× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 994f764ab463003ce57186ae4a14fd5eaa28a79fad884581fe7d1634dee4fe6d
File name: df74001b.gxe
Detection ratio: 56 / 65
Analysis date: 2017-10-13 01:48:51 UTC ( 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12216822 20171013
AegisLab Ransom.Cerber.Smaly0!c 20171013
AhnLab-V3 Trojan/Win32.Locky.R207842 20171012
ALYac Trojan.Ransom.LockyCrypt 20171013
Antiy-AVL Trojan/Win32.TSGeneric 20171012
Arcabit Trojan.Generic.DBA69F6 20171013
Avast Win32:Malware-gen 20171012
AVG Win32:Malware-gen 20171012
Avira (no cloud) TR/AD.Locky.qsqux 20171012
AVware Trojan.Win32.Generic!BT 20171012
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20171012
BitDefender Trojan.GenericKD.12216822 20171013
CAT-QuickHeal Ransom.Exxroute.A4 20171012
ClamAV Win.Ransomware.Locky-6336174-0 20171013
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171013
Cyren W32/Trojan.AVML-8828 20171012
DrWeb Trojan.Encoder.13570 20171012
Emsisoft Trojan.GenericKD.12216822 (B) 20171013
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Filecoder.Locky.L 20171013
F-Prot W32/S-fba54330!Eldorado 20171013
F-Secure Trojan.GenericKD.12216822 20171012
Fortinet W32/Kryptik.FVZV!tr 20171012
GData Win32.Trojan-Ransom.Locky.DQ 20171012
Ikarus Trojan-Ransom.Locky 20171012
Sophos ML heuristic 20170914
Jiangmin TrojanDropper.Injector.blvu 20171013
K7AntiVirus Trojan ( 0051918c1 ) 20171013
K7GW Trojan ( 0051918c1 ) 20171013
Kaspersky HEUR:Trojan.Win32.Generic 20171013
Malwarebytes Ransom.Locky 20171013
MAX malware (ai score=100) 20171013
McAfee Packed-QL!DF74001B35B7 20171013
McAfee-GW-Edition BehavesLike.Win32.Virut.jc 20171013
Microsoft Ransom:Win32/Locky.A 20171013
NANO-Antivirus Trojan.Win32.Encoder.eshmtt 20171013
nProtect Ransom/W32.Cryptor.619520.H 20171013
Palo Alto Networks (Known Signatures) generic.ml 20171013
Panda Trj/GdSda.A 20171012
Qihoo-360 Trojan.Generic 20171013
Rising Trojan.Kryptik!1.AD50 (CLASSIC) 20171013
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Troj/Locky-ABA 20171013
Symantec Ransom.Locky.B 20171013
Tencent Win32.Trojan.Filecoder.Wuqu 20171013
TrendMicro Ransom_LOCKY.TH831 20171013
TrendMicro-HouseCall Ransom_LOCKY.TH831 20171013
VBA32 Trojan-Ransom.Cryptor 20171012
VIPRE Trojan.Win32.Generic!BT 20171013
ViRobot Trojan.Win32.Z.Locky.619520.B 20171012
Webroot W32.Trojan.Gen 20171013
WhiteArmor Malware.HighConfidence 20170927
Yandex Trojan.Cryptor!znlp2sVmcQ0 20171012
Zillya Trojan.Cryptor.Win32.140 20171012
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171013
Alibaba 20170911
Avast-Mobile 20171012
Bkav 20171013
CMC 20171012
Comodo 20171012
Kingsoft 20171013
SUPERAntiSpyware 20171013
Symantec Mobile Insight 20171011
TheHacker 20171013
TotalDefense 20171012
Trustlook 20171013
Zoner 20171013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-02 01:03:03
Entry Point 0x0000CA88
Number of sections 4
PE sections
PE imports
CMP_Report_LogOn
CM_Add_Range
CM_Add_Empty_Log_Conf
CM_Add_IDA
DowngradeAPL
SetSetupSave
ConnectionWrite
ConnectionClose
GetModuleFileNameW
WaitForSingleObject
FindNextFileA
LoadLibraryA
GetLocalTime
GetPriorityClass
OpenProcess
CreateDirectoryA
GetConsoleTitleA
GetCommandLineA
GetProcAddress
GetPrivateProfileStringW
CreateMutexA
FindResourceExA
GetModuleHandleA
GlobalAddAtomA
CreateSemaphoreW
CreateFileMappingA
FindFirstFileW
SetEnvironmentVariableA
CreateProcessA
GetLogicalDriveStringsA
FindClose
InterlockedDecrement
FormatMessageA
GetEnvironmentVariableW
SetLastError
SHGetFolderPathW
StrChrW
DllGetClassObject
SHBrowseForFolderW
Shell_NotifyIconW
ExtractIconW
DllUnregisterServer
SHCreateDirectoryExA
SHEmptyRecycleBinA
DragQueryFileA
SE_IsShimDll
SE_InstallBeforeInit
PathCompactPathW
UrlGetPartW
UrlCombineA
UrlIsA
UrlIsNoHistoryW
UrlUnescapeW
PathCombineA
UrlHashA
UrlCreateFromPathW
PathCommonPrefixW
UrlEscapeA
UrlGetLocationA
PathIsRootW
UrlCompareW
wsprintfA
MessageBoxW
LoadIconA
GetClassLongW
IsCharLowerA
PostMessageA
PeekMessageA
IsDialogMessageA
InsertMenuW
DrawStateA
DialogBoxParamA
LoadBitmapA
DispatchMessageW
CharToOemA
Number of PE resources by type
IKQ 5
OPS 1
Number of PE resources by language
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:03:02 02:03:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
12.0

EntryPoint
0xca88

InitializedDataSize
25088

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 df74001b35b78b1c89632e0abefca395
SHA1 d8deb856b42c76ba928d6c5e7cca23bf6fe3d8c7
SHA256 994f764ab463003ce57186ae4a14fd5eaa28a79fad884581fe7d1634dee4fe6d
ssdeep
12288:1N1D4UvrLEshlml1beZXpvurUUUOx76rlq6ja6h7eaPVZbSu:1N1MsrvlaoZmrUHOdCNbdeazS

authentihash 0af74fdbf488c1ce67ac8572229d65b36a3fd34a9857de87c978c7f33eba557d
imphash 68423df65a8954f093886c055ebd2591
File size 605.0 KB ( 619520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-30 20:28:33 UTC ( 1 month, 2 weeks ago )
Last submission 2017-09-01 06:59:48 UTC ( 1 month, 2 weeks ago )
File names df74001b.gxe
http___87hfdredwertyfdvvlkgdrsadm.net_af_GHFbfsalku65.decoded
flzOXrR.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications