× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0
File name: Lechiffre
Detection ratio: 46 / 56
Analysis date: 2017-02-08 03:38:39 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Generic.Ransom.LeChiffre.E84B2FBD 20170208
AegisLab Troj.Ransom.W32!c 20170208
AhnLab-V3 Trojan/Win32.LeChiffre.C1318202 20170207
ALYac Trojan.Ransom.LeChiffre 20170208
Antiy-AVL Trojan[Ransom]/Win32.Leshiy 20170208
Arcabit Generic.Ransom.LeChiffre.E84B2FBD 20170208
Avast Win32:Malware-gen 20170208
AVG Win32/DH{gmAkJQ?} 20170207
Avira (no cloud) TR/FileCoder.530944.2 20170207
AVware Trojan.Win32.Generic!BT 20170208
BitDefender Generic.Ransom.LeChiffre.E84B2FBD 20170208
CAT-QuickHeal Ransom.LeChiffre.A10 20170207
ClamAV Win.Trojan.LeChiffre-1 20170208
Comodo UnclassifiedMalware 20170208
CrowdStrike Falcon (ML) malicious_confidence_62% (W) 20170130
Cyren W32/Trojan.RWKO-6596 20170208
DrWeb Trojan.Encoder.814 20170208
Emsisoft Generic.Ransom.LeChiffre.E84B2FBD (B) 20170208
ESET-NOD32 Win32/Filecoder.DX 20170208
F-Secure Generic.Ransom.LeChiffre.E84B2FBD 20170207
Fortinet W32/Leshiy.A!tr 20170208
GData Generic.Ransom.LeChiffre.E84B2FBD 20170208
Ikarus Trojan.Win32.Filecoder 20170207
Invincea generic.a 20170203
Jiangmin Trojan.Leshiy.a 20170208
K7AntiVirus Trojan ( 7000000f1 ) 20170208
K7GW Trojan ( 7000000f1 ) 20170208
Kaspersky Trojan-Ransom.Win32.Leshiy.a 20170208
McAfee Artemis!4523CCFD191D 20170208
McAfee-GW-Edition BehavesLike.Win32.Dropper.hc 20170208
Microsoft Ransom:Win32/Lecrypt.A 20170208
eScan Generic.Ransom.LeChiffre.E84B2FBD 20170208
NANO-Antivirus Trojan.Win32.FileCoder.dzetqs 20170208
Panda Generic Suspicious 20170207
Qihoo-360 Win32/Trojan.Ransom.c5c 20170208
Rising Trojan.Generic-RYp1EzEeHTG (cloud) 20170207
Sophos Troj/Ransom-CCB 20170207
Symantec Ransom.LeChiffre 20170207
Tencent Win32.Trojan.Leshiy.Paln 20170208
TrendMicro Ransom_LecTool.A 20170208
TrendMicro-HouseCall Ransom_LecTool.A 20170208
VBA32 suspected of Trojan.Downloader.gen.h 20170207
VIPRE Trojan.Win32.Generic!BT 20170208
ViRobot Trojan.Win32.S.RansomTool.530944[h] 20170208
Yandex Trojan.Leshiy! 20170208
Zillya Trojan.Filecoder.Win32.1799 20170207
Alibaba 20170122
Baidu 20170207
CMC 20170207
F-Prot 20170208
Kingsoft 20170208
Malwarebytes 20170207
nProtect 20170208
SUPERAntiSpyware 20170208
TheHacker 20170205
TotalDefense 20170207
Trustlook 20170208
WhiteArmor 20170202
Zoner 20170208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-09 22:58:46
Entry Point 0x00158BB0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ImageList_Add
GetOpenFileNameW
WNetOpenEnumW
AlphaBlend
NetUserEnum
IsEqualGUID
VariantCopy
ShellExecuteW
VerQueryValueW
OpenPrinterW
inet_ntoa
Number of PE resources by type
RT_ICON 19
RT_STRING 18
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 4
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 21
RUSSIAN 20
ENGLISH US 15
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:01:09 23:58:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
413696

LinkerVersion
2.25

EntryPoint
0x158bb0

InitializedDataSize
118784

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
995328

Compressed bundles
File identification
MD5 4523ccfd191dcceeae8e884f82f5c7ad
SHA1 00107a6bdc9886e69425b7b0b761dcc8324946d3
SHA256 b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0
ssdeep
12288:uPenEoSpi011oQSnRxhmVacKcMxS8JWwEHD1T6hX5IGC2C:SJomi0GnbPcKcNcWwEj1T6hqm

authentihash c8501d1a70c537fb2e57fbe8de9b5e7d974686e6276cc85525e6455cc0ea08e9
imphash 76d43de7267ba2d0176f5d2768e1a06d
File size 518.5 KB ( 530944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.3%)
Win32 Executable (generic) (7.0%)
Win16/32 Executable Delphi generic (3.2%)
Generic Win/DOS Executable (3.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2015-12-10 00:42:49 UTC ( 1 year, 3 months ago )
Last submission 2016-04-06 07:11:54 UTC ( 11 months, 3 weeks ago )
File names b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0
4523ccfd191dcceeae8e884f82f5c7ad.virus
b7d9f11c166fa1a4ceef446dd9c8561c77115cb3ce4910a056dd6a361338a2b0.bin
Lechiffre
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Moved files
Deleted files
Created mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections