× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b89fee7d10792377e5e356dc648ff4c38b0d0952f0e585d99a058a1a8044c8f1
File name: 14062521
Detection ratio: 32 / 67
Analysis date: 2018-09-10 23:52:54 UTC ( 8 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Crypt.Delf.F.huW@aW9Sizc 20180910
AegisLab W32.W.Dorifel.moev 20180910
AhnLab-V3 Malware/Win32.Generic.C2622462 20180910
ALYac Gen:Trojan.Crypt.Delf.F.huW@aW9Sizc 20180910
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20180911
Arcabit Trojan.Crypt.Delf.F.EDE8E3 20180910
Avira (no cloud) TR/Crypt.XPACK.Gen 20180910
BitDefender Gen:Trojan.Crypt.Delf.F.huW@aW9Sizc 20180910
ClamAV Win.Ransomware.Delf-6651871-0 20180910
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20180911
DrWeb Trojan.PWS.Stealer.24300 20180910
Emsisoft Gen:Trojan.Crypt.Delf.F.huW@aW9Sizc (B) 20180910
ESET-NOD32 a variant of Win32/PSW.Delf.OSF 20180910
Fortinet W32/Delf.OSF!tr 20180910
GData Gen:Trojan.Crypt.Delf.F.huW@aW9Sizc 20180910
Sophos ML heuristic 20180717
K7AntiVirus Password-Stealer ( 0052f96e1 ) 20180910
K7GW Password-Stealer ( 0052f96e1 ) 20180910
Kaspersky Trojan-Ransom.Win32.Blocker.lckf 20180910
Malwarebytes Trojan.PasswordStealer 20180910
MAX malware (ai score=88) 20180911
McAfee GenericRXGI-KI!A19431DA725D 20180910
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20180910
eScan Gen:Trojan.Crypt.Delf.F.huW@aW9Sizc 20180910
NANO-Antivirus Trojan.Win32.Stealer.fflqpr 20180910
Panda Trj/GdSda.A 20180910
Sophos AV Troj/PWS-CJJ 20180910
Symantec ML.Attribute.HighConfidence 20180910
VBA32 suspected of Trojan.Downloader.gen.h 20180910
Webroot W32.Trojan.Gen 20180911
ZoneAlarm by Check Point Trojan-Ransom.Win32.Blocker.lckf 20180910
Alibaba 20180713
Avast 20180915
Avast-Mobile 20180910
AVG 20180915
AVware 20180915
Babable 20180907
Baidu 20180914
Bkav 20180906
CAT-QuickHeal 20180909
CMC 20180910
Comodo 20180910
Cybereason 20180225
Cyren 20180910
eGambit 20180911
Endgame 20180730
F-Prot 20180910
F-Secure 20180915
Jiangmin 20180910
Kingsoft 20180911
Microsoft 20180915
Palo Alto Networks (Known Signatures) 20180911
Qihoo-360 20180911
Rising 20180915
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TACHYON 20180910
Tencent 20180911
TheHacker 20180907
TotalDefense 20180910
TrendMicro 20180910
TrendMicro-HouseCall 20180910
Trustlook 20180911
VIPRE 20180915
ViRobot 20180910
Yandex 20180910
Zillya 20180914
Zoner 20180910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001A1F8
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
FreeSid
DeleteDC
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
EnterCriticalSection
GetSystemInfo
FreeLibrary
QueryPerformanceCounter
ExitProcess
GetThreadLocale
GlobalUnlock
GetModuleFileNameA
RtlUnwind
LoadLibraryA
CopyFileW
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
FindClose
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
CreateDirectoryW
GetCommandLineA
GlobalLock
RaiseException
WideCharToMultiByte
GetModuleHandleA
FindNextFileW
WriteFile
GetCurrentProcess
DeleteFileW
FindFirstFileW
GetCurrentThreadId
LocalFree
InitializeCriticalSection
VirtualFree
GetFileAttributesW
Sleep
GetTickCount
GetVersion
GetProcAddress
VirtualAlloc
GetCurrentProcessId
LeaveCriticalSection
CoCreateInstance
OleInitialize
SysReAllocStringLen
SysFreeString
SysAllocStringLen
ReleaseDC
GetSystemMetrics
CharToOemBuffA
CharNextA
MessageBoxA
GetKeyboardType
GetDC
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
103424

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x1a1f8

InitializedDataSize
10752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a19431da725d7b5f2390eddc25759c82
SHA1 d528a36a741c28ea021e5ffc525be3a715233171
SHA256 b89fee7d10792377e5e356dc648ff4c38b0d0952f0e585d99a058a1a8044c8f1
ssdeep
3072:tuOSXpMx7ZAlHsbfUkolNGti7lfqeSxM3SpyEYnE/paxg/:Zzx7ZApszolIo7lf/ipT/w

authentihash 92e954d44dce9a419fd6ee832ef7abcdc9b4de8d1d60f6704d5b0c00415b0b4d
imphash 6d1f2b41411eacafcf447fc002d8cb00
File size 112.5 KB ( 115200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
bobsoft peexe

VirusTotal metadata
First submission 2018-09-10 23:52:54 UTC ( 8 months, 2 weeks ago )
Last submission 2018-10-01 01:10:30 UTC ( 7 months, 3 weeks ago )
File names lami.exe
lami.exe
lami.exe
output.114035454.txt
14062521
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications