× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b250b06ca762d83e6ef5b7cf0607af2f0f7a67a73998893567e519e08658c608
File name: 6dc2e05336f29ee3808ba1ae17996fb5.vir
Detection ratio: 52 / 64
Analysis date: 2018-05-26 01:33:53 UTC ( 6 hours, 20 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.RanSerKD.12186890 20180525
AegisLab Ransom.Cerber.Smaly0!c 20180525
AhnLab-V3 Win-Trojan/Lukitus3.Exp 20180525
ALYac Trojan.Ransom.LockyCrypt 20180525
Antiy-AVL Trojan[Ransom]/Win32.Locky 20180525
Avast Win32:Malware-gen 20180525
AVG Win32:Malware-gen 20180525
Avira (no cloud) TR/Crypt.Xpack.hopuw 20180525
AVware Trojan.Win32.Generic!BT 20180525
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180525
CAT-QuickHeal Ransom.Locky.S1374630 20180525
ClamAV Win.Ransomware.Locky-6335674-3 20180525
Comodo UnclassifiedMalware 20180525
Cylance Unsafe 20180526
Cyren W32/Locky.BX.gen!Eldorado 20180525
DrWeb Trojan.Encoder.13570 20180525
Emsisoft Trojan.RanSerKD.12186890 (B) 20180525
Endgame malicious (high confidence) 20180507
ESET-NOD32 Win32/Filecoder.Locky.L 20180525
F-Prot W32/Locky.BX.gen!Eldorado 20180525
Fortinet W32/GenKryptik.APXF!tr 20180525
Ikarus Trojan-Ransom.Locky 20180525
Sophos ML heuristic 20180504
Jiangmin Trojan.Locky.djp 20180525
K7AntiVirus Trojan ( 00515aa21 ) 20180525
K7GW Trojan ( 00515aa21 ) 20180525
Kaspersky HEUR:Trojan.Win32.Generic 20180525
Malwarebytes Ransom.Locky 20180525
MAX malware (ai score=100) 20180526
McAfee RDN/Generic.hbg 20180524
McAfee-GW-Edition BehavesLike.Win32.Ransomware.jc 20180525
Microsoft Ransom:Win32/Locky.A 20180525
eScan Trojan.RanSerKD.12186890 20180525
NANO-Antivirus Trojan.Win32.Upatre.esboyc 20180525
nProtect Ransom/W32.Locky.673280.P 20180525
Palo Alto Networks (Known Signatures) generic.ml 20180526
Panda Trj/Genetic.gen 20180525
Qihoo-360 Trojan.Generic 20180526
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Locky-AAE 20180525
Symantec Ransom.Locky.B 20180525
Tencent Win32.Trojan.Raasj.Auto 20180526
TheHacker Trojan/Filecoder.Locky.l 20180524
TrendMicro Ransom_LOCKY.AJR 20180525
TrendMicro-HouseCall Ransom_LOCKY.AJR 20180525
VBA32 Trojan.FakeAV.01657 20180525
VIPRE Trojan.Win32.Generic!BT 20180525
ViRobot Trojan.Win32.Locky.673280.C 20180525
Webroot W32.Trojan.Gen 20180526
Yandex Trojan.Locky! 20180524
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180525
Alibaba 20180525
Arcabit 20180525
Avast-Mobile 20180525
BitDefender 20180525
Bkav 20180525
CMC 20180525
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180526
GData 20180525
Kingsoft 20180526
Rising 20180525
SUPERAntiSpyware 20180525
Symantec Mobile Insight 20180525
TotalDefense 20180525
Trustlook 20180526
Zoner 20180525
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-26 14:06:56
Entry Point 0x0000287C
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegUnLoadKeyA
RegReplaceKeyA
RegOpenKeyA
RegDeleteValueW
ClearEventLogA
RegSaveKeyW
ReadEventLogW
RegCreateKeyExA
OpenEventLogW
RegEnumKeyA
IsTextUnicode
CryptSignHashA
CoCreateActivity
RecycleSurrogate
CoEnterServiceDomain
OpenMutexA
CreateWaitableTimerW
WaitNamedPipeW
MoveFileExW
GetCurrentProcessId
OpenEventW
WaitForSingleObject
DeleteFileA
LoadLibraryExW
FindNextFileA
GetCommandLineA
LoadLibraryA
GetProcessHeap
GetProcAddress
InterlockedIncrement
SHGetFileInfoA
ShellMessageBoxW
FindExecutableA
DragQueryFileW
SHChangeNotify
StrStrA
ShellAboutW
SHGetFolderPathA
ExtractIconW
SHGetMalloc
DragFinish
PathCompactPathW
UrlGetPartW
PathCommonPrefixW
UrlIsNoHistoryW
UrlIsOpaqueW
UrlGetLocationW
UrlUnescapeW
UrlIsW
PathIsURLW
UrlHashA
PathStripPathA
UrlEscapeA
PathCombineW
UrlCompareW
Recover
Extend
Number of PE resources by type
TEX 5
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:26 15:06:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50688

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
621568

SubsystemVersion
5.1

EntryPoint
0x287c

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 6dc2e05336f29ee3808ba1ae17996fb5
SHA1 c46227bc787245a94dbc60eb09dbab30f7254648
SHA256 b250b06ca762d83e6ef5b7cf0607af2f0f7a67a73998893567e519e08658c608
ssdeep
12288:3WuSgr+MOb1q1XLxri2rD5psqW3721gunLHCM0qCnjrBD:3WnMOb1qlxrTrD5Q3FuLiZD

authentihash 6f66b31b8f5fdf08985c613dd5860d59402d51d283a2f04f2ab6f1f522227639
imphash a4ea82985b4425e5c12f327b98ae76dc
File size 657.5 KB ( 673280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-21 21:55:46 UTC ( 9 months, 1 week ago )
Last submission 2018-05-26 01:33:53 UTC ( 6 hours, 20 minutes ago )
File names BcpYyNr2.exe
ersfy65[1].3724.dr
6dc2e05336f29ee3808ba1ae17996fb5.vir
ersfy65[1].2068.dr
VirusShare_6dc2e05336f29ee3808ba1ae17996fb5
ersfy65[1].2992.dr
KuoMpXKua2.exe
6aa6e017-1352-4c27-bc96-592d2ec2f64d.tmp
yuXnQxGtodF2.exe
EnhpRQFqUdm2.exe
6dc2e05336f29ee3808ba1ae17996fb5_exe
KakhEBYho2.exe
ersfy65
wvnXpB3.exe
6aa6e017-1352-4c27-bc96-592d2ec2f64d.tmp
gggjms2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications