× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f64f26bcd792c9a21b9ba68bb69c2393fe197be4402f56beb7da67d3764ed3d
File name: clouf
Detection ratio: 54 / 65
Analysis date: 2017-08-04 21:33:47 UTC ( 9 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.AXU 20170804
AegisLab Troj.Ransom.W32.Locky!c 20170804
AhnLab-V3 Win-Trojan/Lockycrypt.Gen 20170804
ALYac Trojan.Ransom.AXU 20170804
Antiy-AVL Trojan/Win32.TSGeneric 20170804
Arcabit Trojan.Ransom.AXU 20170804
Avast Win32:Evo-gen [Susp] 20170804
AVG Win32:Evo-gen [Susp] 20170804
Avira (no cloud) TR/Crypt.Xpack.wfqi 20170804
AVware Trojan.Win32.Generic.pak!cobra 20170804
Baidu Win32.Trojan.Kryptik.als 20170804
BitDefender Trojan.Ransom.AXU 20170804
CAT-QuickHeal Ransomware.Locky.WR5 20170804
ClamAV Win.Ransomware.Locky-31470 20170804
Comodo TrojWare.Win32.TrojanDownloader.Nymaim.DZW 20170804
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170710
Cylance Unsafe 20170804
Cyren W32/Locky.VHIK-8396 20170804
DrWeb Trojan.Packed2.38485 20170804
Emsisoft Trojan.Ransom.AXU (B) 20170804
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/Kryptik.FCCT 20170804
F-Prot W32/Locky.JE 20170804
F-Secure Trojan.Ransom.AXU 20170804
Fortinet W32/Kryptik.FCCT!tr 20170804
GData Trojan.Ransom.AXU 20170804
Ikarus Trojan-Ransom.Locky 20170804
Sophos ML heuristic 20170607
K7AntiVirus Trojan ( 004f42381 ) 20170804
K7GW Trojan ( 004f42381 ) 20170804
Kaspersky Trojan-Ransom.Win32.Locky.anl 20170804
Malwarebytes Ransom.Locky 20170804
MAX malware (ai score=85) 20170804
McAfee GenericRXAC-UP!192D209218CD 20170804
McAfee-GW-Edition GenericRXAC-UP!192D209218CD 20170804
Microsoft Ransom:Win32/Locky 20170804
eScan Trojan.Ransom.AXU 20170804
NANO-Antivirus Trojan.Win32.Packed2.efjwab 20170804
Palo Alto Networks (Known Signatures) generic.ml 20170804
Panda Trj/Genetic.gen 20170804
Qihoo-360 Win32/Trojan.Ransom.a7e 20170804
Rising Malware.XPACK-HIE/Heur!1.9C48 (cloud:sNXV2ISj3lG) 20170804
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Troj/Locky-FC 20170804
SUPERAntiSpyware Ransom.Locky/Variant 20170804
Symantec Trojan.Gen 20170804
Tencent Win32.Trojan.Locky.Dxdl 20170804
TrendMicro Ransom_LOCKY.DLXFL 20170804
TrendMicro-HouseCall Ransom_LOCKY.DLXFL 20170804
VIPRE Trojan.Win32.Generic.pak!cobra 20170804
Webroot W32.Trojan.Gen 20170804
Yandex Trojan.Locky! 20170801
Zillya Trojan.AgentGen.Win32.62 20170804
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.anl 20170804
Alibaba 20170804
Bkav 20170804
CMC 20170804
Jiangmin 20170804
Kingsoft 20170804
nProtect 20170804
Symantec Mobile Insight 20170804
TheHacker 20170804
TotalDefense 20170804
Trustlook 20170804
VBA32 20170803
ViRobot 20170804
WhiteArmor 20170731
Zoner 20170804
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2009

Product clouf Module
Original name clouf.exe
Internal name clouf
File version 1, 5, 2, 2
Description clouf
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-12 09:24:19
Entry Point 0x0000A943
Number of sections 5
PE sections
PE imports
RegOpenKeyA
RegCloseKey
CryptAcquireContextA
RegSetValueExW
CryptGenRandom
RegOpenKeyExW
CryptReleaseContext
RegQueryValueExW
CreatePatternBrush
SetBrushOrgEx
DeleteDC
CreateFontIndirectW
SetBkMode
CreatePen
GetStockObject
AbortPath
SelectObject
SetTextColor
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
Rectangle
CheckColorsInGamut
GetStdHandle
GetConsoleOutputCP
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
InterlockedDecrement
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
lstrcmpA
GetTimeFormatA
GetComputerNameA
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
CancelWaitableTimer
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
VirtualFree
Sleep
VirtualAlloc
CompareStringA
CommandLineToArgvW
RedrawWindow
DrawTextExW
EndDialog
PostQuitMessage
GetMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
GetWindowRect
EnableWindow
CharUpperW
DialogBoxParamW
GetWindowDC
TranslateMessage
IsWindowEnabled
GetDlgItemTextW
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
SendMessageW
DrawFocusRect
IsWindowVisible
SendMessageA
SetWindowTextW
GetDlgItem
DrawTextW
ScreenToClient
wsprintfA
CallWindowProcW
IsDialogMessageW
GetClientRect
GetKeyboardLayout
GetFocus
GetDC
SetForegroundWindow
GetWindowInfo
PlaySoundA
_except_handler3
malloc
_CIsin
free
exit
_CIcos
_exit
__set_app_type
_wtoi
CoInitialize
Ord(8)
OleUIBusyW
Number of PE resources by type
RT_ICON 6
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
44544

ImageVersion
0.0

ProductName
clouf Module

FileVersionNumber
1.5.2.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
clouf.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 5, 2, 2

TimeStamp
2016:07:12 10:24:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
clouf

ProductVersion
1, 5, 2, 2

FileDescription
clouf

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2009

MachineType
Intel 386 or later, and compatibles

CompanyName
Siber Systems

CodeSize
102400

FileSubtype
0

ProductVersionNumber
1.5.2.2

EntryPoint
0xa943

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 192d209218cde7106829c793ac611a30
SHA1 bbce52744e871f779aa46a68a05489524f246ad2
SHA256 9f64f26bcd792c9a21b9ba68bb69c2393fe197be4402f56beb7da67d3764ed3d
ssdeep
3072:HYPmIxcitqb0apEPBxrkKTMoDYls6X20zd6Qw4:HpY0jpEnrRMESV

authentihash ddb1ce3786bb5090d7852ec7269de06eb608d5b7569305570c650d6f97dea4a9
imphash c0fa7893099d1953c1b3bea0d66744af
File size 136.5 KB ( 139776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-12 13:33:42 UTC ( 1 year, 10 months ago )
Last submission 2017-08-04 21:33:47 UTC ( 9 months, 3 weeks ago )
File names 6b8b7c1b11255f0b9da645bd3809b17b37cfa644818a49b8c347a1857e5357ef~
5Pj5Pne25Uv7.exe
2016-07-12_9f64f26bcd792c9a21b9ba68bb69c2393fe197be4402f56beb7da67d3764ed3d
clouf
0ttyR4ET9BxiI.exe
clouf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications