× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6fd09ef4ac5615a8465b1dc65020d3203726fc8e6b8c22fdaa412856a9d033c7
File name: 9c37ec4b2712005366dd02e864179f6c
Detection ratio: 26 / 59
Analysis date: 2017-03-02 22:40:18 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.142394 20170302
AhnLab-V3 Trojan/Win32.Cerber.R196054 20170302
Arcabit Trojan.Razy.D22C3A 20170302
AVG Ransom_s.NA 20170302
Avira (no cloud) TR/Crypt.ZPACK.imnxy 20170302
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170302
BitDefender Gen:Variant.Razy.142394 20170302
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb Trojan.Encoder.10390 20170302
Emsisoft Gen:Variant.Mikey.60332 (B) 20170302
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/GenKryptik.WON 20170302
F-Secure Gen:Variant.Razy.142394 20170302
Fortinet W32/Kryptik.FPBE!tr 20170302
GData Gen:Variant.Razy.142394 20170302
Sophos ML generic.a 20170203
K7AntiVirus Riskware ( 0040eff71 ) 20170302
K7GW Riskware ( 0040eff71 ) 20170302
Kaspersky Trojan-Ransom.Win32.Zerber.cqtu 20170302
McAfee GenericR-JJD!9C37EC4B2712 20170302
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20170302
eScan Gen:Variant.Razy.142394 20170302
Panda Trj/Genetic.gen 20170302
Qihoo-360 HEUR/QVM20.1.8978.Malware.Gen 20170302
Sophos AV Mal/Elenoocka-E 20170302
Symantec ML.Attribute.HighConfidence 20170302
AegisLab 20170302
Alibaba 20170228
ALYac 20170302
Antiy-AVL 20170302
Avast 20170302
AVware 20170302
Bkav 20170302
CAT-QuickHeal 20170302
ClamAV 20170302
CMC 20170302
Comodo 20170302
Cyren 20170302
F-Prot 20170302
Ikarus 20170302
Jiangmin 20170301
Kingsoft 20170302
Malwarebytes 20170302
Microsoft 20170302
NANO-Antivirus 20170302
nProtect 20170302
Rising 20170302
SUPERAntiSpyware 20170302
Tencent 20170302
TheHacker 20170302
TotalDefense 20170302
TrendMicro 20170302
TrendMicro-HouseCall 20170302
Trustlook 20170302
VBA32 20170302
VIPRE 20170302
ViRobot 20170302
Webroot 20170302
WhiteArmor 20170222
Yandex 20170225
Zillya 20170302
Zoner 20170302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-02 10:01:36
Entry Point 0x0000258B
Number of sections 4
PE sections
Overlays
MD5 f0efe1a942512f014dc853d5733670ce
File type data
Offset 249856
Size 186
Entropy 6.81
PE imports
CreateJobObjectA
WriteProcessMemory
CreateMailslotA
GetVolumeInformationA
OpenFileMappingW
GetPrivateProfileStringA
GetCurrentProcessId
OpenProcess
InterlockedDecrement
GetProcAddress
lstrcpynW
CompareStringW
GetModuleHandleA
lstrcpy
GetTimeFormatA
SetLocalTime
SetEnvironmentVariableA
WriteConsoleA
OpenJobObjectW
GetLogicalDriveStringsW
FindClose
GetLongPathNameA
SetLastError
PathIsSlowA
ShellAboutA
SHEmptyRecycleBinA
SHEmptyRecycleBinW
DragQueryFileW
DragFinish
ShellMessageBoxW
SHChangeNotify
SHBrowseForFolderA
StrChrA
SHGetDataFromIDListA
SHGetFileInfoW
ExtractIconW
FindExecutableA
ShellExecuteA
SHFileOperationA
Chkdsk
Recover
Extend
Format
Number of PE resources by type
TEXD 1
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:09:02 11:01:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
5.12

EntryPoint
0x258b

InitializedDataSize
229376

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9c37ec4b2712005366dd02e864179f6c
SHA1 e7c7149690a16d680886062b118610d0b7848e58
SHA256 6fd09ef4ac5615a8465b1dc65020d3203726fc8e6b8c22fdaa412856a9d033c7
ssdeep
3072:STari9maNSo//QZpAg5aMlVCJbseN5jifKnd0y6mDcmYjYUBhw/l3IE8DX:DrarepHdlSF5HDYjYOK+E8X

authentihash f11f24440755633a855c58d1d2f59c04d00b892dd5aab4ab982156c6f7c0eb57
imphash 1212f5cab9714e9f0ed40f8c637ed2d2
File size 244.2 KB ( 250042 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe suspicious-udp overlay

VirusTotal metadata
First submission 2017-03-02 22:40:18 UTC ( 1 year, 11 months ago )
Last submission 2017-03-02 22:40:18 UTC ( 1 year, 11 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications