× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fd59ba40c26b3161642d5ebb85796b4262e5d5aa5d1e5eceb919b52a8f9b00e
File name: output.114882368.txt
Detection ratio: 52 / 71
Analysis date: 2019-01-12 06:04:54 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190111
Ad-Aware Trojan.GenericKD.31454746 20190112
AhnLab-V3 Trojan/Win32.Ransom.C2905952 20190111
ALYac Trojan.Ransom.Shade 20190112
Antiy-AVL Trojan/Win32.Fsysna 20190111
Arcabit Trojan.Generic.D1DFF61A 20190112
Avast Win32:Malware-gen 20190112
AVG Win32:Malware-gen 20190112
BitDefender Trojan.GenericKD.31454746 20190112
Bkav HW32.Packed. 20190108
CAT-QuickHeal Trojan.Troldesh 20190111
Comodo Malware@#1uz6knr0xq6j6 20190112
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cybereason malicious.c685f7 20190109
Cylance Unsafe 20190112
DrWeb Trojan.Encoder.26818 20190112
Emsisoft Trojan-Ransom.Shade (A) 20190112
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Filecoder.ED 20190112
F-Secure Trojan.GenericKD.31454746 20190111
Fortinet W32/Kryptik.GJCI!tr 20190112
GData Trojan.GenericKD.31454746 20190112
Ikarus Trojan-Ransom.Crypted007 20190112
Sophos ML heuristic 20181128
Jiangmin Trojan.Shade.ph 20190112
K7AntiVirus Trojan ( 004b39e91 ) 20190111
K7GW Trojan ( 004b39e91 ) 20190112
Kaspersky Trojan.Win32.Fsysna.ezbr 20190112
Malwarebytes Ransom.Troldesh 20190112
MAX malware (ai score=99) 20190112
McAfee GenericRXGT-GC!7F9D970C685F 20190112
McAfee-GW-Edition GenericRXGT-GC!7F9D970C685F 20190112
Microsoft Trojan:Win32/Skeeyah.A!bit 20190112
eScan Trojan.GenericKD.31454746 20190112
NANO-Antivirus Trojan.Win32.Fsysna.flpkef 20190112
Palo Alto Networks (Known Signatures) generic.ml 20190112
Panda Trj/GdSda.A 20190111
Qihoo-360 Win32/Trojan.69d 20190112
Rising Ransom.Troldesh!8.5D1 (CLOUD) 20190112
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Troj/Ransom-FDW 20190112
Symantec Ransom.Troldesh 20190112
Tencent Win32.Trojan.Fsysna.Iphb 20190112
Trapmine malicious.high.ml.score 20190103
TrendMicro TROJ_FRS.0NA103LS18 20190112
TrendMicro-HouseCall TROJ_FRS.0NA103LS18 20190112
VBA32 BScope.TrojanPSW.Papras 20190111
VIPRE Trojan.Win32.Generic!BT 20190111
ViRobot Trojan.Win32.Ransom.1077512 20190111
Webroot W32.Trojan.GenKD 20190112
Zillya Trojan.Fsysna.Win32.16771 20190111
ZoneAlarm by Check Point Trojan.Win32.Fsysna.ezbr 20190112
AegisLab 20190112
Alibaba 20180921
Avast-Mobile 20190111
Avira (no cloud) 20190112
Babable 20180918
Baidu 20190111
ClamAV 20190112
CMC 20190111
Cyren 20190112
eGambit 20190112
F-Prot 20190112
Kingsoft 20190112
SUPERAntiSpyware 20190109
TACHYON 20190112
TheHacker 20190106
TotalDefense 20190111
Trustlook 20190112
Yandex 20190111
Zoner 20190112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 10:27 AM 3/22/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-27 03:30:13
Entry Point 0x00002BA0
Number of sections 3
PE sections
Overlays
MD5 4cc37b3e2e1c858537f38b13212d0bc0
File type data
Offset 1074176
Size 3336
Entropy 7.34
PE imports
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExW
GetUserNameA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
CreateToolbarEx
InitCommonControlsEx
SelectObject
GetGlyphOutline
GetStockObject
GetTextMetricsA
Polyline
EndPath
FillPath
BeginPath
DeleteObject
CreateMetaFileW
GetStdHandle
WaitForSingleObject
HeapDestroy
GetTapeParameters
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
EnumTimeFormatsA
GetCPInfo
LoadLibraryW
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetThreadPriority
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
EnumDateFormatsA
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
DeleteFileA
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileA
lstrcpyA
CompareStringA
FindNextFileA
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
lstrlenA
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
RaiseException
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
FreeResource
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ExtractIconA
SHQueryRecycleBinW
ExtractAssociatedIconExW
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHLoadNonloadedIconOverlayIdentifiers
ShellExecuteExA
DuplicateIcon
ShellExecuteEx
ExtractIconEx
SHEmptyRecycleBinA
SHGetFileInfoW
SHGetIconOverlayIndexW
SHGetSpecialFolderPathA
ExtractAssociatedIconA
SHCreateProcessAsUserW
SHGetSpecialFolderPathW
SHGetDataFromIDListW
SHAddToRecentDocs
ExtractIconExA
SHGetFileInfo
DragQueryPoint
SHGetSpecialFolderLocation
ShellExecuteA
DoEnvironmentSubstW
StrStrA
StrCmpNW
StrStrIA
StrRChrW
StrChrIA
StrRStrIW
ChangeDisplaySettingsW
GetForegroundWindow
DestroyMenu
PostQuitMessage
SetWindowPos
GetClipboardViewer
IsWindow
DispatchMessageA
ScreenToClient
GetKeyboardLayoutNameA
VkKeyScanA
GetDC
GetCursorPos
ReleaseDC
GetMenu
SendMessageA
GetClientRect
GetDlgItemTextW
GetWindowTextLengthA
CharToOemW
GetWindowTextA
ChangeDisplaySettingsA
DestroyWindow
GetMessageA
DdeDisconnectList
UpdateWindow
EqualRect
GetUserObjectInformationA
ShowWindow
DlgDirListComboBoxA
EnableWindow
CharUpperW
GetDlgItemTextA
CharToOemBuffW
IsCharAlphaA
TranslateMessage
GetWindow
CharUpperA
ActivateKeyboardLayout
GetIconInfo
LoadStringA
GetMenuItemRect
CharLowerA
GetWindowPlacement
MapVirtualKeyExA
InvalidateRgn
EnableMenuItem
RegisterClassA
OpenDesktopA
GetWindowLongA
CreateWindowExA
UnhookWinEvent
IsDialogMessageW
GetSysColorBrush
CreateWindowExW
EndPaint
GetWindowInfo
IsDialogMessageA
SetFocus
SendNotifyMessageA
DrawEdge
DdeAddData
BeginPaint
KillTimer
DefWindowProcA
ToAsciiEx
GetClipboardData
GetSystemMetrics
GetWindowRect
EnumDisplayDevicesW
PostMessageA
CharLowerW
SetWindowLongA
InvalidateRect
SetWindowTextA
CheckMenuItem
GetSubMenu
SetTimer
ClientToScreen
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
GetMenuState
SetForegroundWindow
LoadMenuA
CreateDialogIndirectParamA
MessageBeep
RemoveMenu
BeginDeferWindowPos
MoveWindow
MessageBoxA
GetClassNameA
GetSysColor
IsWindowVisible
MonitorFromRect
wsprintfA
IsCharUpperA
CloseDesktop
CallWindowProcA
IsCharUpperW
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemRealloc
CoCreateInstance
StgOpenStorage
CoFreeUnusedLibraries
CLSIDFromProgID
CoRegisterClassObject
StgCreateDocfile
CoGetMalloc
CoTaskMemFree
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:27 04:30:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
11776

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x2ba0

InitializedDataSize
1061376

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 7f9d970c685f7f33aa8a961f2a10173d
SHA1 11f93876dba467125556c04a85c19f4b93ed5e4c
SHA256 9fd59ba40c26b3161642d5ebb85796b4262e5d5aa5d1e5eceb919b52a8f9b00e
ssdeep
12288:3i94bywx1Dj5+h7ZCn0P5T7lHDbIi9dszYjN5HbPiLsptcyx7tbFEujtgw:3Hx13SZW0x5j5dsYnHeYpuyx7tx/tgw

authentihash f7948176fe05c53745e1dfcfd316df35d3bf7e47a0315a938511840367ebb217
imphash a641a3a252ba41dde68c38fe5682820f
File size 1.0 MB ( 1077512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-27 03:49:40 UTC ( 3 months, 3 weeks ago )
Last submission 2019-03-21 18:53:10 UTC ( 1 month ago )
File names output.114636648.txt
output.114800140.txt
2018-12-27-malware-for-shade-ransomware-infection-1-of-2.exe
csrss.exe
output.114812865.txt
output.114882368.txt
output.114801094.txt
output.114822014.txt
sserv.jpg.1
output.114882744.txt
output.114794822.txt
ransomware.aa.exe.milo
output.114812997.txt
sserv.jpg
csrss.exe
rad3A45D.tmp
output.114791054.txt
output.114727702.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened mutexes
Runtime DLLs
TCP connections