× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2e9025066f39a07b2bb4a85932c68f5b3da6a07bebb877aed1031c987ca16d3
File name: shtrina2.er_
Detection ratio: 51 / 65
Analysis date: 2018-01-22 19:16:40 UTC ( 11 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.BGP 20180122
AegisLab Ransom.Hplocky.Smjbb!c 20180122
AhnLab-V3 Trojan/Win32.Locky.R191630 20180122
ALYac Trojan.Ransom.BGP 20180122
Antiy-AVL Trojan/Win32.TSGeneric 20180122
Arcabit Trojan.Ransom.BGP 20180122
Avast FileRepMalware 20180122
AVG FileRepMalware 20180122
Avira (no cloud) TR/AD.Locky.pfsui 20180122
AVware Trojan.Win32.Generic!BT 20180122
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9986 20180122
BitDefender Trojan.Ransom.BGP 20180122
CAT-QuickHeal Trojan.Mauvaise.SL1 20180122
Comodo UnclassifiedMalware 20180122
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20171016
Cylance Unsafe 20180122
Cyren W32/Ransom.VUVC-5634 20180122
DrWeb Trojan.Encoder.3976 20180122
Emsisoft Trojan.Ransom.BGP (B) 20180122
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Filecoder.Locky.D 20180122
F-Secure Trojan.Ransom.BGP 20180122
GData Trojan.Ransom.BGP 20180122
Ikarus Trojan-Ransom.Locky 20180122
Jiangmin Trojan.Locky.cxl 20180122
K7AntiVirus Trojan ( 004f95121 ) 20180122
K7GW Trojan ( 004f95121 ) 20180122
Kaspersky Trojan-Ransom.Win32.Locky.wtu 20180122
Malwarebytes Ransom.Locky 20180122
MAX malware (ai score=83) 20180122
McAfee Ransom-FKQB!E93BBC2FEAF0 20180122
McAfee-GW-Edition Ransom-FKQB!E93BBC2FEAF0 20180122
Microsoft Ransom:Win32/Locky 20180122
eScan Trojan.Ransom.BGP 20180122
NANO-Antivirus Trojan.Win32.Locky.ejuwyq 20180122
nProtect Ransom/W32.Locky.286720.C 20180122
Palo Alto Networks (Known Signatures) generic.ml 20180122
Panda Trj/GdSda.A 20180122
Qihoo-360 HEUR/QVM40.1.EDC1.Malware.Gen 20180122
Rising Malware.Undefined!8.C (TFE:3:2Co5q9TwJvM) 20180122
Sophos AV Troj/Locky-YG 20180122
Symantec Ransom.Locky 20180122
Tencent Win32.Trojan.Raas.Auto 20180122
TrendMicro Ransom_HPLOCKY.SMJBB 20180122
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBB 20180122
VBA32 SScope.Malware-Cryptor.Filecoder 20180122
VIPRE Trojan.Win32.Generic!BT 20180122
Webroot W32.Ransomware.Locky 20180122
Yandex Trojan.Locky! 20180112
Zillya Trojan.Locky.Win32.2311 20180122
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.wtu 20180122
Alibaba 20180122
Avast-Mobile 20180122
Bkav 20180122
ClamAV 20180122
CMC 20180122
Cybereason None
eGambit 20180122
F-Prot 20180122
Fortinet 20180122
Sophos ML 20180121
Kingsoft 20180122
SentinelOne (Static ML) 20180115
SUPERAntiSpyware 20180122
Symantec Mobile Insight 20180122
TheHacker 20180119
Trustlook 20180122
ViRobot 20180122
Zoner 20180122
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-19 09:29:36
Entry Point 0x000020B0
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InterlockedCompareExchange
GetStringTypeA
GetCurrentThread
GetTimeZoneInformation
CompareStringW
WideCharToMultiByte
TlsFree
GetModuleHandleA
lstrcmpA
WriteFile
GetStartupInfoA
CompareStringA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
SetEnvironmentVariableA
TerminateProcess
LCMapStringA
GetEnvironmentVariableA
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
SHGetIconOverlayIndexA
PE exports
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:12:19 10:29:36+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
98304

LinkerVersion
7.1

EntryPoint
0x20b0

InitializedDataSize
184320

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 e93bbc2feaf005d85affbadc1abb39e9
SHA1 04827e632ebb060648b210683149fc2d0d729df2
SHA256 a2e9025066f39a07b2bb4a85932c68f5b3da6a07bebb877aed1031c987ca16d3
ssdeep
6144:yM94JRktdGu4oSPq3yP+P4jm6NNkImIHgbcPVJlmsBut:yM94JRktUuCq3y2P1twgbcPVnBu

authentihash 5a5107d240a44bd541f20d2435794e6eb23edb925e554641a83a59ba1a7efbe4
imphash c47f7c7bef690893c388839f7e3e2b28
File size 280.0 KB ( 286720 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
installshield pedll

VirusTotal metadata
First submission 2016-12-19 10:54:37 UTC ( 2 years ago )
Last submission 2018-01-22 19:16:40 UTC ( 11 months, 4 weeks ago )
File names shtrina2.er_
shtrina2.ero
unxord.malware
e93bbc2feaf005d85affbadc1abb39e9.exe
htrina2.ero
shtrina2.ero.564.dr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!