× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a
File name: Trojan.Ransom.Locky.exe
Detection ratio: 59 / 66
Analysis date: 2018-01-19 17:26:05 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3048336 20180119
AegisLab Suspicious.Cloud.Gen!c 20180119
AhnLab-V3 Win-Trojan/Teslacrypt.1339F9E 20180119
ALYac Trojan.GenericKD.3048336 20180119
Antiy-AVL Trojan/Win32.Yakes 20180119
Arcabit Trojan.Generic.D2E8390 20180119
Avast Win32:Locky-J [Trj] 20180119
AVG Win32:Locky-J [Trj] 20180119
Avira (no cloud) TR/Agent.53465 20180119
AVware Win32.Malware!Drop 20180119
Baidu Win32.Trojan.Kryptik.qb 20180118
BitDefender Trojan.GenericKD.3048336 20180119
Bkav W32.RansomLockyZ.Trojan 20180119
CAT-QuickHeal Ransom.Crowti.MUE.A4 20180119
ClamAV Win.Ransomware.Locky-30639 20180119
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180119
Cyren W32/Trojan.MXJM-9187 20180119
DrWeb Trojan.Encoder.3976 20180119
eGambit Unsafe.AI_Score_99% 20180119
Emsisoft Trojan.GenericKD.3048336 (B) 20180119
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Filecoder.Locky.A 20180119
F-Prot W32/Trojan3.TRP 20180119
GData Win32.Trojan-Ransom.Locky.D 20180119
Ikarus Trojan.Win32.Filecoder 20180119
Sophos ML heuristic 20170914
Jiangmin Trojan.Yakes.gph 20180119
K7AntiVirus Trojan ( 004dea2e1 ) 20180119
K7GW Trojan ( 004dea2e1 ) 20180119
Kaspersky Trojan-Ransom.Win32.Locky.d 20180119
Malwarebytes Ransom.Locky 20180119
MAX malware (ai score=100) 20180119
McAfee Generic.yk 20180119
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20180119
Microsoft Ransom:Win32/Locky.A 20180119
eScan Trojan.GenericKD.3048336 20180119
NANO-Antivirus Trojan.Win32.Dwn.efhbmc 20180119
nProtect Trojan/W32.Yakes.184320.R 20180119
Palo Alto Networks (Known Signatures) generic.ml 20180119
Panda Trj/WLT.B 20180119
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20180119
Rising Ransom.Locky!8.1CD4 (TFE:5:vIOYtQ5ht1C) 20180119
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Troj/Ransom-CGR 20180119
SUPERAntiSpyware Trojan.Agent/Gen-Locky 20180119
Symantec Ransom.Locky 20180119
Tencent Win32.Trojan.Filecoder.Edom 20180119
TheHacker Trojan/Filecoder.Locky.a 20180119
TrendMicro Ransom_HPCRYPTESLA.SM2 20180119
TrendMicro-HouseCall Ransom_HPCRYPTESLA.SM2 20180119
VBA32 Hoax.Locky 20180119
VIPRE Win32.Malware!Drop 20180119
ViRobot Trojan.Win32.Z.Filecoder.184320.A 20180119
Webroot W32.Trojan.Gen 20180119
Yandex Trojan.Filecoder!ulCX0L6UuXo 20180112
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.d 20180119
Zoner Trojan.Filecoder 20180119
Alibaba 20180119
Avast-Mobile 20180119
CMC 20180116
Comodo 20180119
Fortinet 20180119
Kingsoft 20180119
Symantec Mobile Insight 20180119
TotalDefense 20180118
Trustlook 20180119
Zillya 20180119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-20 03:55:03
Entry Point 0x0000C0DC
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCreateKeyExW
LookupPrivilegeValueA
GetSidLengthRequired
RegCloseKey
RegSetValueA
InitializeAcl
RegSetValueW
InitializeSecurityDescriptor
GetSidSubAuthorityCount
RegFlushKey
GetSidSubAuthority
RegQueryValueA
MakeAbsoluteSD
GetUserNameW
RegisterEventSourceA
RegOpenKeyExA
RegConnectRegistryA
RegQueryValueW
InitiateSystemShutdownA
RegLoadKeyA
GetAclInformation
GetKernelObjectSecurity
GetSidIdentifierAuthority
CreateProcessAsUserA
GetSecurityDescriptorDacl
OpenThreadToken
OpenEventLogW
EncryptFileW
RegQueryInfoKeyA
LsaQueryInformationPolicy
SetEntriesInAclW
MakeSelfRelativeSD
SetSecurityDescriptorSacl
RegSetValueExA
SetEntriesInAclA
AddAce
SetNamedSecurityInfoW
ImmConfigureIMEA
ImmNotifyIME
ImmSetConversionStatus
ImmGetCompositionStringA
ImmAssociateContext
ImmDestroyContext
ImmGetContext
ImmInstallIMEA
ImmGetProperty
ImmGetOpenStatus
ImmCreateContext
ImmSetOpenStatus
ImmSimulateHotKey
ImmGetCandidateListCountA
PulseEvent
WriteFileGather
GetLongPathNameA
RasGetProjectionInfoA
RasDialA
CharPrevA
ChangeDisplaySettingsW
DrawAnimatedRects
GetParent
CreateDialogIndirectParamW
IntersectRect
DdeAccessData
LoadMenuA
DrawStateA
OffsetRect
SetCaretPos
FindWindowW
GetCapture
ShowWindow
DefWindowProcA
CreatePopupMenu
GetCaretPos
LoadMenuW
DrawTextExA
GetClassInfoExW
GetWindowThreadProcessId
DdeDisconnect
IsIconic
IsWindow
mouse_event
GrayStringW
TranslateMDISysAccel
FrameRect
SetMenu
RegisterWindowMessageA
GetClipboardFormatNameW
GetClassNameA
CharLowerW
wvsprintfA
SendDlgItemMessageW
DialogBoxParamA
LoadCursorFromFileW
GetProcessWindowStation
DispatchMessageW
CreateDesktopW
GetMenuItemID
CreateWindowExW
GetCursorPos
DrawStateW
GetWindowModuleFileNameA
ShowCaret
SetClipboardData
GetLastActivePopup
SetCaretBlinkTime
DrawIconEx
IsWindowVisible
CharUpperBuffW
GetClassInfoW
GetDlgItem
SetMenuDefaultItem
ValidateRgn
GetScrollPos
ClientToScreen
InSendMessage
OemToCharA
ModifyMenuA
LoadCursorA
EnumDisplaySettingsA
TrackPopupMenu
PostThreadMessageW
FillRect
ModifyMenuW
GetWindowWord
GetMenuState
GetKeyboardLayout
LoadImageA
IsMenu
ReuseDDElParam
DialogBoxIndirectParamA
InvalidateRgn
CloseClipboard
GetGUIThreadInfo
NotifyWinEvent
IsDialogMessageA
OpenClipboard
Number of PE resources by type
RT_DIALOG 14
RT_ACCELERATOR 10
Struct(15) 5
RT_ICON 4
RT_GROUP_ICON 4
RT_MENU 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 40
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.170.16.207

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3948544

EntryPoint
0xc0dc

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.37.213.27

TimeStamp
2005:06:20 04:55:03+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0.144.212.113

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Intend (C) 2013

MachineType
Intel 386 or later, and compatibles

CompanyName
FileSee.com

CodeSize
49152

ProductName
Lipreading Fenced

ProductVersionNumber
0.195.154.99

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1fd40a253bab50aed41c285e982fca9c
SHA1 3aa2e66f41b4611d5d5680bdb6625c4af19c542a
SHA256 78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a
ssdeep
3072:gzWgfLlUc7CIJ1tkZaQyjhOosc8MKi6KDXnLCtyAR0u1cZ26:gdLl4wkZa/UDiD7ukst1J6

authentihash 225cf7419c564d991b45d55a827012770ae7d78d166134129548e87e4753c5a3
imphash 0fcea3af550ad0a893e93808dccf17f4
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-16 10:43:37 UTC ( 2 years ago )
Last submission 2017-09-24 14:32:39 UTC ( 4 months, 3 weeks ago )
File names Trojan.Ransom.Locky.exe
r34f3345g.exe.3
r34f3345g.exe
svchost.exe
1fd40a253bab50aed41c285e982fca9c.exe
svchost.exe
l33tme.exe
ladybi.exe
Zq4TqEa.drv
ladybi.exe
Locky Ransomware.exe
78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a.exe
DFDWiz.exe
78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a.bin
TokenBrokerCookies.exe
aa
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications