× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a0f22b70e0410443834e4e3592940fdc56b0dff05020ca2d0ca3507b4aa2f3d
File name: 1d30699c7b9ba6bce19543e3e9bf745a.vir
Detection ratio: 60 / 68
Analysis date: 2018-06-23 06:20:52 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12186877 20180623
AegisLab Ransom.Cerber.Smaly0!c 20180622
AhnLab-V3 Win-Trojan/Lukitus3.Exp 20180622
ALYac Trojan.Ransom.LockyCrypt 20180623
Antiy-AVL Trojan/Win32.TSGeneric 20180623
Arcabit Trojan.Generic.DB9F4FD 20180623
Avast Win32:Malware-gen 20180623
AVG Win32:Malware-gen 20180623
Avira (no cloud) TR/Crypt.Xpack.nsayj 20180622
AVware Trojan.Win32.Generic!BT 20180623
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180622
BitDefender Trojan.GenericKD.12186877 20180623
Bkav W32.RansomLTS.Trojan 20180623
CAT-QuickHeal Ransom.Locky.S1374630 20180622
ClamAV Win.Ransomware.Locky-6335674-3 20180623
Comodo UnclassifiedMalware 20180623
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.c7b9ba 20180225
Cylance Unsafe 20180623
Cyren W32/Locky.BX.gen!Eldorado 20180623
DrWeb Trojan.Encoder.13570 20180623
Emsisoft Trojan.GenericKD.12186877 (B) 20180623
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/Filecoder.Locky.L 20180623
F-Prot W32/Locky.BX.gen!Eldorado 20180623
F-Secure Trojan.GenericKD.12186877 20180622
Fortinet W32/GenKryptik.APXF!tr 20180623
GData Win32.Trojan.Kryptik.IT 20180623
Ikarus Trojan-Ransom.Locky 20180622
Sophos ML heuristic 20180601
Jiangmin Trojan.Locky.djo 20180623
K7AntiVirus Trojan ( 00515aa21 ) 20180622
K7GW Trojan ( 00515aa21 ) 20180623
Kaspersky Trojan-Ransom.Win32.Locky.dmr 20180623
Malwarebytes Ransom.Locky 20180623
MAX malware (ai score=100) 20180623
McAfee Locky-Corrupt!1D30699C7B9B 20180623
McAfee-GW-Edition BehavesLike.Win32.Ransomware.jc 20180623
Microsoft Ransom:Win32/Locky 20180623
eScan Trojan.GenericKD.12186877 20180623
NANO-Antivirus Trojan.Win32.Encoder.esachz 20180623
Palo Alto Networks (Known Signatures) generic.ml 20180623
Panda Trj/Genetic.gen 20180622
Qihoo-360 Trojan.Generic 20180623
Rising Ransom.Locky!8.1CD4 (CLOUD) 20180623
SentinelOne (Static ML) static engine - malicious 20180618
Sophos AV Troj/Locky-AAC 20180623
Symantec Ransom.CryptXXX 20180622
TACHYON Ransom/W32.Locky.673280.F 20180623
Tencent Win32.Trojan.Raas.Auto 20180623
TrendMicro Ransom_LOCKY.AJA 20180623
TrendMicro-HouseCall Ransom_LOCKY.AJA 20180623
VBA32 Trojan-Ransom.Locky 20180622
VIPRE Trojan.Win32.Generic!BT 20180623
ViRobot Trojan.Win32.Locky.673280.B 20180623
Webroot W32.Trojan.Gen 20180623
Yandex Trojan.Locky! 20180622
Zillya Trojan.Locky.Win32.2939 20180622
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.dmr 20180623
Alibaba 20180622
Avast-Mobile 20180622
CMC 20180623
eGambit 20180623
Kingsoft 20180623
SUPERAntiSpyware 20180623
Symantec Mobile Insight 20180619
TheHacker 20180622
TotalDefense 20180623
Trustlook 20180623
Zoner 20180622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-26 14:06:56
Entry Point 0x0000287C
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegUnLoadKeyA
RegReplaceKeyA
RegOpenKeyA
RegDeleteValueW
ClearEventLogA
RegSaveKeyW
ReadEventLogW
RegCreateKeyExA
OpenEventLogW
RegEnumKeyA
IsTextUnicode
CryptSignHashA
CoCreateActivity
RecycleSurrogate
CoEnterServiceDomain
OpenMutexA
CreateWaitableTimerW
WaitNamedPipeW
MoveFileExW
GetCurrentProcessId
OpenEventW
WaitForSingleObject
DeleteFileA
LoadLibraryExW
FindNextFileA
GetCommandLineA
LoadLibraryA
GetProcessHeap
GetProcAddress
InterlockedIncrement
SHGetFileInfoA
ShellMessageBoxW
FindExecutableA
DragQueryFileW
SHChangeNotify
StrStrA
ShellAboutW
SHGetFolderPathA
ExtractIconW
SHGetMalloc
DragFinish
PathCompactPathW
UrlGetPartW
PathCommonPrefixW
UrlIsNoHistoryW
UrlIsOpaqueW
UrlUnescapeW
UrlIsW
PathIsURLW
UrlHashA
PathStripPathA
UrlEscapeA
UrlGetLocationA
PathCombineW
UrlCompareW
Recover
Extend
Number of PE resources by type
RT_RCDATA 5
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:26 15:06:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50688

LinkerVersion
6.0

EntryPoint
0x287c

InitializedDataSize
621568

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 1d30699c7b9ba6bce19543e3e9bf745a
SHA1 70a002d5f184274a89e1860ee0862c644306bf8c
SHA256 7a0f22b70e0410443834e4e3592940fdc56b0dff05020ca2d0ca3507b4aa2f3d
ssdeep
12288:zxcQSgr+MOb1q1XLxri2rD5psqW3721gunLHCM0qCnjrBD:zxcRMOb1qlxrTrD5Q3FuLiZD

authentihash 177b36a1d818c4968bceeb1d63eb1246a0c3606d97f2784bc75e2ad8507946fc
imphash 8c60dfba346962bbe963e4f9111d8a3b
File size 657.5 KB ( 673280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-21 13:39:27 UTC ( 11 months, 4 weeks ago )
Last submission 2018-05-26 01:42:09 UTC ( 2 months, 3 weeks ago )
File names 7a0f22b70e0410443834e4e3592940fdc56b0dff05020ca2d0ca3507b4aa2f3d
bOOgBmVoc2.exe
ULZISNZNP3.EXE
65JKjbh.exe
65JKjbh.exe
65JKjbh
1d30699c7b9ba6bce19543e3e9bf745a.vir
65JKjbh.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections