× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a116850c789d42bcc00f3338ca155690faed30a377bb06ca1919ab9bda1585a7
File name: http___drommtoinononcechangerrer.info_af_uhgGYFYB.decoded
Detection ratio: 9 / 65
Analysis date: 2017-08-29 09:38:00 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9858 20170829
Cylance Unsafe 20170829
Endgame malicious (high confidence) 20170821
Sophos ML heuristic 20170822
Malwarebytes Ransom.Locky 20170829
Rising Ransom.Locky!8.1CD4 (tfe:2:R0Fp2BxNnOB) 20170829
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170829
WhiteArmor Malware.HighConfidence 20170829
Ad-Aware 20170829
AegisLab 20170829
AhnLab-V3 20170829
Alibaba 20170829
ALYac 20170828
Antiy-AVL 20170829
Arcabit 20170829
Avast 20170829
AVG 20170829
Avira (no cloud) 20170829
AVware 20170829
BitDefender 20170829
Bkav 20170829
CAT-QuickHeal 20170829
ClamAV 20170829
CMC 20170828
Comodo 20170829
CrowdStrike Falcon (ML) 20170804
Cyren 20170829
DrWeb 20170829
Emsisoft 20170829
ESET-NOD32 20170829
F-Prot 20170829
F-Secure 20170829
Fortinet 20170829
GData 20170829
Ikarus 20170829
Jiangmin 20170829
K7AntiVirus 20170829
K7GW 20170828
Kaspersky 20170829
Kingsoft 20170829
MAX 20170829
McAfee 20170826
McAfee-GW-Edition 20170828
Microsoft 20170829
eScan 20170829
NANO-Antivirus 20170829
nProtect 20170829
Palo Alto Networks (Known Signatures) 20170829
Panda 20170828
Qihoo-360 20170829
Sophos AV 20170829
SUPERAntiSpyware 20170829
Symantec Mobile Insight 20170829
Tencent 20170829
TheHacker 20170828
TotalDefense 20170829
TrendMicro 20170829
TrendMicro-HouseCall 20170829
Trustlook 20170829
VBA32 20170829
VIPRE 20170829
ViRobot 20170829
Webroot 20170829
Yandex 20170828
Zillya 20170828
ZoneAlarm by Check Point 20170829
Zoner 20170829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-02 01:03:03
Entry Point 0x0000CA87
Number of sections 4
PE sections
PE imports
CMP_Report_LogOn
CM_Add_Range
CM_Add_Empty_Log_Conf
CM_Add_IDA
DowngradeAPL
SetSetupSave
Ctl3dEnabled
Ctl3dCtlColor
WaitForSingleObject
GetModuleFileNameA
CreateNamedPipeA
LoadLibraryA
GetLocalTime
GetPriorityClass
GetPrivateProfileStringA
OpenProcess
CreateDirectoryA
GetCommandLineW
SetErrorMode
GetConsoleTitleA
GetProcAddress
FindResourceExA
SetEnvironmentVariableW
GetModuleHandleA
FindNextFileW
GlobalAddAtomA
CreateSemaphoreW
CreateFileMappingA
FindFirstFileW
CreateProcessA
GetLogicalDriveStringsA
FindClose
InterlockedDecrement
FormatMessageA
GetEnvironmentVariableW
CPDeriveKey
CPDecrypt
StrChrW
SHBrowseForFolderW
DllGetVersion
DragQueryFileA
DllUnregisterServer
SHCreateDirectoryExA
SHEmptyRecycleBinA
SHGetFolderPathA
ExtractIconW
Shell_NotifyIconA
PathCompactPathW
UrlGetPartW
PathCombineA
UrlCombineA
UrlIsA
UrlIsNoHistoryW
UrlUnescapeW
UrlEscapeW
UrlHashA
UrlCreateFromPathW
PathCommonPrefixW
UrlGetLocationA
PathIsRootW
UrlCompareW
wsprintfA
MessageBoxW
LoadIconA
GetClassLongW
CharToOemW
LoadBitmapW
IsCharLowerA
PeekMessageA
IsDialogMessageA
InsertMenuW
DrawStateA
DialogBoxParamA
PostMessageW
DispatchMessageW
Number of PE resources by type
IKQ 5
OPS 1
Number of PE resources by language
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:03:02 02:03:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56832

LinkerVersion
12.0

EntryPoint
0xca87

InitializedDataSize
25088

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 bb22627d43ea795b163bd7c5d3fa3d3a
SHA1 c8cde8575873d379bcdb2aa18fa5e436a5fe1f93
SHA256 a116850c789d42bcc00f3338ca155690faed30a377bb06ca1919ab9bda1585a7
ssdeep
12288:Vi5s9KyozLn1sCdRT20pTXjuESOr7UduRnkNvdbKOinjc4JrFcX:Viqc/1HTPrZH2uR+vJHiXB

authentihash c769be3f4044b6446243d4d53c86633662aa6cc5db5c2ab7936458327eac2179
imphash 72f2a60cc7680bc03c785be0fe605126
File size 604.5 KB ( 619008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-29 09:38:00 UTC ( 1 year, 5 months ago )
Last submission 2017-09-27 21:55:52 UTC ( 1 year, 4 months ago )
File names http___drommtoinononcechangerrer.info_af_uhgGYFYB.decoded
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!