× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c8d7bd6ae0bb0e46c7f359b00a75e8937a0654812a16b01efe21a088d71f970
File name: bKKc.exe
Detection ratio: 23 / 67
Analysis date: 2018-04-11 17:55:19 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.GandCrab.Gen.2 20180411
ALYac Trojan.Ransom.GandCrab.Gen.2 20180411
Arcabit Trojan.Ransom.GandCrab.Gen.2 20180411
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180411
BitDefender Trojan.Ransom.GandCrab.Gen.2 20180411
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180411
Emsisoft Trojan.Ransom.GandCrab.Gen.2 (B) 20180411
Endgame malicious (high confidence) 20180403
F-Secure Trojan.Ransom.GandCrab.Gen.2 20180411
Fortinet W32/Kryptik.GFHY!tr 20180411
GData Trojan.Ransom.GandCrab.Gen.2 20180411
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180410
MAX malware (ai score=81) 20180411
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20180410
eScan Trojan.Ransom.GandCrab.Gen.2 20180411
Palo Alto Networks (Known Signatures) generic.ml 20180411
Qihoo-360 HEUR/QVM10.1.7007.Malware.Gen 20180411
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180411
Webroot W32.Malware.Gen 20180411
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180411
AegisLab 20180411
AhnLab-V3 20180411
Alibaba 20180411
Antiy-AVL 20180411
Avast 20180411
Avast-Mobile 20180411
AVG 20180411
Avira (no cloud) 20180411
AVware 20180411
Bkav 20180410
CAT-QuickHeal 20180411
ClamAV 20180411
CMC 20180410
Comodo 20180411
Cybereason None
Cyren 20180411
DrWeb 20180411
eGambit 20180411
ESET-NOD32 20180411
F-Prot 20180411
Ikarus 20180411
Jiangmin 20180411
K7AntiVirus 20180411
K7GW 20180411
Kingsoft 20180411
Malwarebytes 20180411
McAfee 20180411
Microsoft 20180411
NANO-Antivirus 20180411
nProtect 20180411
Panda 20180411
Rising 20180411
Sophos AV 20180411
SUPERAntiSpyware 20180411
Symantec Mobile Insight 20180406
Tencent 20180411
TheHacker 20180410
TotalDefense 20180411
TrendMicro 20180411
TrendMicro-HouseCall 20180411
Trustlook 20180411
VBA32 20180411
VIPRE 20180411
ViRobot 20180411
WhiteArmor 20180408
Yandex 20180411
Zillya 20180411
Zoner 20180411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, fockertoub

Internal name toofartyless.exe
File version 5.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-11 14:00:48
Entry Point 0x00001C46
Number of sections 5
PE sections
Overlays
MD5 62e8758daf7df8d4d97f245c529b54a5
File type ASCII text
Offset 181760
Size 8
Entropy 2.50
PE imports
ReportEventA
GetTextExtentPointA
GetPolyFillMode
GetTextMetricsA
CreateRectRgnIndirect
GetLogColorSpaceW
CheckColorsInGamut
LineDDA
Ellipse
GetDeviceGammaRamp
GetLastError
IsValidCodePage
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetTapeStatus
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetSystemWindowsDirectoryW
SetTapePosition
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
lstrlenW
WinExec
GetStdHandle
HeapAlloc
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetDriveTypeA
DecodePointer
GetCurrentProcessId
lstrcatA
SetVolumeMountPointA
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
LoadModule
GetFileInformationByHandle
InitializeCriticalSectionAndSpinCount
WriteProfileSectionW
GlobalLock
GetModuleHandleW
EncodePointer
WritePrivateProfileStringW
ExitProcess
WideCharToMultiByte
GetModuleFileNameW
TlsFree
FreeEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
DeleteAtom
GetSystemTimeAsFileTime
PeekConsoleInputA
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEvent
GetSystemTimeAdjustment
TerminateProcess
InitializeCriticalSection
HeapCreate
WriteFile
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
LoadCursorA
AppendMenuA
CreateMDIWindowW
SetPropA
GetQueueStatus
SetClassLongW
GrayStringA
CloseWindow
GetWindowTextLengthW
SwitchDesktop
GetWindowTextA
GetCaretPos
InsertMenuItemA
SetWindowsHookA
ReplyMessage
GetDC
DrawCaption
OleMetafilePictFromIconAndLabel
CoUnmarshalHresult
OleSetMenuDescriptor
CoInitialize
CoMarshalHresult
Number of PE resources by type
RT_STRING 12
RT_BITMAP 3
RT_ICON 1
KIRIVAWOWOYITAMAPOHA 1
MUWELEZORO 1
MPPXL 1
RT_VERSION 1
CAFITEHUVU 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 22
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.3.0.6

LanguageCode
English (British)

FileFlagsMask
0x001f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1641472

EntryPoint
0x1c46

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017, fockertoub

FileVersion
5.0.0.0

TimeStamp
2018:04:11 15:00:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
toofartyless.exe

ProductVersion
5.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
18944

FileSubtype
0

ProductVersionNumber
1.3.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 819c7079251af39e3c0cbc4d3e2649ed
SHA1 ece9d46c27475d4bebfc4e08683a091aea5e3d09
SHA256 8c8d7bd6ae0bb0e46c7f359b00a75e8937a0654812a16b01efe21a088d71f970
ssdeep
3072:d+j5rKOymvKc+axlGUuNTFwFF1Ozx0bKxGyAjBTkEFiAN77sQoTEK7:d+I1my6xEzNTFI82bKsyAj9kEFiANvtW

authentihash 85123decc3b5a5f9d30aed4f1931172bf0edbca36a43f3b297aa624a9780b281
imphash d18033035bcf4c93b44d25aae6a4aecf
File size 177.5 KB ( 181768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe nxdomain overlay

VirusTotal metadata
First submission 2018-04-11 17:55:19 UTC ( 1 year ago )
Last submission 2018-07-03 07:31:39 UTC ( 9 months, 3 weeks ago )
File names bKKc.exe
da.exe
toofartyless.exe
da.exe
da.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications