× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 91ed2931077cc1c617e88d7808766737fab64d449848707a7626b7611cef0625
File name: b28cac279780b02061bc6a2a3e213f1eecbfd82a
Detection ratio: 30 / 68
Analysis date: 2017-11-03 04:15:33 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Dropper.181 20171103
AegisLab Troj.W32.Refinka!c 20171103
Avast Win32:Malware-gen 20171103
AVG Win32:Malware-gen 20171103
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171103
BitDefender Gen:Variant.Dropper.181 20171103
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171103
eGambit Unsafe.AI_Score_99% 20171103
Emsisoft Gen:Variant.Dropper.181 (B) 20171103
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYOB 20171103
F-Secure Gen:Variant.Dropper.181 20171103
Fortinet W32/Kryptik.FYKM!tr.ransom 20171103
GData Gen:Variant.Dropper.181 20171103
Ikarus Trojan-Ransom.Locky 20171102
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Refinka.ics 20171102
Malwarebytes Ransom.Locky 20171103
MAX malware (ai score=100) 20171103
McAfee Artemis!47BB11431E44 20171031
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20171103
eScan Gen:Variant.Dropper.181 20171103
Palo Alto Networks (Known Signatures) generic.ml 20171103
Qihoo-360 Win32/Trojan.7a4 20171103
Sophos AV Mal/Generic-S 20171103
Symantec Ransom.Locky.B 20171103
Tencent Suspicious.Heuristic.Gen.b.0 20171103
TrendMicro-HouseCall TROJ_GEN.R015H0DK217 20171103
ZoneAlarm by Check Point Trojan.Win32.Refinka.ics 20171103
AhnLab-V3 20171103
Alibaba 20170911
ALYac 20171103
Antiy-AVL 20171103
Arcabit 20171103
Avast-Mobile 20171102
Avira (no cloud) 20171103
AVware 20171102
Bkav 20171102
CAT-QuickHeal 20171102
ClamAV 20171102
CMC 20171102
Comodo 20171103
Cybereason 20171030
Cyren 20171103
DrWeb 20171103
F-Prot 20171103
Jiangmin 20171103
K7AntiVirus 20171102
K7GW 20171103
Kingsoft 20171103
Microsoft 20171103
NANO-Antivirus 20171103
nProtect 20171103
Panda 20171102
Rising 20171103
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171103
Symantec Mobile Insight 20171101
TheHacker 20171102
TotalDefense 20171103
TrendMicro 20171103
Trustlook 20171103
VBA32 20171102
VIPRE 20171103
ViRobot 20171103
Webroot 20171103
WhiteArmor 20171024
Yandex 20171102
Zillya 20171102
Zoner 20171103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-11 07:05:41
Entry Point 0x0000EA13
Number of sections 4
PE sections
PE imports
CmMalloc
CmRealloc
CmAtolA
EnterCriticalSection
LoadLibraryW
lstrcmp
WaitForSingleObjectEx
GetFileSize
lstrcatA
SetFileTime
GetStartupInfoW
GetCommandLineA
GetProcAddress
ReadConsoleA
CreateSemaphoreA
GetStringTypeA
GetModuleHandleA
CreateFileMappingA
FindNextFileA
GetSystemDirectoryA
GetVersion
IsBadStringPtrW
SearchPathA
FindClose
MoveFileW
GetCurrentThreadId
DeleteFileW
GetExpandedNameA
SHCreateShellItem
StrChrW
DragFinish
SHChangeNotify
SHGetDesktopFolder
ExtractIconW
SHGetDiskFreeSpaceA
SHGetFolderPathA
FindExecutableW
SHQueryRecycleBinA
SHGetDataFromIDListA
SHGetFileInfoW
DragQueryFileA
DllRegisterServer
SE_IsShimDll
SE_InstallBeforeInit
LoadBitmapW
wsprintfA
CreateWindowExA
LoadCursorA
PeekMessageA
GetClassLongW
LoadMenuA
DrawStateA
LoadMenuW
LoadStringW
LoadImageA
LoadIconW
DialogBoxParamA
MessageBoxW
IsCharLowerW
PostMessageW
GetPropA
CreateDesktopW
LoadIconA
Number of PE resources by type
DCXA 2
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:06:11 08:05:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
60416

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
121344

SubsystemVersion
5.1

EntryPoint
0xea13

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 47bb11431e44225f99a109b19251f3f8
SHA1 b28cac279780b02061bc6a2a3e213f1eecbfd82a
SHA256 91ed2931077cc1c617e88d7808766737fab64d449848707a7626b7611cef0625
ssdeep
3072:DIqcFInW0+fqQyuJDjvu87b+oTTMqGUz+8jDkxGBCv6bRUfv2mnMq8Pf+s4iPopN:D8bXCS2fv2mnuPH41p2Yg

authentihash 0d3853f0c0f90b87a0fd8620205a5f0899e062868e6dbf76e95bb3df8b013b0a
imphash 86bd546b5ec89acc415f54dc1a0e7627
File size 178.5 KB ( 182784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-02 22:50:16 UTC ( 1 year, 4 months ago )
Last submission 2017-11-03 09:07:48 UTC ( 1 year, 4 months ago )
File names 1032-b28cac279780b02061bc6a2a3e213f1eecbfd82a
b28cac279780b02061bc6a2a3e213f1eecbfd82a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications