× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8930bd4ab06a60d8b079d37fe029ff6039786988efd4cb0b4c5197d0b39d2a12
File name: 8930bd4ab06a60d8b079d37fe029ff6039786988efd4cb0b4c5197d0b39d2a12
Detection ratio: 57 / 68
Analysis date: 2017-12-14 12:49:21 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6161363 20171214
AegisLab Ransom.Hpcerber.Smaly0A!c 20171214
AhnLab-V3 Trojan/Win32.MDA.R211932 20171214
ALYac Trojan.Ransom.LockyCrypt 20171214
Antiy-AVL Trojan/Win32.TSGeneric 20171214
Arcabit Trojan.Generic.D5E03D3 20171214
Avast Win32:Malware-gen 20171214
AVG Win32:Malware-gen 20171214
Avira (no cloud) TR/Crypt.ZPACK.frngc 20171214
AVware Trojan.Win32.Generic!BT 20171214
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20171212
BitDefender Trojan.GenericKD.6161363 20171214
CAT-QuickHeal Trojan.IGENERIC 20171214
ClamAV Win.Trojan.Agent-6362795-0 20171214
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.e7da64 20171103
Cylance Unsafe 20171214
Cyren W32/Trojan.KKAX-7709 20171214
DrWeb Trojan.Siggen7.31306 20171214
Emsisoft Trojan-Ransom.Locky (A) 20171214
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Filecoder.Locky.M 20171214
F-Prot W32/Trojan2.PXRA 20171214
F-Secure Trojan.GenericKD.6161363 20171214
Fortinet W32/Kryptik.4405!tr 20171214
GData Trojan.GenericKD.6161363 20171214
Ikarus Trojan.Win32.Tinba 20171214
Sophos ML heuristic 20170914
Jiangmin Backdoor.Androm.tus 20171214
K7AntiVirus Trojan ( 00517c701 ) 20171214
K7GW Trojan ( 00517c701 ) 20171214
Kaspersky Backdoor.Win32.Androm.ofjq 20171214
Malwarebytes Trojan.MalPack 20171214
MAX malware (ai score=99) 20171214
McAfee Ransomware-GIL!D0BE9EEE425A 20171214
McAfee-GW-Edition BehavesLike.Win32.Ransomware.dh 20171214
Microsoft TrojanDownloader:Win32/Injranluder.A 20171214
eScan Trojan.GenericKD.6161363 20171214
NANO-Antivirus Trojan.Win32.Filecoder.eurwvp 20171214
Palo Alto Networks (Known Signatures) generic.ml 20171214
Panda Trj/CI.A 20171213
Qihoo-360 Trojan.Generic 20171214
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/Cerber-U 20171214
SUPERAntiSpyware Ransom.Cerber/Variant 20171214
Symantec Ransom.Locky.B 20171214
Tencent Suspicious.Heuristic.Gen.b.0 20171214
TrendMicro Ransom_LOCKY.THB01 20171214
TrendMicro-HouseCall Ransom_LOCKY.THB01 20171214
VBA32 Backdoor.Androm 20171214
VIPRE Trojan.Win32.Generic!BT 20171214
ViRobot Trojan.Win32.Z.Locky.232128 20171214
Webroot W32.Adware.Installcore 20171214
Yandex Backdoor.Androm!Mn26biy6izw 20171212
Zillya Backdoor.Androm.Win32.47207 20171213
ZoneAlarm by Check Point Backdoor.Win32.Androm.ofjq 20171214
Zoner Trojan.Locky 20171214
Alibaba 20171214
Avast-Mobile 20171214
Bkav 20171214
CMC 20171214
Comodo 20171214
eGambit 20171214
Kingsoft 20171214
nProtect 20171214
Rising 20171214
Symantec Mobile Insight 20171213
TheHacker 20171210
TotalDefense 20171214
Trustlook 20171214
WhiteArmor 20171204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-01 07:59:50
Entry Point 0x00004B71
Number of sections 4
PE sections
Overlays
MD5 08bc9da968478d6c7c065672604c37fb
File type data
Offset 57344
Size 174784
Entropy 6.97
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
FileTimeToSystemTime
VirtualProtect
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
VirtualQuery
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedExchange
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetSystemInfo
GetACP
HeapReAlloc
GetStringTypeW
HeapAlloc
TerminateProcess
LCMapStringA
InitializeCriticalSection
LoadResource
GlobalAlloc
VirtualFree
TlsGetValue
GetFileType
GetTickCount
TlsSetValue
GetProcessTimes
GetCurrentThreadId
VirtualAlloc
HeapCreate
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:11:01 08:59:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
20480

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4b71

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d0be9eee425acecc5469286424a44405
SHA1 d92369ce7da64fd5bcea4880d6fd863731331bc4
SHA256 8930bd4ab06a60d8b079d37fe029ff6039786988efd4cb0b4c5197d0b39d2a12
ssdeep
3072:j49uX6k8F6tgudHK2qnfdnk0mdXhGdyvKj4VQPHrpKlmooKUPKzwmnAdj52fZfuk:jRxflcT2p/25R8eVaNCMFETiBnID/E

authentihash f187715e80f54a50020b652f6308b8470e69a17bfa847d4239531cddcd722132
imphash e1e003b0c68f671be3a37d31aee0966d
File size 226.7 KB ( 232128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-11-01 12:34:56 UTC ( 1 year, 3 months ago )
Last submission 2018-12-13 01:27:01 UTC ( 2 months, 1 week ago )
File names Samp (36).vir.rename
2017-11-01-1st-stage-malware-gnu64.exe
2e4ed391-c05f-11e7-9cd6-80e65024849a.file
gnu64.exe
VirusShare_d0be9eee425acecc5469286424a44405
d0be9eee.gxe
ndgHSKFte4
2e4ed391-c05f-11e7-9cd6-80e65024849a.exe
2e4ed391-c05f-11e7-9cd6-80e65024849a.file
1st-stage-malware-gnu64.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications