× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9df5a12aad42c50f533facdc66bd9416b015983f2623a3b292ee5cc315fa7068
File name: 9DF5A12AAD42C50F533FACDC66BD9416B015983F2623A3B292EE5CC315FA7068
Detection ratio: 22 / 66
Analysis date: 2018-04-11 12:58:56 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.GandCrab.Gen.2 20180411
Arcabit Trojan.Ransom.GandCrab.Gen.2 20180411
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180411
BitDefender Trojan.Ransom.GandCrab.Gen.2 20180411
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180411
Emsisoft Trojan.Ransom.GandCrab.Gen.2 (B) 20180411
Endgame malicious (high confidence) 20180402
F-Secure Trojan.Ransom.GandCrab.Gen.2 20180411
Fortinet W32/Kryptik.GFHY!tr 20180411
GData Trojan.Ransom.GandCrab.Gen.2 20180411
Sophos ML heuristic 20180120
K7AntiVirus Trojan ( 0052908c1 ) 20180411
K7GW Trojan ( 0052908c1 ) 20180411
Kaspersky UDS:DangerousObject.Multi.Generic 20180410
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20180410
eScan Trojan.Ransom.GandCrab.Gen.2 20180411
Qihoo-360 HEUR/QVM10.1.6E47.Malware.Gen 20180411
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180411
WhiteArmor Malware.HighConfidence 20180408
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180411
AegisLab 20180411
AhnLab-V3 20180411
Alibaba 20180411
Antiy-AVL 20180411
Avast 20180411
Avast-Mobile 20180411
AVG 20180411
Avira (no cloud) 20180411
AVware 20180411
Bkav 20180410
CAT-QuickHeal 20180410
ClamAV 20180411
CMC 20180410
Comodo 20180411
Cybereason None
Cyren 20180411
DrWeb 20180411
eGambit 20180411
ESET-NOD32 20180411
F-Prot 20180411
Ikarus 20180410
Jiangmin 20180411
Kingsoft 20180411
Malwarebytes 20180411
MAX 20180411
McAfee 20180411
Microsoft 20180411
NANO-Antivirus 20180411
nProtect 20180411
Palo Alto Networks (Known Signatures) 20180411
Panda 20180410
Rising 20180411
Sophos AV 20180411
SUPERAntiSpyware 20180411
Symantec Mobile Insight 20180406
Tencent 20180411
TheHacker 20180410
TotalDefense 20180411
TrendMicro 20180411
TrendMicro-HouseCall 20180411
Trustlook 20180411
VBA32 20180410
VIPRE 20180411
ViRobot 20180411
Webroot 20180411
Yandex 20180411
Zillya 20180410
Zoner 20180411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, fockertoub

Internal name toofartyless.exe
File version 5.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-11 11:36:47
Entry Point 0x00001C46
Number of sections 5
PE sections
Overlays
MD5 62e8758daf7df8d4d97f245c529b54a5
File type ASCII text
Offset 182272
Size 8
Entropy 2.50
PE imports
ReportEventA
GetTextExtentPointA
GetPolyFillMode
GetTextMetricsA
CreateRectRgnIndirect
GetLogColorSpaceW
CheckColorsInGamut
LineDDA
Ellipse
GetDeviceGammaRamp
GetLastError
IsValidCodePage
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetTapeStatus
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetSystemWindowsDirectoryW
SetTapePosition
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
WinExec
GetStdHandle
HeapAlloc
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetDriveTypeA
DecodePointer
GetCurrentProcessId
lstrcatA
SetVolumeMountPointA
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
LoadModule
GetFileInformationByHandle
InitializeCriticalSectionAndSpinCount
WriteProfileSectionW
GlobalLock
EncodePointer
WritePrivateProfileStringW
ExitProcess
GetCPInfo
GetModuleFileNameW
TlsFree
FreeEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
DeleteAtom
GetSystemTimeAsFileTime
GetCommandLineA
PeekConsoleInputA
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEvent
GetSystemTimeAdjustment
TerminateProcess
InitializeCriticalSection
HeapCreate
WriteFile
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
GetDCEx
LoadCursorA
AppendMenuA
CreateMDIWindowW
SetPropA
GetQueueStatus
SetClassLongW
GrayStringA
CloseWindow
GetWindowTextLengthW
SwitchDesktop
GetWindowTextA
GetCaretPos
InsertMenuItemA
SetWindowsHookA
ReplyMessage
DrawCaption
OleMetafilePictFromIconAndLabel
CoUnmarshalHresult
OleSetMenuDescriptor
CoInitialize
CoMarshalHresult
Number of PE resources by type
RT_STRING 12
RT_BITMAP 3
RT_ICON 1
KIRIVAWOWOYITAMAPOHA 1
MUWELEZORO 1
BHCG 1
RT_VERSION 1
CAFITEHUVU 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 22
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1640960

ImageVersion
0.0

FileVersionNumber
1.3.0.6

LanguageCode
English (British)

FileFlagsMask
0x001f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.0.0

TimeStamp
2018:04:11 12:36:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
toofartyless.exe

ProductVersion
5.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, fockertoub

MachineType
Intel 386 or later, and compatibles

CodeSize
19456

FileSubtype
0

ProductVersionNumber
1.3.0.6

EntryPoint
0x1c46

ObjectFileType
Executable application

File identification
MD5 e1f3c0e8e222da065cec8eec4c2e9f9a
SHA1 c79c999c2cb756a29e02f1392a4ea7a6813700eb
SHA256 9df5a12aad42c50f533facdc66bd9416b015983f2623a3b292ee5cc315fa7068
ssdeep
3072:rbf5TERzRdrte4CwRnsWHsm2IRCK++WsLmyWctWbO9AN77sQoTE0:rbiRVdrtCQsWHs5SCPZctWbaANvtK3

authentihash c30177945e9091ba926a3ed9b64f7d97bb4bbf32ed697db9ae2483672e13dc59
imphash fc97e63cc4cfbb3b22f33e60f99920ec
File size 178.0 KB ( 182280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe nxdomain overlay

VirusTotal metadata
First submission 2018-04-11 12:58:56 UTC ( 1 year ago )
Last submission 2018-04-11 14:46:50 UTC ( 1 year ago )
File names 9DF5A12AAD42C50F533FACDC66BD9416B015983F2623A3B292EE5CC315FA7068
toofartyless.exe
da.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications