× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82ad5183183a5fa7d9f2324c67b21bb7c97ed1dd46cfb7b63494a6b94f8b893a
File name: output.114591095.txt
Detection ratio: 30 / 68
Analysis date: 2018-11-28 14:38:58 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.393922 20181128
AegisLab Trojan.Win32.Gen.4!c 20181128
AhnLab-V3 Malware/Win64.Generic.C2788751 20181128
ALYac Gen:Variant.Razy.393922 20181128
Arcabit Trojan.Razy.D602C2 20181128
Avast FileRepMalware 20181128
AVG FileRepMalware 20181128
Avira (no cloud) TR/AD.RansomHeur.mrhaz 20181128
BitDefender Gen:Variant.Razy.393922 20181128
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20181022
Emsisoft Gen:Variant.Razy.393922 (B) 20181128
Endgame malicious (high confidence) 20181108
F-Secure Gen:Variant.Razy.393922 20181128
GData Gen:Variant.Razy.393922 20181128
Sophos ML heuristic 20181108
Kaspersky Trojan-Ransom.Win32.Gen.kuu 20181128
Malwarebytes Ransom.BTCWare 20181128
MAX malware (ai score=85) 20181128
McAfee Artemis!EDC39D6C6198 20181128
McAfee-GW-Edition BehavesLike.Win64.BadFile.hh 20181128
eScan Gen:Variant.Razy.393922 20181128
Palo Alto Networks (Known Signatures) generic.ml 20181128
Panda Trj/CI.A 20181128
Qihoo-360 Win32/Trojan.Ransom.52c 20181128
Sophos AV Mal/Generic-S 20181128
Symantec Trojan.Gen.2 20181128
Trapmine malicious.moderate.ml.score 20181126
Webroot W32.Trojan.Gen 20181128
ZoneAlarm by Check Point Trojan-Ransom.Win32.Gen.kuu 20181128
Alibaba 20180921
Antiy-AVL 20181128
Avast-Mobile 20181128
Babable 20180918
Baidu 20181128
Bkav 20181128
CAT-QuickHeal 20181128
ClamAV 20181128
CMC 20181128
Comodo 20181128
Cybereason 20180225
Cylance 20181130
Cyren 20181128
DrWeb 20181128
eGambit 20181128
ESET-NOD32 20181128
F-Prot 20181128
Fortinet 20181128
Ikarus 20181128
Jiangmin 20181128
K7AntiVirus 20181128
K7GW 20181128
Kingsoft 20181128
Microsoft 20181128
NANO-Antivirus 20181128
Rising 20181128
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181128
Tencent 20181128
TheHacker 20181126
TrendMicro 20181129
TrendMicro-HouseCall 20181129
Trustlook 20181128
VBA32 20181128
ViRobot 20181128
Yandex 20181128
Zillya 20181128
Zoner 20181128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2018-11-27 06:14:25
Entry Point 0x000079F8
Number of sections 6
PE sections
PE imports
CryptDestroyKey
CloseServiceHandle
CryptReleaseContext
CryptAcquireContextA
OpenSCManagerW
CryptGenRandom
OpenServiceW
ControlService
CryptEncrypt
CryptAcquireContextW
CryptImportKey
GetStdHandle
InterlockedPopEntrySList
SetEvent
EncodePointer
CreateTimerQueue
lstrcmpW
DeleteCriticalSection
GetCurrentProcess
FreeLibraryAndExitThread
GetConsoleMode
lstrcatA
GetLogicalDrives
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetThreadTimes
HeapReAlloc
GetStringTypeW
GetOEMCP
GetThreadPriority
InterlockedPushEntrySList
FindClose
TlsGetValue
MoveFileW
SignalObjectAndWait
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
RaiseException
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
DeleteTimerQueueTimer
RegisterWaitForSingleObject
CreateThread
InterlockedFlushSList
GetExitCodeThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
ChangeTimerQueueTimer
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlPcToFileHeader
GetFileSize
OpenProcess
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
QueryDepthSList
lstrcpyW
RemoveDirectoryW
lstrcmpA
FindNextFileW
RtlLookupFunctionEntry
ResetEvent
CreateTimerQueueTimer
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
RtlUnwindEx
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
UnregisterWaitEx
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
WinExec
Process32NextW
SwitchToThread
UnregisterWait
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
FindFirstFileExW
GetCurrentThread
QueryPerformanceFrequency
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
IsValidCodePage
VirtualFree
Sleep
VirtualAlloc
WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW
SHGetFolderPathW
ShellExecuteW
StrStrW
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
6.0

MachineType
AMD AMD64

TimeStamp
2018:11:27 07:14:25+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
385536

LinkerVersion
14.12

FileTypeExtension
exe

InitializedDataSize
211456

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x79f8

OSVersion
6.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 edc39d6c6198e24db56f29dfbb988cd8
SHA1 55390d5df006dfc2083788360f0d94843f8864d7
SHA256 82ad5183183a5fa7d9f2324c67b21bb7c97ed1dd46cfb7b63494a6b94f8b893a
ssdeep
12288:xvwwiYGwyG9QhKNWYgeWYg955/155/Iiblc7cFghSa4G85oRv:xv8YGwyG9WKWm7ggF85Mv

authentihash 860ed6f6a923c3a07fb5fea61384ca45ecaa66dc149ce36fd0bc9922f9c7c7d1
imphash 2d027a7a1df75b4899b1ef7b4a215151
File size 588.5 KB ( 602624 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2018-11-28 07:13:38 UTC ( 5 months, 3 weeks ago )
Last submission 2019-05-11 01:24:53 UTC ( 1 week, 1 day ago )
File names pub.exe
edc39d6c6198e24db56f29dfbb988cd8
x64.exe
dttcodexgigas.55390d5df006dfc2083788360f0d94843f8864d7
edc39d6c.gxe
edc39d6c6198e24db56f29dfbb988cd8
package350_VirusShare_edc39d6c6198e24db56f29dfbb988cd8
output.114604454.txt
pub.exe
output.114591095.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!