× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a
File name: r34f3345g.exe.3
Detection ratio: 5 / 54
Analysis date: 2016-02-16 12:50:02 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AegisLab Suspicious.Cloud.Gen!c 20160216
Avast Win32:Malware-gen 20160216
Kaspersky UDS:DangerousObject.Multi.Generic 20160216
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160216
Symantec Suspicious.Cloud.5 20160215
Ad-Aware 20160216
Yandex 20160215
AhnLab-V3 20160216
Alibaba 20160216
ALYac 20160216
Antiy-AVL 20160216
Arcabit 20160216
AVG 20160216
Avira (no cloud) 20160216
Baidu-International 20160216
BitDefender 20160216
Bkav 20160215
ByteHero 20160216
CAT-QuickHeal 20160216
ClamAV 20160216
CMC 20160216
Comodo 20160216
Cyren 20160216
DrWeb 20160216
Emsisoft 20160216
ESET-NOD32 20160216
F-Prot 20160216
F-Secure 20160216
Fortinet 20160216
GData 20160216
Ikarus 20160216
Jiangmin 20160216
K7AntiVirus 20160216
K7GW 20160216
Malwarebytes 20160216
McAfee 20160216
McAfee-GW-Edition 20160216
Microsoft 20160216
eScan 20160216
NANO-Antivirus 20160216
nProtect 20160216
Panda 20160215
Rising 20160216
Sophos AV 20160216
SUPERAntiSpyware 20160216
Tencent 20160216
TheHacker 20160215
TrendMicro 20160216
TrendMicro-HouseCall 20160216
VBA32 20160215
VIPRE 20160216
ViRobot 20160216
Zillya 20160215
Zoner 20160216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-20 03:55:03
Entry Point 0x0000C0DC
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCreateKeyExW
LookupPrivilegeValueA
GetSidLengthRequired
RegCloseKey
RegSetValueA
InitializeAcl
RegSetValueW
InitializeSecurityDescriptor
GetSidSubAuthorityCount
RegFlushKey
GetSidSubAuthority
RegQueryValueA
MakeAbsoluteSD
GetUserNameW
RegisterEventSourceA
RegOpenKeyExA
RegConnectRegistryA
RegQueryValueW
InitiateSystemShutdownA
RegLoadKeyA
GetAclInformation
GetKernelObjectSecurity
GetSidIdentifierAuthority
CreateProcessAsUserA
GetSecurityDescriptorDacl
OpenThreadToken
OpenEventLogW
EncryptFileW
RegQueryInfoKeyA
LsaQueryInformationPolicy
SetEntriesInAclW
MakeSelfRelativeSD
SetSecurityDescriptorSacl
RegSetValueExA
SetEntriesInAclA
AddAce
SetNamedSecurityInfoW
ImmConfigureIMEA
ImmNotifyIME
ImmSetConversionStatus
ImmGetCompositionStringA
ImmAssociateContext
ImmDestroyContext
ImmGetContext
ImmInstallIMEA
ImmGetProperty
ImmGetOpenStatus
ImmCreateContext
ImmSetOpenStatus
ImmSimulateHotKey
ImmGetCandidateListCountA
PulseEvent
WriteFileGather
GetLongPathNameA
RasGetProjectionInfoA
RasDialA
CharPrevA
ChangeDisplaySettingsW
DrawAnimatedRects
GetParent
CreateDialogIndirectParamW
IntersectRect
DdeAccessData
LoadMenuA
DrawStateA
OffsetRect
SetCaretPos
FindWindowW
GetCapture
ShowWindow
DefWindowProcA
CreatePopupMenu
GetCaretPos
LoadMenuW
DrawTextExA
GetClassInfoExW
GetWindowThreadProcessId
DdeDisconnect
IsIconic
IsWindow
mouse_event
GrayStringW
TranslateMDISysAccel
FrameRect
SetMenu
RegisterWindowMessageA
GetClipboardFormatNameW
GetClassNameA
CharLowerW
wvsprintfA
SendDlgItemMessageW
DialogBoxParamA
LoadCursorFromFileW
GetProcessWindowStation
DispatchMessageW
CreateDesktopW
GetMenuItemID
CreateWindowExW
GetCursorPos
DrawStateW
GetWindowModuleFileNameA
ShowCaret
SetClipboardData
GetLastActivePopup
SetCaretBlinkTime
DrawIconEx
IsWindowVisible
CharUpperBuffW
GetClassInfoW
GetDlgItem
SetMenuDefaultItem
ValidateRgn
GetScrollPos
ClientToScreen
InSendMessage
OemToCharA
ModifyMenuA
LoadCursorA
EnumDisplaySettingsA
TrackPopupMenu
PostThreadMessageW
FillRect
ModifyMenuW
GetWindowWord
GetMenuState
GetKeyboardLayout
LoadImageA
IsMenu
ReuseDDElParam
DialogBoxIndirectParamA
InvalidateRgn
CloseClipboard
GetGUIThreadInfo
NotifyWinEvent
IsDialogMessageA
OpenClipboard
Number of PE resources by type
RT_DIALOG 14
RT_ACCELERATOR 10
Struct(15) 5
RT_ICON 4
RT_GROUP_ICON 4
RT_MENU 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 40
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.170.16.207

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3948544

EntryPoint
0xc0dc

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.37.213.27

TimeStamp
2005:06:20 04:55:03+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0.144.212.113

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Intend (C) 2013

MachineType
Intel 386 or later, and compatibles

CompanyName
FileSee.com

CodeSize
49152

ProductName
Lipreading Fenced

ProductVersionNumber
0.195.154.99

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1fd40a253bab50aed41c285e982fca9c
SHA1 3aa2e66f41b4611d5d5680bdb6625c4af19c542a
SHA256 78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a
ssdeep
3072:gzWgfLlUc7CIJ1tkZaQyjhOosc8MKi6KDXnLCtyAR0u1cZ26:gdLl4wkZa/UDiD7ukst1J6

authentihash 225cf7419c564d991b45d55a827012770ae7d78d166134129548e87e4753c5a3
imphash 0fcea3af550ad0a893e93808dccf17f4
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-16 10:43:37 UTC ( 1 year, 7 months ago )
Last submission 2017-08-21 05:11:16 UTC ( 4 weeks, 1 day ago )
File names Trojan.Ransom.Locky.exe
r34f3345g.exe.3
r34f3345g.exe
svchost.exe
1fd40a253bab50aed41c285e982fca9c.exe
svchost.exe
l33tme.exe
ladybi.exe
Zq4TqEa.drv
ladybi.exe
Locky Ransomware.exe
78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a.exe
DFDWiz.exe
78e9558a9762cf778a3ba9ba61e0ec73e8d81c22d0945e56ea75d197c512883a.bin
TokenBrokerCookies.exe
aa
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications