× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: add83875d5ce31aa82246d011690b65a6b67df09c3a06b96ee712e177f17122e
File name: abfa334d8753c2f493f4a5224a725389
Detection ratio: 44 / 65
Analysis date: 2018-05-23 18:41:16 UTC ( 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.44061 20180523
AhnLab-V3 Trojan/Win32.RansomCrypt.C2525719 20180523
ALYac Trojan.GenericKDZ.44061 20180523
Antiy-AVL Trojan/Win32.TSGeneric 20180523
Arcabit Trojan.Generic.DAC1D 20180523
Avast Win32:Malware-gen 20180523
AVG Win32:Malware-gen 20180523
Avira (no cloud) TR/Crypt.Xpack.hhasj 20180523
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9972 20180523
BitDefender Trojan.GenericKDZ.44061 20180523
Comodo TrojWare.Win32.TrojanDownloader.Upatre.CS 20180523
Cylance Unsafe 20180523
Cyren W32/S-8db29010!Eldorado 20180523
DrWeb Trojan.MulDrop8.23494 20180523
Emsisoft Trojan.GenericKDZ.44061 (B) 20180523
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GGVD 20180523
F-Prot W32/S-8db29010!Eldorado 20180523
F-Secure Trojan.GenericKDZ.44061 20180523
Fortinet W32/Kryptik.GFHY!tr 20180523
GData Trojan.GenericKDZ.44061 20180523
Ikarus Trojan.Win32.Crypt 20180523
Sophos ML heuristic 20180503
Jiangmin Trojan.GandCrypt.cz 20180523
Kaspersky Trojan-Spy.Win32.Panda.azh 20180523
MAX malware (ai score=87) 20180523
McAfee Packed-FCW!ABFA334D8753 20180523
McAfee-GW-Edition BehavesLike.Win32.Skintrim.dh 20180523
Microsoft Trojan:Win32/Gandcrab.AF 20180523
eScan Trojan.GenericKDZ.44061 20180523
NANO-Antivirus Trojan.Win32.Filecoder.fcbakk 20180523
Palo Alto Networks (Known Signatures) generic.ml 20180523
Panda Trj/Genetic.gen 20180523
Qihoo-360 HEUR/QVM10.1.5BE1.Malware.Gen 20180523
Sophos AV Mal/GandCrab-B 20180523
Symantec Packed.Generic.525 20180523
Tencent Win32.Trojan-spy.Panda.Lrio 20180523
TrendMicro TROJ_GEN.R020C0OEH18 20180523
TrendMicro-HouseCall Ransom_GANDCRAB.SMALY-5 20180523
VBA32 TrojanRansom.GandCrypt 20180523
Webroot W32.Trojan.Gen 20180523
Yandex Trojan.GenKryptik! 20180522
Zillya Trojan.GandCrypt.Win32.180 20180523
ZoneAlarm by Check Point Trojan-Spy.Win32.Panda.azh 20180523
AegisLab 20180523
Alibaba 20180523
Avast-Mobile 20180523
AVware 20180523
Babable 20180406
Bkav 20180523
CAT-QuickHeal 20180523
ClamAV 20180521
CMC 20180523
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180523
K7AntiVirus 20180523
K7GW 20180523
Kingsoft 20180523
nProtect 20180523
Rising 20180523
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180523
Symantec Mobile Insight 20180522
TheHacker 20180516
TotalDefense 20180522
Trustlook 20180523
VIPRE 20180523
ViRobot 20180523
Zoner 20180522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-17 04:29:49
Entry Point 0x0000512D
Number of sections 5
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnumSystemLocalesA
AddConsoleAliasA
GetLocaleInfoA
GetConsoleMode
HeapSize
GetCurrentProcessId
GetUserDefaultLCID
GetCommandLineW
GetCurrentProcess
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
GetCPInfo
GetProcAddress
GetStringTypeA
GetFileType
ExitProcess
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
RaiseException
WideCharToMultiByte
TlsFree
SetFilePointer
GetConsoleOutputCP
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
PulseEvent
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetThreadPriority
QueryPerformanceCounter
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
GetEnvironmentStringsW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
CreateFileA
GetCurrentThreadId
PrepareTape
FindFirstVolumeMountPointA
VirtualAlloc
GetStartupInfoA
WriteConsoleW
InterlockedIncrement
GetWindowTextLengthA
GetMenuInfo
DeleteMenu
GetWindow
CreateCursor
DrawCaption
Number of PE resources by type
RT_STRING 34
RT_ICON 6
RT_BITMAP 2
WIFYBBXHKA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 44
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:17 05:29:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
85504

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x512d

InitializedDataSize
7955456

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 abfa334d8753c2f493f4a5224a725389
SHA1 6d1e39f9341db392ac93bbdb0d7d122bd2d47d5f
SHA256 add83875d5ce31aa82246d011690b65a6b67df09c3a06b96ee712e177f17122e
ssdeep
3072:boYHOiLGpQy08gjSK5rWVjNqhEYX9/aSCJm7Km+/RQDPsuz5nbF:0Y1LGGbwUoquwtjCs7KBSPsudb

authentihash 6635d5daf42dbd01b09628a84f87567f63f53d086ddf9ef3a218d91f13e68a44
imphash 507fbd6a46fa69b91ade5bc6ccb14947
File size 288.5 KB ( 295424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-23 18:41:16 UTC ( 9 months ago )
Last submission 2018-05-23 18:41:16 UTC ( 9 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs