× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7701170304fdd48b184aac032391ae3a1f880be6160812d0089049834b3ec828
File name: output.114597722.txt
Detection ratio: 50 / 71
Analysis date: 2018-12-28 12:57:58 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31428312 20181228
AegisLab Trojan.Win32.Shade.4!c 20181228
AhnLab-V3 Trojan/Win32.Injector.R249886 20181228
ALYac Trojan.Ransom.Shade 20181228
Antiy-AVL Trojan[Ransom]/Win32.Shade 20181228
Avast Win32:Malware-gen 20181228
AVG Win32:Malware-gen 20181228
BitDefender Trojan.GenericKD.31428312 20181228
Bkav HW32.Packed. 20181227
CAT-QuickHeal Trojan.Troldesh 20181227
Comodo Malware@#bqfqfm5uqnns 20181228
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181228
Cyren W32/Trojan.HYFD-3181 20181228
DrWeb Trojan.Encoder.858 20181228
Emsisoft Trojan.GenericKD.31428312 (B) 20181228
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Filecoder.ED 20181228
F-Secure Trojan.GenericKD.31428312 20181228
Fortinet W32/Kryptik.GJCI!tr 20181228
GData Trojan.GenericKD.31428312 20181228
Ikarus Trojan-Ransom.Crypted007 20181228
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.Chthonic.cv 20181228
K7AntiVirus Trojan ( 004b8aa51 ) 20181228
K7GW Trojan ( 004b8aa51 ) 20181228
Kaspersky Trojan-Ransom.Win32.Shade.pgd 20181228
Malwarebytes Ransom.Troldesh 20181228
MAX malware (ai score=100) 20181228
McAfee GenericRXGR-RC!644A0FA49064 20181228
McAfee-GW-Edition GenericRXGR-RC!644A0FA49064 20181228
Microsoft Ransom:Win32/Troldesh.A 20181228
eScan Trojan.GenericKD.31428312 20181228
NANO-Antivirus Trojan.Win32.Filecoder.fljzpc 20181228
Palo Alto Networks (Known Signatures) generic.ml 20181228
Panda Trj/GdSda.A 20181227
Qihoo-360 Win32/Trojan.Ransom.e4a 20181228
Rising Ransom.Shade!8.12CC (TFE:5:f4S4lNRSEYM) 20181228
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20181228
Symantec Ransom.Troldesh 20181227
Trapmine suspicious.low.ml.score 20181205
TrendMicro Ransom.Win32.CRYPSHED.BABAL 20181228
TrendMicro-HouseCall Ransom.Win32.CRYPSHED.BABAL 20181228
VBA32 BScope.TrojanPSW.Papras 20181228
VIPRE Trojan.Win32.Generic!BT 20181228
ViRobot Trojan.Win32.Ransom.1104648 20181228
Webroot W32.Trojan.Gen 20181228
Zillya Trojan.Shade.Win32.929 20181228
ZoneAlarm by Check Point Trojan-Ransom.Win32.Shade.pgd 20181228
Acronis 20181227
Alibaba 20180921
Arcabit 20181228
Avast-Mobile 20181228
Avira (no cloud) 20181228
Babable 20180918
Baidu 20181207
ClamAV 20181228
CMC 20181228
Cybereason 20180225
eGambit 20181228
F-Prot 20181228
Kingsoft 20181228
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TACHYON 20181228
Tencent 20181228
TheHacker 20181225
TotalDefense 20181228
Trustlook 20181228
Yandex 20181227
Zoner 20181228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 7:34 AM 4/9/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-19 02:33:56
Entry Point 0x00003540
Number of sections 3
PE sections
Overlays
MD5 d4974c1d2d5908337b4a3b0b8d0e6d0c
File type data
Offset 1101312
Size 3336
Entropy 7.34
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyExA
RegQueryValueExW
CreateToolbarEx
CreateStatusWindowW
GetCharABCWidthsW
Polygon
TextOutW
GetSystemPaletteEntries
PatBlt
CreatePen
GetBkMode
SaveDC
TextOutA
GetPaletteEntries
SetDeviceGammaRamp
SetStretchBltMode
GetROP2
GdiGetCharDimensions
EngCreatePalette
Rectangle
SetMapMode
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
CreateFontIndirectW
EngQueryLocalTime
GetBitmapDimensionEx
SetWindowOrgEx
StartPage
GetObjectW
CreateHalftonePalette
GetCharWidthA
CreateCompatibleDC
CreateMetaFileW
CopyEnhMetaFileA
RealizePalette
SetTextColor
CreatePatternBrush
GetFontResourceInfoW
FillRgn
CreateEllipticRgn
PolyBezier
CreateBitmap
MoveToEx
CreatePalette
GetStockObject
CloseMetaFile
SetViewportOrgEx
SelectPalette
EngMultiByteToUnicodeN
GetDIBits
AddFontMemResourceEx
bInitSystemAndFontsDirectoriesW
GetPolyFillMode
StretchBlt
StretchDIBits
GetBkColor
SetROP2
GetTextExtentPoint32W
CopyMetaFileW
ResetDCA
SetWindowExtEx
GetSystemPaletteUse
CreateSolidBrush
SetViewportExtEx
SelectObject
SetBkColor
BeginPath
DeleteObject
CreateCompatibleBitmap
DeleteMetaFile
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
MoveFileA
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
GetProfileIntW
GetLogicalDriveStringsA
CreateEventW
InterlockedDecrement
GetProfileIntA
SetLastError
PeekNamedPipe
IsDebuggerPresent
HeapAlloc
VerLanguageNameW
GetModuleFileNameA
lstrcmpiW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
SetFilePointer
_lclose
GlobalAddAtomW
CreateThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
SearchPathW
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CallNamedPipeW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetLastError
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
GetStartupInfoA
GlobalDeleteAtom
DeleteFileA
FormatMessageW
GetProcAddress
GetProcessHeap
GetProfileStringW
CompareStringW
lstrcpyW
FreeEnvironmentStringsW
CompareStringA
GetTempFileNameA
lstrcmpW
GlobalLock
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GlobalGetAtomNameW
LocalReAlloc
LCMapStringW
VirtualAllocEx
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
CreateProcessW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
IsBadCodePtr
VirtualAlloc
DragQueryFileW
ExtractAssociatedIconExW
SHBrowseForFolderW
SHFileOperationW
SHBrowseForFolderA
SHPathPrepareForWriteW
ExtractIconW
SHFileOperationA
SHInvokePrinterCommandW
ShellExecuteEx
SHGetFileInfoW
ShellAboutW
WOWShellExecute
SHLoadNonloadedIconOverlayIdentifiers
SHGetMalloc
DragQueryFile
DragAcceptFiles
SHGetSpecialFolderPathA
SHCreateProcessAsUserW
DragFinish
ExtractIconExA
DoEnvironmentSubstA
DragQueryPoint
ExtractIconExW
SHGetDataFromIDListA
CommandLineToArgvW
StrCmpNIW
StrStrIA
StrRStrIA
StrChrIW
RedrawWindow
GetMessagePos
DrawTextW
MoveWindow
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
OpenIcon
SetDlgItemInt
SetActiveWindow
GetDC
GetAsyncKeyState
CharLowerBuffW
GetDlgCtrlID
GetMenu
EndMenu
GetClientRect
GetDlgItemTextW
LoadImageW
GetActiveWindow
UnhookWindowsHook
GetWindowTextW
RegisterClipboardFormatW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
DestroyWindow
ShowCursor
GetParent
UpdateWindow
SetWindowsHookW
EqualRect
CheckRadioButton
GetMessageW
ShowWindow
ValidateRect
IsCharAlphaW
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
EnumDisplaySettingsW
TranslateMessage
IsWindowEnabled
GetWindow
GetDlgItemInt
CreateCursor
MsgWaitForMultipleObjects
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
IsCharLowerW
EnableMenuItem
InvertRect
GetSubMenu
SetTimer
FillRect
CopyRect
DeferWindowPos
GetDialogBaseUnits
CreateWindowExW
GetWindowLongW
CharNextW
SetFocus
DrawAnimatedRects
IsIconic
SystemParametersInfoW
OffsetRect
DefWindowProcW
ReleaseCapture
KillTimer
CharPrevW
MapWindowPoints
SetDebugErrorLevel
ToUnicodeEx
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
DrawIcon
RegisterDeviceNotificationW
SendDlgItemMessageW
PostMessageW
CheckDlgButton
CheckMenuItem
PtInRect
SetWindowTextW
CreateMenu
GetDlgItem
BringWindowToTop
ClientToScreen
IsCharUpperA
CountClipboardFormats
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
LoadCursorW
LoadIconW
DispatchMessageW
InsertMenuW
SetForegroundWindow
ReleaseDC
IntersectRect
EndDialog
FindWindowW
BeginPaint
ScreenToClient
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
BeginDeferWindowPos
MessageBoxW
SendMessageW
SetMenu
SetRectEmpty
DialogBoxParamW
GetSysColor
SetDlgItemTextW
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
WinHelpW
IsCharAlphaNumericW
FrameRect
SetRect
DeleteMenu
InvalidateRect
wsprintfA
CallWindowProcW
GetClassNameW
AdjustWindowRect
ModifyMenuW
UnregisterDeviceNotification
IsRectEmpty
IsCharUpperW
GetFocus
wsprintfW
SetCursor
TranslateAcceleratorW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:19 03:33:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
13824

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x3540

InitializedDataSize
1086464

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 644a0fa49064b97023ac6564c1770083
SHA1 0982033c7108d27818d6ee0572a0c328d1bbecd4
SHA256 7701170304fdd48b184aac032391ae3a1f880be6160812d0089049834b3ec828
ssdeep
24576:UlTshPoDiXbNSXIN6L/Y1ja1zwdY4k2A/QaFcEYZFG:UshPjNSXGic+FwTbA4SR9

authentihash 03d0fb0c5f7376b342e6cfaf1b798937582887e6a34b90be420e8e42973cac7d
imphash d06d9fcfee6847d7784c8b5dcf5f0e1c
File size 1.1 MB ( 1104648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (50.8%)
Windows screen saver (21.3%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-19 03:03:07 UTC ( 4 months ago )
Last submission 2019-01-22 16:47:15 UTC ( 3 months ago )
File names rad5EE10.tmp
rad54140.tmp
output.114695306.txt
csrss(75).gxe
sserv.jpg
output.114559189.txt
radE494D.tmp
output.114636648.txt
output.114597722.txt
rad4B9ED.tmp
output.114753075.txt
output.114723013.txt
output.114750315.txt
output.114713373.txt
csrss.exe
output.114644720.txt
644a0fa49064b97023ac6564c1770083
csrss.exe
output.114741081.txt
output.114597625.txt
output.114744736.txt
output.114603918.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened mutexes
Runtime DLLs
TCP connections