× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 91aa5705188d7f542cc11d324e9347c602515f49042535556ed950c0c58bd2f7
File name: A0200004.exe
Detection ratio: 45 / 65
Analysis date: 2017-10-03 07:15:48 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.60891 20171003
AhnLab-V3 Trojan/Win32.Teerac.C1326597 20171002
ALYac Gen:Variant.Symmi.60891 20171003
Antiy-AVL Trojan/Win32.Waldek 20171003
Arcabit Trojan.Symmi.DEDDB 20171003
Avast FileRepSnxclass [PUP] 20171003
AVG FileRepSnxclass [PUP] 20171003
Avira (no cloud) TR/Crypt.Xpack.395229 20171003
AVware Trojan.Win32.Generic!BT 20171003
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170930
BitDefender Gen:Variant.Symmi.60891 20171003
CAT-QuickHeal Ransom.Generic.WR4 20170930
Comodo UnclassifiedMalware 20171003
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20171003
Emsisoft Gen:Variant.Symmi.60891 (B) 20171003
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.CSEF 20171003
F-Secure Gen:Variant.Symmi.60891 20171003
Fortinet W32/Kryptik.EQAX!tr 20171003
GData Gen:Variant.Symmi.60891 20171003
Ikarus Trojan.Win32.Injector 20171002
Sophos ML heuristic 20170914
Jiangmin Trojan.Waldek.aap 20171003
K7AntiVirus Trojan ( 004de09c1 ) 20171003
K7GW Trojan ( 004de09c1 ) 20171003
Kaspersky Packed.Win32.Tpyn 20171003
Malwarebytes Ransom.TorrentLocker 20171003
MAX malware (ai score=83) 20171003
McAfee RDN/Ransom 20171003
McAfee-GW-Edition RDN/Ransom 20171003
eScan Gen:Variant.Symmi.60891 20171003
Panda Generic Suspicious 20171002
Qihoo-360 Win32/Trojan.a85 20171003
Rising Ransom.Teerac!8.57A (CLOUD) 20171003
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/Ransom-EF 20171003
Symantec Trojan.Gen 20171003
Tencent Win32.Packed.Tpyn.Lneh 20171003
TrendMicro Ransom_HPCRYPTESLA.SM2 20171003
TrendMicro-HouseCall Ransom_HPCRYPTESLA.SM2 20171003
VIPRE Trojan.Win32.Generic!BT 20171003
Yandex Trojan.Waldek! 20170908
Zillya Trojan.Waldek.Win32.650 20171002
ZoneAlarm by Check Point Packed.Win32.Tpyn 20171003
AegisLab 20171003
Alibaba 20170911
Avast-Mobile 20171003
Bkav 20170928
ClamAV 20171003
CMC 20171003
Cyren 20171003
DrWeb 20171003
F-Prot 20171003
Kingsoft 20171003
Microsoft 20171003
NANO-Antivirus 20171003
nProtect 20171003
Palo Alto Networks (Known Signatures) 20171003
SUPERAntiSpyware 20171003
Symantec Mobile Insight 20171003
TheHacker 20171002
Trustlook 20171003
VBA32 20171002
ViRobot 20171003
Webroot 20171003
WhiteArmor 20170927
Zoner 20171003
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-12-27 10:27:29
Entry Point 0x0000D4A0
Number of sections 4
PE sections
Overlays
MD5 11c493ddfbdcda34c844e2e538d3be6c
File type data
Offset 172032
Size 1107
Entropy 6.09
PE imports
CreatePolygonRgn
DeleteEnhMetaFile
CreateFontIndirectW
OffsetRgn
GetBkMode
CreateICW
SetDeviceGammaRamp
LPtoDP
GetClipBox
ModifyWorldTransform
GetDeviceCaps
CreateDCA
DeleteDC
SetMetaFileBitsEx
ScaleViewportExtEx
GetTextExtentExPointW
FillPath
CreateDCW
GetCharWidthA
GetObjectA
GetCurrentObject
RectVisible
GetStockObject
GetCurrentPositionEx
SelectPalette
GetOutlineTextMetricsW
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleDC
StretchBlt
SetStretchBltMode
CloseEnhMetaFile
SetBrushOrgEx
EndPage
GetWinMetaFileBits
EnumEnhMetaFile
ExtCreatePen
SetTextCharacterExtra
GetTextExtentPoint32W
ImmSetOpenStatus
AreFileApisANSI
GetCommTimeouts
GetEnvironmentStrings
DosDateTimeToFileTime
GetCurrentDirectoryW
GetShortPathNameW
GetStartupInfoA
GetModuleHandleA
GetPrivateProfileIntA
GetVolumeInformationW
GetProcessPriorityBoost
Ord(324)
Ord(3825)
Ord(2648)
Ord(3147)
Ord(2982)
Ord(2124)
Ord(5199)
Ord(3830)
Ord(4627)
Ord(3597)
Ord(4853)
Ord(1009)
Ord(3136)
Ord(3259)
Ord(1019)
Ord(1088)
Ord(3079)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(1067)
Ord(1002)
Ord(3081)
Ord(5065)
Ord(1036)
Ord(4407)
Ord(2446)
Ord(4079)
Ord(1017)
Ord(4078)
Ord(2725)
Ord(2554)
Ord(5289)
Ord(1093)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(3346)
Ord(6374)
Ord(5280)
Ord(5302)
Ord(1727)
Ord(1168)
Ord(1008)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(4486)
Ord(5300)
Ord(4698)
Ord(4998)
Ord(3922)
Ord(4353)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(2512)
Ord(5277)
Ord(4441)
Ord(4274)
Ord(1050)
Ord(5261)
Ord(4465)
Ord(5731)
asin
_acmdln
__CxxFrameHandler
__p__fmode
ldiv
_adjust_fdiv
__setusermatherr
_itow
__dllonexit
_onexit
_setmbcp
sinh
__getmainargs
_initterm
_controlfp
__p__commode
setvbuf
__set_app_type
RasHangUpA
GetDlgItem
Number of PE resources by type
RT_RCDATA 12
RT_ICON 4
RT_GROUP_ICON 4
RT_DIALOG 2
skEw73 1
s5IFo71BP3 1
yh68q 1
OX5K8702S 1
Tq8HM300E 1
cn2b08o 1
miE51aGQ18 1
kcS34300 1
nmsvg1M5 1
MD66006 1
RC5ex1v 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 34
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.78.28.136

UninitializedDataSize
0

LanguageCode
Unknown (APPE)

FileFlagsMask
0x003f

CharacterSet
Unknown (RTAINING)

InitializedDataSize
114688

EntryPoint
0xd4a0

MIMEType
application/octet-stream

LegalCopyright
2016 (C) 2014

FileVersion
0.216.47.248

TimeStamp
2004:12:27 11:27:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Aphorist

ProductVersion
0.98.201.14

FileDescription
Anachronisms Commuted Cavemen

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Novell, Inc.

CodeSize
53248

ProductName
Wicket Aidedecamp

ProductVersionNumber
0.106.4.126

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a2dbd067aacce40c1c88afc902f04f73
SHA1 157207c27586d24dc0691994f6d3446dba5c1709
SHA256 91aa5705188d7f542cc11d324e9347c602515f49042535556ed950c0c58bd2f7
ssdeep
3072:UFxwkywphLAB1AXlUgw7WuSKC80a6oMEVW19942ZRAPPgmtWex4J:oNU1AXlUpWupCj+Qji823tWeuJ

authentihash 72bd4ae248fec5bb11358686e0fce2be5ce99adb2f9753b0ab90b305478f82ec
imphash a1121634776a52ed8639f5d9347fc412
File size 169.1 KB ( 173139 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-10-03 07:15:48 UTC ( 1 year, 5 months ago )
Last submission 2017-10-03 07:15:48 UTC ( 1 year, 5 months ago )
File names A0200004.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!