× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94d7558fc6eadbba423713df769c9ca20e129ff3bcaf89496b11c783af2db4c9
File name: Win32.Trojan.Symmi@94d7558fc6eadbba423713df769c9ca20e129ff3bcaf89...
Detection ratio: 41 / 59
Analysis date: 2017-06-07 02:47:00 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.68062 20170607
AegisLab Troj.Ransom.W32.Locky!c 20170607
AhnLab-V3 Trojan/Win32.Locky.C1548722 20170606
ALYac Trojan.Ransom.Cerber 20170607
Arcabit Trojan.Symmi.D109DE 20170607
Avast Win32:Trojan-gen 20170607
AVG Ransom_r.CLA 20170606
Avira (no cloud) TR/Crypt.ZPACK.ihik 20170607
AVware Trojan.Win32.Generic!BT 20170607
BitDefender Gen:Variant.Symmi.68062 20170607
CAT-QuickHeal TrojanRansom.Locky 20170606
CrowdStrike Falcon (ML) malicious_confidence_93% (W) 20170420
Cyren W32/Trojan.YMOK-6205 20170607
Emsisoft Gen:Variant.Symmi.68062 (B) 20170607
Endgame malicious (high confidence) 20170515
ESET-NOD32 a variant of Win32/Kryptik.FFVZ 20170607
F-Secure Gen:Variant.Symmi.68062 20170607
Fortinet W32/Kryptik.FFVZ!tr 20170607
GData Gen:Variant.Symmi.68062 20170607
Ikarus Trojan.Win32.Crypt 20170606
Sophos ML virus.win32.sality.at 20170604
K7AntiVirus Trojan ( 004f80671 ) 20170606
K7GW Trojan ( 004f80671 ) 20170607
Kaspersky Trojan-Ransom.Win32.Locky.xrb 20170607
Malwarebytes Ransom.Locky 20170607
McAfee RDN/Generic.com 20170607
McAfee-GW-Edition BehavesLike.Win32.ICLoader.fc 20170606
eScan Gen:Variant.Symmi.68062 20170607
NANO-Antivirus Trojan.Win32.Kryptik.eprenp 20170606
Palo Alto Networks (Known Signatures) generic.ml 20170607
Qihoo-360 HEUR/QVM10.1.9F5E.Malware.Gen 20170607
Rising Trojan.Ransom-Locky!8.4655 (cloud:pklIS3swgh) 20170607
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/Generic-S 20170607
Symantec Trojan.Gen 20170607
Tencent Win32.Trojan.Kryptik.Ug 20170607
TrendMicro-HouseCall Suspicious_GEN.F47V0604 20170606
VIPRE Trojan.Win32.Generic!BT 20170607
Webroot W32.Trojan.Gen 20170607
Yandex Trojan.Locky! 20170606
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.xrb 20170607
Alibaba 20170607
Antiy-AVL 20170607
Baidu 20170601
ClamAV 20170606
CMC 20170606
Comodo 20170606
DrWeb 20170607
F-Prot 20170607
Jiangmin 20170607
Kingsoft 20170607
Microsoft 20170606
nProtect 20170607
Panda 20170606
SUPERAntiSpyware 20170606
Symantec Mobile Insight 20170606
TheHacker 20170605
Trustlook 20170607
VBA32 20170606
ViRobot 20170606
WhiteArmor 20170601
Zillya 20170606
Zoner 20170607
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Locktime Softprog

Product NetLimiter 4
Original name netlimiter-4.0.15.0.exe
Internal name netlimiter-4.0.15.0
File version 4.0.15.0
Description Net Limiter 4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-05 10:43:43
Entry Point 0x0000CAB2
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegEnumValueA
RegCloseKey
AVIFileInit
AVIStreamRelease
AVIStreamInfoA
AVIStreamOpenFromFileA
GetDeviceCaps
CreateFontA
GetStockObject
CreateFontIndirectA
GetMetaFileA
CreateSolidBrush
PlayMetaFile
DeleteObject
DeleteMetaFile
ImmGetDescriptionA
ImmGetConversionStatus
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
ImmSetOpenStatus
ImmIsIME
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
TlsGetValue
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
LeaveCriticalSection
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
OpenProcess
GetUserDefaultLCID
GetProcessHeap
lstrcpyA
IsValidLocale
GlobalLock
CreateEventW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
acmFormatTagDetailsW
ICGetInfo
MCIWndCreateA
ICClose
ICOpen
Ord(136)
Ord(3)
Ord(43)
Ord(75)
Ord(36)
Ord(1)
Ord(45)
Ord(24)
Ord(39)
Ord(47)
Ord(16)
Ord(7)
Ord(15)
Ord(14)
Ord(9)
Ord(2)
Ord(13)
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
SysAllocString
glFrustum
glMatrixMode
RpcBindingInqAuthClientA
RpcServerUseProtseqEpA
RpcRevertToSelf
RpcBindingFree
RpcStringFreeA
RpcStringBindingComposeA
RpcMgmtWaitServerListen
RpcBindingFromStringBindingA
RpcImpersonateClient
RpcServerListen
RpcBindingSetAuthInfoA
Ord(256)
GetMessageA
GetParent
GetWindowTextA
EndDialog
BeginPaint
DefWindowProcA
PostQuitMessage
DefMDIChildProcA
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
SetMenu
GetDlgItemTextA
MessageBoxA
ChangeClipboardChain
TranslateMessage
IsWindowEnabled
GetSysColor
GetDC
GetCursorPos
ReleaseDC
LoadMenuA
CheckMenuItem
GetWindowLongA
SendMessageA
DialogBoxParamA
GetClientRect
GetDlgItem
DrawMenuBar
SetWindowPos
InvalidateRect
wsprintfA
IsClipboardFormatAvailable
CreateWindowExA
LoadCursorA
LoadIconA
GetKeyboardLayout
GetTopWindow
AdjustWindowRect
IsDlgButtonChecked
GetSysColorBrush
CloseClipboard
OpenClipboard
midiInGetNumDevs
waveOutOpen
joyGetNumDevs
waveInGetDevCapsA
auxGetNumDevs
waveOutGetDevCapsA
mmioDescend
waveOutGetNumDevs
midiOutGetNumDevs
mmioAscend
mmioOpenA
mmioClose
waveInGetNumDevs
EnumPrintersA
OpenPrinterA
GetPrinterA
ClosePrinter
EnumJobsA
WlanEnumInterfaces
WlanOpenHandle
CoInitializeEx
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoLockObjectExternal
RegisterDragDrop
CoCreateInstance
CoInitializeSecurity
RevokeDragDrop
CLSIDFromString
CoSetProxyBlanket
PdhAddCounterW
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCollectQueryData
PdhCloseQuery
Number of PE resources by type
RT_ICON 5
RT_STRING 5
RT_MENU 5
Struct(240) 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
201728

ImageVersion
0.0

ProductName
NetLimiter 4

FileVersionNumber
4.0.15.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Net Limiter 4

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
netlimiter-4.0.15.0.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.0.15.0

TimeStamp
2016:09:05 11:43:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
netlimiter-4.0.15.0

ProductVersion
4.0.15.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) Locktime Softprog

MachineType
Intel 386 or later, and compatibles

CompanyName
Locktime SoftProg

CodeSize
123392

FileSubtype
0

ProductVersionNumber
4.0.15.0

EntryPoint
0xcab2

ObjectFileType
Executable application

File identification
MD5 002e1cd50be9495a99c3d3ab691fadfd
SHA1 ec03ede5d41e45932b6fb9d859dbb1700c27b230
SHA256 94d7558fc6eadbba423713df769c9ca20e129ff3bcaf89496b11c783af2db4c9
ssdeep
6144:q98Ow2+q8RdUibyCzkLpDCSutSM4unZqS:qM2+q8HRVwDCzvZj

authentihash be9720f101f351bfef2ba7390a127cd378239d067a15e2a91cb02b77fd96a1de
imphash d95f02584d7318782cbd526900f89b4a
File size 318.5 KB ( 326144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-04 14:37:41 UTC ( 1 year, 8 months ago )
Last submission 2017-07-13 01:20:06 UTC ( 1 year, 7 months ago )
File names netlimiter-4.0.15.0.exe
Win32.Trojan.Symmi@94d7558fc6eadbba423713df769c9ca20e129ff3bcaf89496b11c783af2db4c9.exe
002e1cd50be9495a99c3d3ab691fadfd
radE2548.tmp.exe
netlimiter-4.0.15.0
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications