× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a56b8f24157905e0fc3bddb182bf253b9f1cca48082a2398b0652bbdceb879c0
File name: a56b8f24157905e0fc3bddb182bf253b9f1cca48082a2398b0652bbdceb879c0
Detection ratio: 41 / 68
Analysis date: 2017-12-30 01:38:50 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.453333 20171225
AegisLab Troj.Banker.W32!c 20171229
AhnLab-V3 Trojan/Win32.Jimmy.R216389 20171229
ALYac Gen:Variant.Strictor.154330 20171229
Arcabit Trojan.Strictor.D25ADA 20171230
Avast FileRepMalware 20171230
AVG FileRepMalware 20171230
Avira (no cloud) TR/Crypt.Xpack.nsotx 20171229
AVware Trojan.Win32.Generic!BT 20171229
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9971 20171227
BitDefender Gen:Variant.Strictor.154330 20171229
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20171016
Cylance Unsafe 20171230
Cyren W32/Trojan.GYFJ-1790 20171230
Emsisoft Gen:Variant.Strictor.154330 (B) 20171230
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GAYB 20171230
F-Secure Gen:Variant.Strictor.154330 20171230
Fortinet W32/Kryptik.GASG!tr.ransom 20171229
GData Gen:Variant.Strictor.154330 20171229
Sophos ML heuristic 20170914
Jiangmin Trojan.Banker.Jimmy.cp 20171229
K7AntiVirus Trojan ( 005217f01 ) 20171229
K7GW Trojan ( 005217f01 ) 20171229
Kaspersky Trojan-Banker.Win32.Jimmy.nl 20171230
Malwarebytes Trojan.MalPack 20171230
MAX malware (ai score=99) 20171230
McAfee Artemis!A8FC63347D51 20171230
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dc 20171230
eScan Gen:Variant.Strictor.154330 20171229
Palo Alto Networks (Known Signatures) generic.ml 20171230
Panda Trj/CI.A 20171229
Qihoo-360 Win32/Trojan.1c8 20171230
Rising Trojan.Kryptik!8.8 (TFE:5:XLaM5fO0lpV) 20171230
Sophos AV Mal/Generic-S 20171229
Symantec Ransom.CryptXXX 20171229
TrendMicro TROJ_GEN.R004C0OLT17 20171230
TrendMicro-HouseCall TROJ_GEN.R004C0OLT17 20171230
VIPRE Trojan.Win32.Generic!BT 20171230
Webroot W32.Trojan.Gen 20171230
ZoneAlarm by Check Point Trojan-Banker.Win32.Jimmy.nl 20171230
Alibaba 20171229
Antiy-AVL 20171229
Avast-Mobile 20171229
Bkav 20171229
CAT-QuickHeal 20171229
ClamAV 20171229
CMC 20171229
Comodo 20171229
Cybereason 20171103
DrWeb 20171230
eGambit 20171230
F-Prot 20171229
Ikarus 20171229
Kingsoft 20171230
Microsoft 20171230
NANO-Antivirus 20171230
nProtect 20171229
SentinelOne (Static ML) 20171224
SUPERAntiSpyware 20171229
Symantec Mobile Insight 20171230
Tencent 20171230
TheHacker 20171229
TotalDefense 20171229
Trustlook 20171230
VBA32 20171229
ViRobot 20171229
WhiteArmor 20171226
Yandex 20171229
Zillya 20171229
Zoner 20171230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, ertyerytyetr

Internal name hrtoeruy.exe
File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-24 03:00:13
Entry Point 0x000030A7
Number of sections 5
PE sections
PE imports
GetUserNameA
InitiateSystemShutdownA
CloseEventLog
GetSecurityDescriptorControl
LookupPrivilegeNameA
GetNativeSystemInfo
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
AreFileApisANSI
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
SetProcessShutdownParameters
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
HeapAlloc
SetProcessWorkingSetSize
GetStartupInfoW
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LCMapStringW
lstrcatA
WriteConsoleW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
IsProcessorFeaturePresent
SetProcessAffinityMask
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
TlsGetValue
Sleep
GetFileType
ReadConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
SetLastError
LeaveCriticalSection
TransparentBlt
AlphaBlend
Number of PE resources by type
RT_STRING 4
RT_ICON 2
MJBPOPOXML 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH UK 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1182720

EntryPoint
0x30a7

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2017:12:24 04:00:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hrtoeruy.exe

ProductVersion
1.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, ertyerytyetr

MachineType
Intel 386 or later, and compatibles

CodeSize
74240

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a8fc63347d519576f32b5d3f23d93873
SHA1 6432f424b05a71c66d383c8486668e0acf546ca3
SHA256 a56b8f24157905e0fc3bddb182bf253b9f1cca48082a2398b0652bbdceb879c0
ssdeep
3072:gGvgkV9EIwosdFW+axiaF+phH/uoRv1i3V+DYnpA4cs5QafgWslS3n:g2ZwPrWG3p1P1Q+DYi2+Y3n

authentihash dfc8d7b88d903002525226b018dc2450538f3f808643e0f82276219c0d7bee1f
imphash 742c7a52a19c3b8710a404d173dfe91b
File size 211.0 KB ( 216064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-29 21:33:46 UTC ( 1 year, 3 months ago )
Last submission 2017-12-30 01:38:50 UTC ( 1 year, 3 months ago )
File names 1032-6432f424b05a71c66d383c8486668e0acf546ca3
hrtoeruy.exe
a8fc63347d519576f32b5d3f23d93873.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs