| SHA256: | b8a5251001731d31844b55c76cd8dcbafd0ec263848f29c9a5eb69b00b1ecbdd |
| File name: | 2015-09-03-Troldesh.A-Ransomware.exe |
| Detection ratio: | 34 / 56 |
| Analysis date: | 2015-09-06 19:01:14 UTC ( 1 year, 10 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | Gen:Variant.Zusy.160328 | 20150906 |
| Yandex | Trojan.Fsysna! | 20150906 |
| ALYac | Gen:Variant.Kazy.722205 | 20150906 |
| Antiy-AVL | Trojan/Win32.Fsysna | 20150906 |
| Arcabit | Trojan.Kazy.DB051D | 20150905 |
| Avast | Win32:Malware-gen | 20150906 |
| AVG | Inject3.DVK | 20150906 |
| Avira (no cloud) | TR/AD.Troldesh.Y.17 | 20150906 |
| Baidu-International | Trojan.Win32.Fsysna.cgqg | 20150906 |
| BitDefender | Gen:Variant.Zusy.160328 | 20150906 |
| Bkav | HW32.Packed.D157 | 20150905 |
| ByteHero | Virus.Win32.Heur.p | 20150906 |
| Cyren | W32/Trojan.AKDN-4096 | 20150906 |
| DrWeb | Trojan.Inject2.2589 | 20150906 |
| Emsisoft | Gen:Variant.Zusy.160328 (B) | 20150906 |
| ESET-NOD32 | a variant of Win32/Injector.CIBY | 20150906 |
| F-Secure | Gen:Variant.Kazy.722205 | 20150905 |
| Fortinet | W32/Fsysna.CGQG!tr | 20150906 |
| GData | Gen:Variant.Zusy.160328 | 20150906 |
| Ikarus | Trojan.Win32.Injector | 20150906 |
| Kaspersky | Trojan.Win32.Fsysna.cgqg | 20150906 |
| Malwarebytes | Trojan.Injector.VX | 20150906 |
| McAfee | Artemis!12540390C920 | 20150906 |
| McAfee-GW-Edition | BehavesLike.Win32.BadFile.cc | 20150906 |
| Microsoft | Ransom:Win32/Troldesh.A | 20150906 |
| eScan | Gen:Variant.Zusy.160328 | 20150906 |
| NANO-Antivirus | Trojan.Win32.Fsysna.dwnqex | 20150906 |
| Panda | Trj/Genetic.gen | 20150906 |
| Qihoo-360 | HEUR/QVM41.2.Malware.Gen | 20150906 |
| Sophos AV | Mal/Generic-S | 20150906 |
| Symantec | Infostealer.Limitail | 20150906 |
| Tencent | Win32.Trojan.Kazy.Dvps | 20150906 |
| TrendMicro | TROJ_GEN.R00JC0DI615 | 20150906 |
| VIPRE | Trojan.Win32.Generic!BT | 20150906 |
| AegisLab | 20150906 | |
| AhnLab-V3 | 20150906 | |
| Alibaba | 20150902 | |
| AVware | 20150901 | |
| CAT-QuickHeal | 20150905 | |
| ClamAV | 20150906 | |
| CMC | 20150902 | |
| Comodo | 20150906 | |
| F-Prot | 20150906 | |
| Jiangmin | 20150905 | |
| K7AntiVirus | 20150906 | |
| K7GW | 20150906 | |
| Kingsoft | 20150906 | |
| nProtect | 20150904 | |
| Rising | 20150906 | |
| SUPERAntiSpyware | 20150905 | |
| TheHacker | 20150904 | |
| TrendMicro-HouseCall | 20150906 | |
| VBA32 | 20150905 | |
| ViRobot | 20150906 | |
| Zillya | 20150905 | |
| Zoner | 20150906 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
FileVersionInfo properties
Product Ceripokertop
Original name Stab.exe
Internal name Stab
File version 5.11.0052
Description fflash game Sign in. Forgot Your Password? Practice an Online Assessment · Learn More about CERT. View a Video Overview. System Requirements · Contact Us.
Comments Sign in. Forgot Your Password? Practice an Online Assessment · Learn More about CERT. View a Video Overview. System Requirements · Contact Us.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-03 14:35:43
Entry Point 0x00001108
Number of sections 3
PE sections
Overlays
MD5 2d05bcafe66c05e69b4abb82739751af
File type data
Offset 61440
Size 806428
Entropy 8.00
PE imports
Number of PE resources by type
Struct(0) 3
RT_STRING 1
59 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
TELUGU DEFAULT 1
ENGLISH US 1
NORWEGIAN NYNORSK 1
PE resources
ExifTool file metadata
LegalTrademarks
Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.
SubsystemVersion
4.0
Comments
Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.
LinkerVersion
6.0
ImageVersion
5.11
FileSubtype
0
FileVersionNumber
5.11.0.52
LanguageCode
English (U.S.)
FileFlagsMask
0x0000
FileDescription
fflash game Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.
CharacterSet
Unicode
InitializedDataSize
16384
EntryPoint
0x1108
Tagh
ame Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.
OriginalFileName
Stab.exe
MIMEType
application/octet-stream
FileVersion
5.11.0052
TimeStamp
2015:09:03 15:35:43+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
Stab
ProductVersion
5.11.0052
UninitializedDataSize
0
OSVersion
4.0
FileOS
Win32
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CodeSize
45056
ProductName
Ceripokertop
ProductVersionNumber
5.11.0.52
FileTypeExtension
exe
ObjectFileType
Executable application
File identification
MD5 12540390c920357fbd40b1c0a36c702b
SHA1 1dde64f57d63891d4ffba90c93dc3f9503461151
SHA256 b8a5251001731d31844b55c76cd8dcbafd0ec263848f29c9a5eb69b00b1ecbdd
ssdeep
12288:nnnV+AduTc7zQCnPCg/IMZdvu4btJSOqQqcFGkFJ5vII02L3q/pQdjP0qpGuQQU:luYzQQPVDuKJSOdGkFb49IcqohD
File size
847.5 KB ( 867868 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
Win32 Executable Microsoft Visual Basic 6 (90.5%) Win32 Executable (generic) (4.9%) Generic Win/DOS Executable (2.2%) DOS Executable Generic (2.2%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
Tags
peexe
overlay
VirusTotal metadata
First submission
2015-09-04 15:46:03 UTC ( 1 year, 10 months ago )
Last submission
2015-10-27 08:55:33 UTC ( 1 year, 8 months ago )
| File names |
Stab.exe 2015-09-03-Troldesh.A-Ransomware.exe Stab HTTP-F9xRtBu3ZbiHuTK79.exe crn.exe |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!