× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b
File name: output.112277048.txt
Detection ratio: 58 / 66
Analysis date: 2017-11-19 15:32:00 UTC ( 4 hours, 23 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12069657 20171119
AegisLab Ml.Attribute.Gen!c 20171119
AhnLab-V3 Trojan/Win32.Matrixran.C2057494 20171119
ALYac Trojan.Ransom.GlobeImposter 20171119
Antiy-AVL Trojan/Win32.TSGeneric 20171119
Arcabit Trojan.Generic.DB82B19 20171119
Avast Win32:Malware-gen 20171119
AVG Win32:Malware-gen 20171119
Avira (no cloud) TR/Crypt.Xpack.uodll 20171119
AVware Trojan.Win32.Generic!BT 20171118
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9888 20171117
BitDefender Trojan.GenericKD.12069657 20171119
CAT-QuickHeal Ransom.GlobeImposter.A4 20171118
ClamAV Win.Ransomware.Globeimposter-6336186-0 20171119
Comodo UnclassifiedMalware 20171119
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171119
Cyren W32/Trojan.NICY-0846 20171119
DrWeb Trojan.Packed2.40227 20171119
Emsisoft Trojan.GenericKD.12069657 (B) 20171119
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/Filecoder.FV 20171119
F-Prot W32/Trojan3.ABBA 20171119
F-Secure Trojan.GenericKD.12069657 20171119
Fortinet W32/GenKryptik.AQHO!tr 20171119
GData Win32.Trojan.Agent.W0H6AC 20171119
Ikarus Trojan-Ransom.GlobeImposter 20171119
Sophos ML heuristic 20170914
Jiangmin Backdoor.Androm.rhi 20171117
K7AntiVirus Trojan ( 0051332f1 ) 20171117
K7GW Trojan ( 0051332f1 ) 20171119
Kaspersky Trojan-Ransom.Win32.Gen.ezt 20171119
Malwarebytes Trojan.MalPack 20171119
MAX malware (ai score=100) 20171119
McAfee RDN/Generic.grp 20171119
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20171119
Microsoft VirTool:Win32/CeeInject 20171118
eScan Trojan.GenericKD.12069657 20171119
NANO-Antivirus Trojan.Win32.Reset.eriuvq 20171119
nProtect Ransom/W32.Matrix.274432 20171119
Palo Alto Networks (Known Signatures) generic.ml 20171119
Panda Trj/WLT.C 20171119
Qihoo-360 Trojan.Generic 20171119
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Troj/Ransom-EPX 20171119
SUPERAntiSpyware Ransom.GlobeImposter/Variant 20171119
Symantec Ransom.CryptXXX 20171118
Tencent Suspicious.Heuristic.Gen.b.0 20171119
TrendMicro Ransom_FAKEGLOBE.C 20171119
TrendMicro-HouseCall Ransom_FAKEGLOBE.C 20171119
VBA32 Hoax.Gen 20171117
VIPRE Trojan.Win32.Generic!BT 20171119
ViRobot Trojan.Win32.S.Ransom.274432.C 20171119
Yandex Trojan.Gen!EEeV1BO6j/g 20171118
Zillya Trojan.Gen.Win32.1406 20171117
ZoneAlarm by Check Point Trojan-Ransom.Win32.Gen.ezt 20171119
Zoner Trojan.Globeimposter 20171119
Alibaba 20170911
Avast-Mobile 20171119
Bkav 20171118
CMC 20171119
eGambit 20171119
Kingsoft 20171119
Symantec Mobile Insight 20171117
TheHacker 20171117
TotalDefense 20171119
Trustlook 20171119
WhiteArmor 20171104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

File version 1, 0, 0, 1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-27 23:49:51
Entry Point 0x000017D8
Number of sections 4
PE sections
PE imports
GetMapMode
GetGraphicsMode
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
TerminateProcess
SetHandleCount
lstrlenA
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
AddAtomA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
LCMapStringW
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetMailslotInfo
GetSystemTimes
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
GlobalMemoryStatus
LCMapStringA
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_ICON 2
RT_MENU 2
RT_BITMAP 2
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
235008

EntryPoint
0x17d8

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2017:07:28 00:49:51+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) 2017

MachineType
Intel 386 or later, and compatibles

CodeSize
43520

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 4e2b58f99ad9f13c2b09f0741739775d
SHA1 6a51d0cd9ea189babad031864217ddd3a7ddba84
SHA256 72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b
ssdeep
3072:gfLB0w+Wv5pa/Dc/nuOL23e8aoeE+aqfnfj59AEYfzaBUGm+0lh831QPfrwV6cFK:+TgenuOLCL+559AEq+m+jmEIcFaNtN

authentihash dde157ca9eb979d92123abe11213390fd04b6693c6062c73bc73f1e14eacd07a
imphash 48dbac54777b31f54f4721a7bc1024e8
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-28 09:48:14 UTC ( 3 months, 3 weeks ago )
Last submission 2017-11-19 15:32:00 UTC ( 4 hours, 23 minutes ago )
File names mLQxCL.exe
output.111848871.txt
KbJmDqA.exe
wYJdwXuT.exe
rf734rgf[1]
2017-07-28-GlobeImposter-ransomware-sample.exe
rf734rgf
rf734rgf.exe
output.112277085.txt
output.112151931.txt
FwVurFLe.exe
output.112277048.txt
4e2b58f9.exe
QPcRcpHbM.exe
rf734rgf.pe
output.111867443.txt
output.111863523.txt
xRqWIuaH.exe
A.exe
jqVgAiazVEe.exe
output.111849137.txt
4e2b58f99ad9f13c2b09f0741739775d
sNNjoOXsMwH.exe
zOOrYp.exe.virus
rf734rgf?
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications