× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 83999bcca96a289e240d119ca15f1ac486104071f9fa656b551a03d73315c5fd
File name: RGEWDeUtO.343
Detection ratio: 37 / 56
Analysis date: 2016-12-01 10:21:41 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3795623 20161201
AegisLab Troj.Ransom.W32.Locky!c 20161201
AhnLab-V3 Trojan/Win32.Locky.C1689712 20161201
ALYac Trojan.Ransom.LockyCrypt 20161201
Arcabit Trojan.Generic.D39EAA7 20161201
Avira (no cloud) TR/Crypt.ZPACK.zzcal 20161130
AVware Trojan.Win32.Generic!BT 20161201
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161201
BitDefender Trojan.GenericKD.3795623 20161201
Bkav W32.eHeur.Malware03 20161130
Comodo TrojWare.Win32.Kryptik.XJV 20161201
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.PWTX-3604 20161201
DrWeb Trojan.Encoder.3976 20161201
Emsisoft Trojan.GenericKD.3795623 (B) 20161201
ESET-NOD32 Win32/Filecoder.Locky.D 20161201
F-Secure Trojan.GenericKD.3795623 20161201
GData Trojan.GenericKD.3795623 20161201
Ikarus Trojan.Win32.Filecoder 20161201
K7AntiVirus Trojan ( 004f95121 ) 20161201
K7GW Trojan ( 004f95121 ) 20161201
Kaspersky Trojan-Ransom.Win32.Locky.wlw 20161201
Malwarebytes Ransom.Locky 20161201
McAfee Artemis!0BCC2B239182 20161201
McAfee-GW-Edition Artemis!Trojan 20161201
eScan Trojan.GenericKD.3795623 20161201
Panda Trj/GdSda.A 20161130
Qihoo-360 Win32/Trojan.cec 20161201
Rising Malware.Generic!KhekHo6GUDP@6 (thunder) 20161201
Sophos AV Mal/Generic-L 20161201
Symantec Heur.AdvML.C 20161130
Tencent Win32.Trojan.Raas.Auto 20161201
TrendMicro Ransom_LOCKY.DLDTAQW 20161201
TrendMicro-HouseCall Ransom_LOCKY.DLDTAQW 20161201
VBA32 BScope.Malware-Cryptor.Filecoder 20161130
VIPRE Trojan.Win32.Generic!BT 20161201
ViRobot Trojan.Win32.Locky.196608.F[h] 20161201
Alibaba 20161201
Antiy-AVL 20161201
Avast 20161201
AVG 20161201
CAT-QuickHeal 20161201
ClamAV 20161201
CMC 20161201
F-Prot 20161201
Fortinet 20161201
Sophos ML 20161128
Jiangmin 20161201
Kingsoft 20161201
Microsoft 20161201
NANO-Antivirus 20161201
nProtect 20161201
SUPERAntiSpyware 20161201
TheHacker 20161130
Trustlook 20161201
WhiteArmor 20161125
Yandex 20161201
Zillya 20161130
Zoner 20161201
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-30 15:50:44
Entry Point 0x00001F40
Number of sections 6
PE sections
PE imports
GlobalSize
VirtualAlloc
GetProcAddress
LoadLibraryW
GlobalAlloc
malloc
_adjust_fdiv
__dllonexit
_onexit
free
_initterm
memcpy
PE exports
Number of PE resources by type
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:11:30 16:50:44+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
24576

LinkerVersion
7.1

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x1f40

InitializedDataSize
167936

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 0bcc2b239182c73fce76c930454596ac
SHA1 5684dd2389aef33ab6f996797740e853f11cf260
SHA256 83999bcca96a289e240d119ca15f1ac486104071f9fa656b551a03d73315c5fd
ssdeep
3072:6Av25gEd/qAn+82HgO1Uxt/vSDAVYdxsyxF0Xw75+uZRFfp1:6A+5gaFndO1U204b0oUu9

authentihash 89d8627c0dbfb023788632451978f683d066e2375daeeaf92600f1dbf276159c
imphash 709910289f351a2613327b40e1032e88
File size 192.0 KB ( 196608 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-30 16:55:47 UTC ( 2 years, 2 months ago )
Last submission 2017-08-04 00:38:02 UTC ( 1 year, 6 months ago )
File names RGEWDeUtO.343
ajufr51.dll
978t6rve.dll
pSJlazrWHrQ.343
A.exe
ajufr51.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!