringW
GetStartupInfoW
lstrlenA
LoadLibraryW
SetTapeParameters
GetOEMCP
QueryPerformanceCounter
EncodePointer
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
WinExec
GetStdHandle
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
EnterCriticalSection
GetStringTypeW
GetCurrentProcessId
lstrcatA
SetTapePosition
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
LoadModule
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
FindVolumeMountPointClose
GetProcAddress
SetSystemTimeAdjustment
WritePrivateProfileStringW
GetModuleFileNameW
WideCharToMultiByte
WriteProfileSectionW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
GetSystemTimeAsFileTime
PeekConsoleInputA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetEvent
TerminateProcess
InitAtomTable
SetHandleCount
InitializeCriticalSection
HeapCreate
WriteFile
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
LoadCursorA
AppendMenuA
SetWindowsHookW
CreateMDIWindowW
SetPropA
GetInputState
GrayStringA
CloseWindow
GetWindowTextLengthW
GetWindowTextA
SetClassLongA
DrawCaption
ClientToScreen
ReplyMessage
GetDC
InsertMenuItemA
OleMetafilePictFromIconAndLabel
OleSetMenuDescriptor
CoInitialize
Number of PE resources by type
RT_STRING 12
RT_BITMAP 3
LAHELOYEHOZOJI 1
RT_GROUP_CURSOR 1
RT_ICON 1
ZODUREMEFULEBI 1
MAPINONEBA 1
RT_CURSOR 1
ELYJSKBOPS 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 24
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.3.0.6

LanguageCode
English (British)

FileFlagsMask
0x001f

CharacterSet
Unicode

InitializedDataSize
166912

EntryPoint
0x1f17

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.0.0

TimeStamp
2018:04:13 06:07:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
toofirtyless.exe

ProductVersion
5.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, gekkerdoug

MachineType
Intel 386 or later, and compatibles

CodeSize
19968

FileSubtype
0

ProductVersionNumber
1.3.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 389c85c061f25c6762b361103651bc3f
SHA1 df081f6bb794baf4338101d2f475c16f5f031779
SHA256 6d1e7233c698c47c231e7d89500ddca5dc7a2efb12611395848ea024c01f6e57
ssdeep
3072:1j4a6DMNYSQULQGTaFjvumggEdbLYM7yJ7f4Fi3mY05mNHUJL:Oa6qQUxyuTLdyJ8FaImNHYL

authentihash 00ea1d57d6da449ecc397f3d87f0ddc38c7629423b8d4b43fcc2e8f15a622650
imphash f77cf129e39cf948c662f35449f3d2b5
File size 177.0 KB ( 181256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe nxdomain overlay

VirusTotal metadata
First submission 2018-04-13 17:44:59 UTC ( 1 year ago )
Last submission 2018-05-24 15:21:01 UTC ( 11 months ago )
File names da (1).exe
b33fe36c66d187f6d2ef7d8ee7e39c931b2117a1
da (1).exe
toofirtyless.exe
da.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications