| SHA256: | 94d7558fc6eadbba423713df769c9ca20e129ff3bcaf89496b11c783af2db4c9 |
| File name: | Win32.Trojan.Symmi@94d7558fc6eadbba423713df769c9ca20e129ff3bcaf89... |
| Detection ratio: | 41 / 59 |
| Analysis date: | 2017-06-07 02:47:00 UTC ( 1 year, 8 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Gen:Variant.Symmi.68062 | 20170607 |
| AegisLab | Troj.Ransom.W32.Locky!c | 20170607 |
| AhnLab-V3 | Trojan/Win32.Locky.C1548722 | 20170606 |
| ALYac | Trojan.Ransom.Cerber | 20170607 |
| Arcabit | Trojan.Symmi.D109DE | 20170607 |
| Avast | Win32:Trojan-gen | 20170607 |
| AVG | Ransom_r.CLA | 20170606 |
| Avira (no cloud) | TR/Crypt.ZPACK.ihik | 20170607 |
| AVware | Trojan.Win32.Generic!BT | 20170607 |
| BitDefender | Gen:Variant.Symmi.68062 | 20170607 |
| CAT-QuickHeal | TrojanRansom.Locky | 20170606 |
| CrowdStrike Falcon (ML) | malicious_confidence_93% (W) | 20170420 |
| Cyren | W32/Trojan.YMOK-6205 | 20170607 |
| Emsisoft | Gen:Variant.Symmi.68062 (B) | 20170607 |
| Endgame | malicious (high confidence) | 20170515 |
| ESET-NOD32 | a variant of Win32/Kryptik.FFVZ | 20170607 |
| F-Secure | Gen:Variant.Symmi.68062 | 20170607 |
| Fortinet | W32/Kryptik.FFVZ!tr | 20170607 |
| GData | Gen:Variant.Symmi.68062 | 20170607 |
| Ikarus | Trojan.Win32.Crypt | 20170606 |
| Sophos ML | virus.win32.sality.at | 20170604 |
| K7AntiVirus | Trojan ( 004f80671 ) | 20170606 |
| K7GW | Trojan ( 004f80671 ) | 20170607 |
| Kaspersky | Trojan-Ransom.Win32.Locky.xrb | 20170607 |
| Malwarebytes | Ransom.Locky | 20170607 |
| McAfee | RDN/Generic.com | 20170607 |
| McAfee-GW-Edition | BehavesLike.Win32.ICLoader.fc | 20170606 |
| eScan | Gen:Variant.Symmi.68062 | 20170607 |
| NANO-Antivirus | Trojan.Win32.Kryptik.eprenp | 20170606 |
| Palo Alto Networks (Known Signatures) | generic.ml | 20170607 |
| Qihoo-360 | HEUR/QVM10.1.9F5E.Malware.Gen | 20170607 |
| Rising | Trojan.Ransom-Locky!8.4655 (cloud:pklIS3swgh) | 20170607 |
| SentinelOne (Static ML) | static engine - malicious | 20170516 |
| Sophos AV | Mal/Generic-S | 20170607 |
| Symantec | Trojan.Gen | 20170607 |
| Tencent | Win32.Trojan.Kryptik.Ug | 20170607 |
| TrendMicro-HouseCall | Suspicious_GEN.F47V0604 | 20170606 |
| VIPRE | Trojan.Win32.Generic!BT | 20170607 |
| Webroot | W32.Trojan.Gen | 20170607 |
| Yandex | Trojan.Locky! | 20170606 |
| ZoneAlarm by Check Point | Trojan-Ransom.Win32.Locky.xrb | 20170607 |
| Alibaba | 20170607 | |
| Antiy-AVL | 20170607 | |
| Baidu | 20170601 | |
| ClamAV | 20170606 | |
| CMC | 20170606 | |
| Comodo | 20170606 | |
| DrWeb | 20170607 | |
| F-Prot | 20170607 | |
| Jiangmin | 20170607 | |
| Kingsoft | 20170607 | |
| Microsoft | 20170606 | |
| nProtect | 20170607 | |
| Panda | 20170606 | |
| SUPERAntiSpyware | 20170606 | |
| Symantec Mobile Insight | 20170606 | |
| TheHacker | 20170605 | |
| Trustlook | 20170607 | |
| VBA32 | 20170606 | |
| ViRobot | 20170606 | |
| WhiteArmor | 20170601 | |
| Zillya | 20170606 | |
| Zoner | 20170607 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Locktime Softprog
Product NetLimiter 4
Original name netlimiter-4.0.15.0.exe
Internal name netlimiter-4.0.15.0
File version 4.0.15.0
Description Net Limiter 4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-05 10:43:43
Entry Point 0x0000CAB2
Number of sections 4
PE sections
PE imports
Number of PE resources by type
RT_ICON 5
RT_STRING 5
RT_MENU 5
Struct(240) 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0
InitializedDataSize
201728
ImageVersion
0.0
ProductName
NetLimiter 4
FileVersionNumber
4.0.15.0
LanguageCode
English (U.S.)
FileFlagsMask
0x003f
FileDescription
Net Limiter 4
CharacterSet
Unicode
LinkerVersion
9.0
FileTypeExtension
exe
OriginalFileName
netlimiter-4.0.15.0.exe
MIMEType
application/octet-stream
Subsystem
Windows GUI
FileVersion
4.0.15.0
TimeStamp
2016:09:05 11:43:43+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
netlimiter-4.0.15.0
ProductVersion
4.0.15.0
SubsystemVersion
5.0
OSVersion
5.0
FileOS
Windows NT 32-bit
LegalCopyright
Copyright (C) Locktime Softprog
MachineType
Intel 386 or later, and compatibles
CompanyName
Locktime SoftProg
CodeSize
123392
FileSubtype
0
ProductVersionNumber
4.0.15.0
EntryPoint
0xcab2
ObjectFileType
Executable application
File identification
MD5 002e1cd50be9495a99c3d3ab691fadfd
SHA1 ec03ede5d41e45932b6fb9d859dbb1700c27b230
SHA256 94d7558fc6eadbba423713df769c9ca20e129ff3bcaf89496b11c783af2db4c9
ssdeep
6144:q98Ow2+q8RdUibyCzkLpDCSutSM4unZqS:qM2+q8HRVwDCzvZj
File size
318.5 KB ( 326144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
Win32 Executable MS Visual C++ (generic) (42.2%) Win64 Executable (generic) (37.3%) Win32 Dynamic Link Library (generic) (8.8%) Win32 Executable (generic) (6.0%) Generic Win/DOS Executable (2.7%) |
Tags
peexe
VirusTotal metadata
First submission
2017-06-04 14:37:41 UTC ( 1 year, 8 months ago )
Last submission
2017-07-13 01:20:06 UTC ( 1 year, 7 months ago )
| File names |
netlimiter-4.0.15.0.exe Win32.Trojan.Symmi@94d7558fc6eadbba423713df769c9ca20e129ff3bcaf89496b11c783af2db4c9.exe 002e1cd50be9495a99c3d3ab691fadfd radE2548.tmp.exe netlimiter-4.0.15.0 |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.