× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b7eeb0746b8e5df88c9937463db3f12a07ed3cf62ff720c6c91b8610080f2d9c
File name: b7eeb0746b8e5df88c9937463db3f12a07ed3cf62ff720c6c91b8610080f2d9c
Detection ratio: 49 / 66
Analysis date: 2018-05-10 08:25:23 UTC ( 1 week, 4 days ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.APG 20180510
AegisLab Troj.W32.Gen.mCYi 20180510
AhnLab-V3 Trojan/Win32.DMALocker.C1326450 20180510
ALYac Trojan.Ransom.DMALocker 20180510
Antiy-AVL Trojan/Win32.AGeneric 20180509
Arcabit Trojan.Ransom.APG 20180510
Avast Win32:Malware-gen 20180510
AVG Win32:Malware-gen 20180510
Avira (no cloud) TR/FileCoder.372224.1 20180510
AVware Trojan.Win32.Generic!BT 20180428
BitDefender Trojan.Ransom.APG 20180510
CAT-QuickHeal Ransom.DMALocker.A5 20180510
Cylance Unsafe 20180510
Cyren W32/Dmalocker.MQUK-8789 20180510
DrWeb Trojan.MulDrop6.23510 20180510
Emsisoft Trojan.Ransom.APG (B) 20180510
Endgame malicious (high confidence) 20180507
ESET-NOD32 Win32/Filecoder.DMALocker.C 20180510
F-Prot W32/Dmalocker.A 20180510
F-Secure Trojan:W32/DMALocker.A 20180510
Fortinet W32/Filecoder_DMALocker.C!tr 20180510
GData Win32.Trojan-Ransom.DMALocker.B 20180510
Ikarus Trojan.Win32.Filecoder 20180509
Jiangmin Trojan.Generic.nmqu 20180510
K7AntiVirus Trojan ( 004ddcc51 ) 20180510
K7GW Trojan ( 004ddcc51 ) 20180510
Kaspersky Trojan.Win32.Agent.iijn 20180510
MAX malware (ai score=84) 20180510
McAfee Generic.yc 20180510
McAfee-GW-Edition Generic.yc 20180510
Microsoft Ransom:Win32/DMALocker 20180510
eScan Trojan.Ransom.APG 20180510
NANO-Antivirus Trojan.Win32.Drop.efhceg 20180510
Palo Alto Networks (Known Signatures) generic.ml 20180510
Panda Trj/WLT.B 20180509
Qihoo-360 Win32/Trojan.e6d 20180510
Sophos AV Troj/Ransom-CEF 20180510
SUPERAntiSpyware Trojan.Agent/Gen 20180510
Symantec Ransom.DMALocker 20180510
Tencent Win32.Trojan.Raas.Auto 20180510
TrendMicro Ransom_MADLOCKER.SMLV 20180510
TrendMicro-HouseCall Ransom_MADLOCKER.SMLV 20180510
VIPRE Trojan.Win32.Generic!BT 20180510
ViRobot Trojan.Win32.Dmalocker.372224 20180510
Webroot W32.Trojan.DMALocker-1 20180510
Yandex Trojan.Agent!CGJ0q5lMcZs 20180508
Zillya Trojan.Filecoder.Win32.1957 20180508
ZoneAlarm by Check Point Trojan.Win32.Agent.iijn 20180510
Zoner Trojan.DMALocker 20180509
Alibaba 20180510
Avast-Mobile 20180509
Baidu 20180510
Bkav 20180509
ClamAV 20180510
CMC 20180509
Comodo 20180510
CrowdStrike Falcon (ML) 20180418
Cybereason None
eGambit 20180510
Sophos ML 20180503
Kingsoft 20180510
Malwarebytes 20180510
nProtect 20180510
Rising 20180510
SentinelOne (Static ML) 20180225
Symantec Mobile Insight 20180509
TheHacker 20180509
TotalDefense 20180510
Trustlook 20180510
VBA32 20180508
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-04 13:26:27
Entry Point 0x00005EB0
Number of sections 5
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
CryptEncrypt
RegOpenKeyExA
CryptDecrypt
CryptImportKey
GetOpenFileNameA
DeleteDC
SelectObject
CreateFontA
GetStockObject
CreateSolidBrush
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetFileInformationByHandle
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
QueryDosDeviceA
TlsGetValue
MoveFileW
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
SetHandleCount
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
Process32Next
DecodePointer
Process32First
GetStartupInfoW
WaitForMultipleObjects
GetProcessHeap
CompareStringW
FreeEnvironmentStringsW
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
GetMessageA
UpdateWindow
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
DispatchMessageA
EnableWindow
MessageBoxA
TranslateMessage
IsWindowEnabled
RegisterClassExA
SetWindowTextA
SendMessageA
GetClientRect
GetDlgItem
CreateWindowExA
LoadCursorA
LoadIconA
EndPaint
SetForegroundWindow
DestroyWindow
Number of PE resources by type
RT_BITMAP 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:02:04 14:26:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
66048

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
305152

SubsystemVersion
5.1

EntryPoint
0x5eb0

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 28b44669d6e7bc7ede7f5586a938b1cb
SHA1 8b5afcc257edb2e585fbe5ae9174921bbe51cffd
SHA256 b7eeb0746b8e5df88c9937463db3f12a07ed3cf62ff720c6c91b8610080f2d9c
ssdeep
1536:AzftsxFHmO27Ly2FI/JP9849Iw72CfM6OIQwvkacy3kFtLNm77aN3XJRvVpRKISK:ArtsxFH727IzIVC0bF0L3kFFNl

authentihash 442e5b73389d17ccdb82e1da84d4f10819933b3ee5882a0c7839870465ab4b49
imphash 60c60e385932eb7deab8393f965c06c0
File size 363.5 KB ( 372224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-08 11:47:20 UTC ( 2 years, 3 months ago )
Last submission 2018-05-10 08:25:23 UTC ( 1 week, 4 days ago )
File names DMALocker.exe
svchosd.exe
svchosd.exe
28b44669d6e7bc7ede7f5586a938b1cb.virus
Trojan.Infector.MVX,Win.Trojan.DMALocker.exe
b7eeb0746b8e5df88c9937463db3f12a07ed3cf62ff720c6c91b8610080f2d9c
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00JC0DBB16.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Moved files
Created processes
Opened mutexes
Runtime DLLs
UDP communications