× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: ac6da4890150e2037a5913623557ab759b62d0ee9206ec0bacac318523afbc53
File name: TnipmOahC.exe
Detection ratio: 22 / 63
Analysis date: 2017-09-21 09:07:31 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AegisLab Ransom.Cerber.Smaly0!c 20170921
Avast FileRepMalware 20170921
AVG FileRepMalware 20170921
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9986 20170921
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170921
Endgame malicious (high confidence) 20170821
Fortinet W32/Kryptik.FWSD!tr.ransom 20170921
Ikarus Win32.Outbreak 20170920
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20170921
McAfee Ransomware-GFS!149D63EFD957 20170921
Palo Alto Networks (Known Signatures) generic.ml 20170921
Qihoo-360 HEUR/QVM19.1.FDA8.Malware.Gen 20170921
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170921
Symantec ML.Attribute.HighConfidence 20170921
TrendMicro Ransom_CERBER.SMALY0 20170921
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170921
Webroot W32.Trojan.Gen 20170921
WhiteArmor Malware.HighConfidence 20170829
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170921
Ad-Aware 20170921
AhnLab-V3 20170921
Alibaba 20170911
ALYac 20170921
Antiy-AVL 20170921
Arcabit 20170921
Avast-Mobile 20170921
Avira (no cloud) 20170921
AVware 20170921
BitDefender 20170921
CAT-QuickHeal 20170921
ClamAV 20170921
CMC 20170920
Comodo 20170921
Cyren 20170921
DrWeb 20170921
Emsisoft 20170921
ESET-NOD32 20170921
F-Prot 20170921
F-Secure 20170921
GData 20170921
Jiangmin 20170921
K7AntiVirus 20170921
K7GW 20170921
Kingsoft 20170921
Malwarebytes 20170921
MAX 20170921
McAfee-GW-Edition 20170921
Microsoft 20170921
eScan 20170921
NANO-Antivirus 20170921
nProtect 20170921
Panda 20170920
SUPERAntiSpyware 20170921
Symantec Mobile Insight 20170921
Tencent 20170921
TheHacker 20170916
Trustlook 20170921
VBA32 20170920
VIPRE 20170921
ViRobot 20170921
Yandex 20170908
Zillya 20170920
Zoner 20170921
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-25 09:43:35
Entry Point 0x0000933C
Number of sections 4
PE sections
PE imports
[+] ctl3d32.dll
Ctl3dRegister
Ctl3dGetVer
Ctl3dUnregister
Ctl3dEnabled
Ctl3dCtlColor
[+] kernel32.dll
WaitForSingleObject
EncodePointer
lstrcmpiW
DeleteFileA
LoadLibraryA
GetCurrentDirectoryW
OpenProcess
CreateDirectoryA
GetCommandLineW
GetProcAddress
GetPrivateProfileStringW
CreateWaitableTimerW
FindResourceExA
GetModuleHandleA
lstrcpy
InterlockedExchange
CreateSemaphoreW
GetComputerNameExW
GlobalAddAtomA
FormatMessageW
WriteConsoleA
CreateProcessW
GetLogicalDriveStringsW
GetFileAttributesW
IsBadStringPtrA
CreateFileA
GetTickCount
[+] user32.dll
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
DrawStateA
GetClassLongA
PeekMessageA
IsDialogMessageA
InsertMenuW
DialogBoxParamA
GetDlgItemTextW
CharUpperA
GetPropA
LoadBitmapA
DispatchMessageW
Number of PE resources by type
TRED 5
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:03:25 10:43:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50688

LinkerVersion
5.12

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x933c

InitializedDataSize
27648

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 149d63efd95781f3d3a07b838d14f04e
SHA1 0f4ca32e004dbbf7c3e485b3ccd6ed1adac7fb65
SHA256 ac6da4890150e2037a5913623557ab759b62d0ee9206ec0bacac318523afbc53
ssdeep
12288:vZUKtcrqJRsbGFVrAD4x2UfI3y1hxjO6Q4bnn5n3Tr0G:btnr33rAD4AUfIiN3bn5n3

authentihash 695a5ff601b47281810309c2f9c9e11beff495a308061208e393245b1a596d01
imphash b3938c0c3a6c8064aeb1302016bf6d1a
File size 599.5 KB ( 613888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-21 08:39:31 UTC ( 1 year, 7 months ago )
Last submission 2018-05-22 08:48:04 UTC ( 11 months ago )
File names IUGiwe8.exe
IUGiwe8
ac6da4890150e2037a5913623557ab759b62d0ee9206ec0bacac318523afbc53.bin_used
locky ransomware
nVtcNP.exe
TnipmOahC.exe
ac6da4890150e2037a5913623557ab759b62d0ee9206ec0bacac318523afbc53
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Blog | Twitter | Contact us | ToS | Privacy policy