× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8c4a89f2dd8c43f29f336cbd9af2a1cee3f9309c54de20ac86730feb127f667
File name: da.exe
Detection ratio: 17 / 67
Analysis date: 2018-04-10 11:48:18 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.GandCrab.Gen.2 20180410
ALYac Trojan.Ransom.GandCrab.Gen.2 20180410
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180410
BitDefender Trojan.Ransom.GandCrab.Gen.2 20180410
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Cylance Unsafe 20180410
Emsisoft Trojan.Ransom.GandCrab.Gen.2 (B) 20180410
F-Secure Trojan.Ransom.GandCrab.Gen.2 20180410
Fortinet W32/Kryptik.GFBW!tr 20180410
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 003e58dd1 ) 20180409
K7GW Trojan ( 003e58dd1 ) 20180410
MAX malware (ai score=86) 20180410
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20180410
eScan Trojan.Ransom.GandCrab.Gen.2 20180410
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180410
AegisLab 20180410
AhnLab-V3 20180410
Alibaba 20180410
Antiy-AVL 20180410
Arcabit 20180410
Avast 20180410
Avast-Mobile 20180410
AVG 20180410
Avira (no cloud) 20180410
AVware 20180410
Bkav 20180409
CAT-QuickHeal 20180409
ClamAV 20180410
CMC 20180409
Comodo 20180410
Cybereason None
Cyren 20180410
DrWeb 20180410
eGambit 20180410
Endgame 20180403
ESET-NOD32 20180410
F-Prot 20180410
GData 20180410
Ikarus 20180410
Jiangmin 20180410
Kaspersky 20180410
Kingsoft 20180410
Malwarebytes 20180410
McAfee 20180410
Microsoft 20180410
NANO-Antivirus 20180410
nProtect 20180410
Palo Alto Networks (Known Signatures) 20180410
Panda 20180409
Qihoo-360 20180410
Rising 20180410
Sophos AV 20180410
SUPERAntiSpyware 20180410
Symantec Mobile Insight 20180406
Tencent 20180410
TheHacker 20180410
TotalDefense 20180410
TrendMicro 20180410
TrendMicro-HouseCall 20180410
Trustlook 20180410
VBA32 20180409
VIPRE 20180410
ViRobot 20180410
Webroot 20180410
WhiteArmor 20180408
Yandex 20180408
Zillya 20180409
ZoneAlarm by Check Point 20180410
Zoner 20180410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-10 06:37:59
Entry Point 0x000017FC
Number of sections 5
PE sections
Overlays
MD5 62e8758daf7df8d4d97f245c529b54a5
File type ASCII text
Offset 301056
Size 8
Entropy 2.50
PE imports
BitBlt
GetStdHandle
HeapDestroy
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
MapViewOfFileEx
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
LoadLibraryW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InterlockedDecrement
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
HeapSetInformation
EnumSystemLocalesA
GetPrivateProfileStringA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
GlobalAddAtomW
EraseTape
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FillConsoleOutputCharacterA
MoveFileWithProgressW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
CreateDirectoryA
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
CompareStringW
IsValidLocale
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetTapeStatus
AssignProcessToJobObject
GetEnvironmentStringsW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
GetCPInfoExA
HeapSize
GetConsoleTitleA
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
TransparentBlt
DdeSetQualityOfService
CreateIconFromResourceEx
CreateMenu
PeekMessageW
DdeImpersonateClient
LoadMenuA
GetUpdateRgn
CharUpperBuffA
SendMessageA
GetClientRect
MapVirtualKeyA
EnumPropsW
LookupIconIdFromDirectoryEx
GetCaretPos
DeferWindowPos
DeviceCapabilitiesA
Number of PE resources by type
RT_BITMAP 6
RT_ICON 2
TCBU 1
RT_MANIFEST 1
VUXAMOGOPOCUYUHONELOGIDU 1
HUCUMOVUPEHUZOZALIZE 1
CEWIZILAVALITE 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:10 08:37:59+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
112640

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x17fc

InitializedDataSize
80176640

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
PCAP parents
File identification
MD5 8a45b0941ec2af89bfd9ed33dae2053f
SHA1 df275da629e64fd659af0b4dfa7297b8a110dc14
SHA256 a8c4a89f2dd8c43f29f336cbd9af2a1cee3f9309c54de20ac86730feb127f667
ssdeep
6144:v5iuaoj4JIhiHfpfNOdON0IMBC+D6revH/QKd/bAUiiiiiZiNiiOiijiviiTaISt:v5iuaoRhiHR1OYN0BYx6fQKlfSt

authentihash 697aef6dbccfa3c380882af604315064d773c24999e8f0c2d4a41d23e015b141
imphash 870d2757c439d893ec12b86252246c39
File size 294.0 KB ( 301064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (44.9%)
Win64 Executable (generic) (39.8%)
Win32 Executable (generic) (6.4%)
OS/2 Executable (generic) (2.9%)
Generic Win/DOS Executable (2.8%)
Tags
peexe nxdomain overlay

VirusTotal metadata
First submission 2018-04-10 11:48:18 UTC ( 1 year ago )
Last submission 2018-05-21 11:21:44 UTC ( 11 months ago )
File names bKKc.exe
2018-04-10-Gandcrab-binary.exe
da.exe
a8c4a89f2dd8c43f29f336cbd9af2a1cee3f9309c54de20ac86730feb127f667.bin_used
a8c4a89f2dd8c43f29f336cbd9af2a1cee3f9309c54de20ac86730feb127f667
2018-04-10-Gandcrab.exe
2018-04-10-Gandcrab-binary.exe
a8c4a89f2dd8c43f29f336cbd9af2a1cee3f9309c54de20ac86730feb127f667.exe
a8c4a89f2dd8c43f29f336cbd9af2a1cee3f9309c54de20ac86730feb127f667._exe
8ac37528f51bddaad8a7c0c3ece7ce4d69ce809d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications