× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a50f67ed001671c30c72386113ce2abe01fa2bf51f976d93535e7889e5928ed
File name: 15133a7dc9065874713701013b230ebd
Detection ratio: 13 / 61
Analysis date: 2017-03-15 05:16:47 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170315
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/Kryptik.FPSG 20170315
GData Win32.Trojan-Ransom.Locky.Q7F4GH 20170315
Ikarus Win32.Outbreak 20170314
Sophos ML trojanspy.win32.skeeyah.a!rfn 20170203
Malwarebytes Ransom.Locky 20170315
McAfee-GW-Edition BehavesLike.Win32.Ramnit.fc 20170315
Palo Alto Networks (Known Signatures) generic.ml 20170315
Rising Trojan.Kryptik!8.8 (cloud:J9gvkBmjHwK) 20170315
Symantec ML.Attribute.HighConfidence 20170314
ViRobot Trojan.Win32.R.Agent.376320.N[h] 20170315
Ad-Aware 20170315
AhnLab-V3 20170314
Alibaba 20170228
ALYac 20170315
Antiy-AVL 20170315
Arcabit 20170315
Avast 20170315
AVG 20170315
Avira (no cloud) 20170315
AVware 20170315
Baidu 20170314
BitDefender 20170315
Bkav 20170314
CAT-QuickHeal 20170314
ClamAV 20170314
CMC 20170314
Comodo 20170315
Cyren 20170315
DrWeb 20170315
Emsisoft 20170315
F-Prot 20170315
F-Secure 20170315
Fortinet 20170315
Jiangmin 20170315
K7AntiVirus 20170314
K7GW 20170314
Kaspersky 20170315
Kingsoft 20170315
McAfee 20170315
Microsoft 20170315
eScan 20170315
NANO-Antivirus 20170315
nProtect 20170315
Panda 20170314
Qihoo-360 20170315
Sophos AV 20170315
SUPERAntiSpyware 20170315
Tencent 20170315
TheHacker 20170315
TotalDefense 20170314
TrendMicro 20170315
TrendMicro-HouseCall 20170315
Trustlook 20170315
VBA32 20170314
VIPRE 20170315
Webroot 20170315
WhiteArmor 20170303
Yandex 20170312
Zillya 20170314
ZoneAlarm by Check Point 20170315
Zoner 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-14 11:00:46
Entry Point 0x00007F7A
Number of sections 6
PE sections
PE imports
GetTokenInformation
OpenProcessToken
GetUserNameW
OpenThreadToken
ImpersonateLoggedOnUser
IsValidSecurityDescriptor
GetSecurityDescriptorRMControl
AVIFileCreateStreamA
ImageList_Remove
Ord(17)
ImageList_ReplaceIcon
DeleteDC
SetDCPenColor
SelectObject
StartDocA
CreateFontA
GetStockObject
StretchBlt
TextOutA
CreateFontIndirectA
GetPixel
GetKerningPairsA
DeleteObject
BitBlt
CreateDIBSection
CreateCompatibleDC
SetBoundsRect
CreateCompatibleBitmap
GetNetworkParams
GetTcpStatistics
GetIfTable
IcmpCreateFile
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
GetCurrentThread
LCMapStringW
GetStartupInfoW
LoadLibraryW
GlobalFree
GetConsoleCP
GetModuleHandleW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
VirtualQuery
RtlUnwind
GetModuleFileNameA
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetLastError
lstrcatA
UnhandledExceptionFilter
GetCommandLineW
WideCharToMultiByte
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
InitializeSListHead
GetLocaleInfoW
EnumSystemCodePagesW
SetStdHandle
GetVolumeNameForVolumeMountPointA
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
FindFirstFileExA
FormatMessageA
SetUnhandledExceptionFilter
lstrcpyA
CloseHandle
IsProcessorFeaturePresent
FindNextFileA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
FreeLibrary
OpenEventA
TerminateProcess
GetSystemPowerStatus
GetModuleHandleExW
IsValidCodePage
WriteFile
CreateFileW
GetConsoleWindow
CreateEventA
FindClose
TlsGetValue
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
WriteConsoleW
LeaveCriticalSection
MCIWndCreateA
NetLocalGroupGetMembers
NetUserGetInfo
NetApiBufferFree
EnumPwrSchemes
RpcBindingFree
RpcMgmtSetComTimeout
RpcBindingSetObject
RpcBindingFromStringBindingA
StrStrIA
PathAppendA
AcceptSecurityContext
phoneSetStatusMessages
phoneNegotiateExtVersion
GetMessageA
GetParent
EmptyClipboard
EndDialog
BeginPaint
SetCaretPos
ShowWindow
SetWindowPos
MessageBoxW
GetWindowRect
DispatchMessageA
EndPaint
MoveWindow
IsWindowEnabled
GetDC
CopyImage
SetWindowTextA
ShowCaret
wsprintfA
SetClipboardData
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
EnableMenuItem
GetWindowLongA
CreateWindowExA
LoadIconA
GetTopWindow
AdjustWindowRect
LoadImageA
CloseClipboard
SetCursorPos
OpenClipboard
IsDialogMessageA
DestroyWindow
GetThemeInt
waveInAddBuffer
waveInOpen
waveOutOpen
waveInPrepareHeader
recv
socket
bind
inet_addr
WSACleanup
WSAStartup
htons
closesocket
WSAGetLastError
WTSQuerySessionInformationA
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdipGetImageGraphicsContext
OleCreate
CoInitialize
CoCreateGuid
CoCreateInstance
GetRunningObjectTable
CreateBindCtx
OleDraw
OleSetContainedObject
CoTaskMemFree
StringFromGUID2
PdhBrowseCountersA
Number of PE resources by type
RT_CURSOR 10
RT_RCDATA 7
REGISTRY 6
RT_GROUP_CURSOR 5
RT_ICON 4
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 34
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:03:14 12:00:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139776

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
235520

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x7f7a

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 15133a7dc9065874713701013b230ebd
SHA1 c1cf82a120100e503c8672698c585398108e371f
SHA256 9a50f67ed001671c30c72386113ce2abe01fa2bf51f976d93535e7889e5928ed
ssdeep
6144:4/cFRtyZENXpQrT6KcWGLZt1jjy7aYn1241Be0KlwtBB/y:KcF3yZE6Gf5jhYU6E0Kmdy

authentihash 87f4905c0c35c87b11377673b58732a6f754369e3aa549e864ccbb3a471588d5
imphash 47577bf47129d2c4727a9a562578b49e
File size 367.5 KB ( 376320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-15 01:11:51 UTC ( 1 year, 11 months ago )
Last submission 2017-03-18 05:02:22 UTC ( 1 year, 11 months ago )
File names VirusShare_15133a7dc9065874713701013b230ebd
aa
1.exe
1575d533.png
1
output.109699517.txt
a1.exe
QDjwlpx.xlsb
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications