× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b39e77e64af49d04b685b4777ebf5ef7263faba0a21480a7e7e7ebcc0cc2ef0e
File name: 89f109b281ca7d39e780e7eb8447e7c4.exe
Detection ratio: 46 / 57
Analysis date: 2016-04-04 17:33:00 UTC ( 1 year, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.Locky.A 20160404
AegisLab AdWare.MSIL.DomaIQ 20160404
AhnLab-V3 Trojan/Win32.Locky 20160404
ALYac Trojan.Ransom.Locky.A 20160404
Antiy-AVL Trojan/Win32.TGeneric 20160404
Arcabit Trojan.Ransom.Locky.A 20160404
Avast Win32:Vundo-ADO [Trj] 20160404
AVG FileCryptor.HUX 20160404
Avira (no cloud) TR/Crypt.EPACK.25106 20160404
AVware Trojan.Win32.Generic!BT 20160404
Baidu Win32.Trojan.WisdomEyes.151026.9950.9994 20160404
BitDefender Trojan.Ransom.Locky.A 20160404
Bkav W32.Clodf25.Trojan.350a 20160404
CAT-QuickHeal Trojan.Lethic.MUE.B3 20160404
Comodo UnclassifiedMalware 20160404
Cyren W32/Ransom.XMQK-3102 20160404
DrWeb Trojan.DownLoader19.38965 20160404
Emsisoft Trojan.Ransom.Locky.A (B) 20160404
ESET-NOD32 Win32/Filecoder.Locky.A 20160404
F-Secure Trojan.Ransom.Locky.A 20160404
Fortinet W32/Locky.C!tr 20160404
GData Trojan.Ransom.Locky.A 20160404
Ikarus Trojan.Win32.Filecoder 20160404
Jiangmin Trojan.Locky.ak 20160404
K7AntiVirus Trojan ( 004dea2e1 ) 20160404
K7GW Trojan ( 004dea2e1 ) 20160404
Kaspersky Trojan-Ransom.Win32.Locky.bz 20160404
Malwarebytes Ransom.Locky 20160404
McAfee Generic.xo 20160404
McAfee-GW-Edition BehavesLike.Win32.ProcKill.dh 20160404
Microsoft Ransom:Win32/Locky 20160404
eScan Trojan.Ransom.Locky.A 20160404
NANO-Antivirus Trojan.Win32.Gootkit.eauazp 20160404
nProtect Trojan.Ransom.Locky.A 20160404
Panda Trj/GdSda.A 20160404
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160404
Sophos AV Troj/Locky-C 20160404
Symantec Trojan.Cryptolocker.N 20160331
Tencent Win32.Trojan.Filecoder.Eerh 20160404
TrendMicro Ransom_LOCKY.AF 20160404
TrendMicro-HouseCall Ransom_LOCKY.AF 20160404
VBA32 Hoax.Locky 20160404
VIPRE Trojan.Win32.Generic!BT 20160404
ViRobot Trojan.Win32.Z.Locky.212992[h] 20160404
Yandex Trojan.Locky! 20160316
Zillya Trojan.Locky.Win32.31 20160404
Alibaba 20160401
Baidu-International 20160404
ClamAV 20160402
CMC 20160404
F-Prot 20160404
Kingsoft 20160404
Rising 20160404
SUPERAntiSpyware 20160404
TheHacker 20160403
TotalDefense 20160404
Zoner 20160404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-29 18:45:54
Entry Point 0x00019CD4
Number of sections 3
PE sections
PE imports
RegDeleteKeyA
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
GetLengthSid
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryValueExW
CryptDestroyHash
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
VirtualAllocEx
InterlockedIncrement
LoadLibraryW
WaitForSingleObject
GetVersionExW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetFileType
GetLocaleInfoA
GetCurrentProcessId
SetHandleCount
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetUserDefaultLCID
InterlockedCompareExchange
EncodePointer
FatalAppExitA
ExitProcess
GetModuleHandleA
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
TlsSetValue
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
HeapDestroy
GetCurrentThread
FreeLibrary
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetCommandLineW
SetConsoleCtrlHandler
GetTickCount
GetCurrentThreadId
GetLocaleInfoW
SetLastError
LeaveCriticalSection
SHQueryInfoKeyA
DefWindowProcW
SetMenuItemInfoA
DestroyMenu
MessageBeep
SetWindowPos
SendMessageW
InflateRect
SetCapture
MoveWindow
ShowWindowAsync
AdjustWindowRectEx
GetCursorPos
ReleaseDC
DestroyIcon
UnregisterClassA
GetClientRect
ClientToScreen
DrawFocusRect
TrackPopupMenu
SetWindowTextW
PtInRect
GetMenuStringW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:02:29 19:45:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
180224

LinkerVersion
7.1

EntryPoint
0x19cd4

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 89f109b281ca7d39e780e7eb8447e7c4
SHA1 932ea8fd16f4c943731cb14e6a4777c3f7b40cff
SHA256 b39e77e64af49d04b685b4777ebf5ef7263faba0a21480a7e7e7ebcc0cc2ef0e
ssdeep
3072:e4LDCv9CY76EZ2tb/3xMYnxDSY5t44dayARiSXKg0cIsg4nU3iL6tPYtZ:lCvgY7Hk9/3vnFrddaDiKEvE

authentihash 1ce9a3efa33ce2550853eb7b0517d86118e234f2b12eaddf97638c8e819cfbd8
imphash bdb640f535f3e62d2f3a3a96bc0e3add
File size 208.0 KB ( 212992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-29 19:17:46 UTC ( 1 year, 8 months ago )
Last submission 2016-04-04 17:33:00 UTC ( 1 year, 7 months ago )
File names 89f109b281ca7d39e780e7eb8447e7c4.exe
7ygvtyvb7niim.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections