× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 93fe9b294a19095a34f87ac6f458dfde90dc15a66675a36c79efb40cf91c3846
File name: index.exe
Detection ratio: 40 / 56
Analysis date: 2016-10-10 05:18:02 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.99011 20161010
AegisLab Webtoolbar.W32.Generic!c 20161010
AhnLab-V3 Trojan/Win32.Rack.N2121944547 20161009
ALYac Gen:Variant.Razy.99011 20161010
Antiy-AVL RiskWare[WebToolbar:not-a-virus,HEUR]/Win32.AGeneric 20161010
Arcabit Trojan.Razy.D182C3 20161010
Avast Win32:Malware-gen 20161010
AVG Ransom_r.ALV 20161009
AVware Trojan.Win32.Generic.pak!cobra 20161010
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20161010
BitDefender Gen:Variant.Razy.99011 20161010
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Trojan.BKSO-7230 20161010
DrWeb Trojan.PWS.Siggen1.57791 20161010
Emsisoft Gen:Variant.Razy.99011 (B) 20161010
ESET-NOD32 a variant of Win32/Kryptik.FHKH 20161009
F-Secure Gen:Variant.Razy.99011 20161010
Fortinet Riskware/Generic 20161010
GData Gen:Variant.Razy.99011 20161010
Ikarus Trojan.Win32.Crypt 20161009
Sophos ML trojandropper.win32.gepys.a 20160928
Jiangmin Trojan.Rack.bt 20161010
K7AntiVirus Riskware ( 0040eff71 ) 20161009
K7GW Riskware ( 0040eff71 ) 20161010
Kaspersky Trojan-Ransom.Win32.Rack.fl 20161010
McAfee RDN/Generic PUP.z 20161010
McAfee-GW-Edition BehavesLike.Win32.Trojan.hh 20161009
Microsoft Ransom:Win32/Teerac.I 20161010
eScan Gen:Variant.Razy.99011 20161010
NANO-Antivirus Riskware.Win32.Siggen1.egvxqx 20161010
Panda Trj/GdSda.A 20161009
Qihoo-360 Win32/Virus.WebToolbar.5b2 20161010
Rising Malware.Generic!1ZsDj38cruM@3 (thunder) 20161010
Sophos AV Mal/Generic-S 20161010
Symantec Ransom.TorrentLocker 20161010
Tencent Win32.Trojan.Rack.Pboy 20161010
TrendMicro Ransom_CRYPTLOCK.F116J5 20161010
TrendMicro-HouseCall Ransom_CRYPTLOCK.F116J5 20161010
VIPRE Trojan.Win32.Generic.pak!cobra 20161010
Yandex Trojan.Rack! 20161009
Alibaba 20161010
Avira (no cloud) 20161010
Bkav 20161008
CAT-QuickHeal 20161008
ClamAV 20161010
CMC 20161010
Comodo 20161007
F-Prot 20161010
Kingsoft 20161010
Malwarebytes 20161010
nProtect 20161010
SUPERAntiSpyware 20161009
TheHacker 20161009
VBA32 20161009
ViRobot 20161010
Zillya 20161007
Zoner 20161010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-05 11:44:06
Entry Point 0x00001200
Number of sections 9
PE sections
PE imports
RegQueryValueExA
RegOpenKeyW
GetOpenFileNameA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
DeleteEnhMetaFile
CreateHalftonePalette
EndPath
CreateMetaFileW
DeleteDC
EndDoc
FillPath
CreateMetaFileA
SetTextColor
CreatePatternBrush
DeleteColorSpace
CreateCompatibleDC
CloseEnhMetaFile
EndPage
CloseFigure
CloseMetaFile
CancelDC
CreateSolidBrush
BeginPath
DeleteObject
DeleteMetaFile
AddFontResourceW
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringA
ImmGetContext
ImmSetCompositionFontW
ImmSetCandidateWindow
ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContext
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
FindNextFileA
GetFileAttributesW
GetLocalTime
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
GetLocaleInfoW
GetFullPathNameA
WideCharToMultiByte
InterlockedExchange
WriteFile
MoveFileA
GetSystemTimeAsFileTime
HeapReAlloc
SetFileAttributesA
FreeLibrary
FormatMessageW
ResumeThread
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
OutputDebugStringA
GetSystemTime
GetModuleFileNameW
HeapAlloc
GetModuleFileNameA
QueryPerformanceFrequency
GetVolumeInformationA
GetPrivateProfileStringA
SetThreadPriority
GetVolumeInformationW
MultiByteToWideChar
FormatMessageA
GetModuleHandleA
SetEnvironmentVariableW
ExitThread
SetEnvironmentVariableA
GetDiskFreeSpaceExA
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
GetCurrentThreadId
SetCurrentDirectoryA
CloseHandle
HeapFree
PeekNamedPipe
SetEvent
QueryPerformanceCounter
GetVersionExA
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GlobalSize
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryA
DeleteFileA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GlobalLock
GetTimeFormatW
RemoveDirectoryW
FindFirstFileA
GetTimeFormatA
FindFirstFileW
IsValidLocale
GetProcAddress
CreateEventA
GetFileType
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
CompareStringW
GlobalUnlock
RemoveDirectoryA
FileTimeToLocalFileTime
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentDirectoryA
GetCommandLineA
GetCurrentThread
RaiseException
SetFilePointer
ReadFile
FindNextFileW
GetModuleHandleW
CreateProcessW
Sleep
VirtualAlloc
CompareStringA
SetWindowRgn
SetWindowPos
DispatchMessageA
EndPaint
ScrollWindowEx
WindowFromPoint
GetDC
ChangeClipboardChain
GetCursorPos
ReleaseDC
SendMessageW
UnregisterClassA
SendMessageA
UnregisterClassW
GetClientRect
DefWindowProcW
CallNextHookEx
ClientToScreen
GetActiveWindow
GetUpdateRgn
EnumClipboardFormats
MsgWaitForMultipleObjects
DestroyWindow
GetMessageA
GetParent
UpdateWindow
CreateCaret
GetMessageW
ShowWindow
GetDesktopWindow
ValidateRgn
PeekMessageW
PeekMessageA
GetClipboardData
TranslateMessage
RegisterClassW
CreateCursor
SystemParametersInfoA
SetParent
SetClipboardData
IsZoomed
IsIconic
RegisterClassA
TrackPopupMenuEx
GetWindowLongA
SetTimer
CreateWindowExW
GetUpdateRect
IsChild
SetFocus
RegisterWindowMessageW
MapVirtualKeyA
PostMessageA
BeginPaint
SetCaretPos
KillTimer
MapVirtualKeyW
RegisterWindowMessageA
DefWindowProcA
SetClipboardViewer
GetSystemMetrics
EnableMenuItem
GetWindowRect
SetCapture
ReleaseCapture
SetWindowLongA
PostMessageW
SetWindowTextA
DrawFocusRect
DrawIconEx
SetWindowTextW
CreateWindowExA
ScreenToClient
LoadCursorA
LoadIconA
SetWindowsHookExA
PostThreadMessageW
ValidateRect
LoadCursorW
GetSystemMenu
DispatchMessageW
SetForegroundWindow
ExitWindowsEx
PostThreadMessageA
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
HideCaret
CreateIconIndirect
MessageBeep
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
DestroyCursor
GetSysColor
GetKeyState
GetWindowRgn
GetDoubleClickTime
DestroyIcon
IsWindowVisible
SystemParametersInfoW
LoadIconW
SetRect
InvalidateRect
wsprintfA
IsRectEmpty
GetFocus
CloseClipboard
SetCursor
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
LITHUANIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
251392

EntryPoint
0x1200

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12 .0.6606.1000

TimeStamp
2016:10:05 12:44:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
off lb.exe

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0)

LegalCopyright
2006 Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
340992

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 47305a1851f2ac1a1ee8c4b5ebee6ec2
SHA1 46c60a3a2f694145e58467e376c642c04904ed2d
SHA256 93fe9b294a19095a34f87ac6f458dfde90dc15a66675a36c79efb40cf91c3846
ssdeep
6144:Gk8bLZJV20aE8qqQQFCSOEpWRqVoOpsfLwSCHFwuNcZBJgbFAWgNAcp:GZNT20C1QUCREpWACOsfLyFfNOOa

authentihash 23311530253e9264c304d263e5b5da6d0e2e4984209c21404e7d69273d06494e
imphash 732a803762f22940b6817d52d975164a
File size 579.5 KB ( 593408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-04 12:58:06 UTC ( 2 years, 4 months ago )
Last submission 2016-10-04 12:58:06 UTC ( 2 years, 4 months ago )
File names index.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications