× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: b8a5251001731d31844b55c76cd8dcbafd0ec263848f29c9a5eb69b00b1ecbdd
File name: 2015-09-03-Troldesh.A-Ransomware.exe
Detection ratio: 34 / 56
Analysis date: 2015-09-06 19:01:14 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.160328 20150906
Yandex Trojan.Fsysna! 20150906
ALYac Gen:Variant.Kazy.722205 20150906
Antiy-AVL Trojan/Win32.Fsysna 20150906
Arcabit Trojan.Kazy.DB051D 20150905
Avast Win32:Malware-gen 20150906
AVG Inject3.DVK 20150906
Avira (no cloud) TR/AD.Troldesh.Y.17 20150906
Baidu-International Trojan.Win32.Fsysna.cgqg 20150906
BitDefender Gen:Variant.Zusy.160328 20150906
Bkav HW32.Packed.D157 20150905
ByteHero Virus.Win32.Heur.p 20150906
Cyren W32/Trojan.AKDN-4096 20150906
DrWeb Trojan.Inject2.2589 20150906
Emsisoft Gen:Variant.Zusy.160328 (B) 20150906
ESET-NOD32 a variant of Win32/Injector.CIBY 20150906
F-Secure Gen:Variant.Kazy.722205 20150905
Fortinet W32/Fsysna.CGQG!tr 20150906
GData Gen:Variant.Zusy.160328 20150906
Ikarus Trojan.Win32.Injector 20150906
Kaspersky Trojan.Win32.Fsysna.cgqg 20150906
Malwarebytes Trojan.Injector.VX 20150906
McAfee Artemis!12540390C920 20150906
McAfee-GW-Edition BehavesLike.Win32.BadFile.cc 20150906
Microsoft Ransom:Win32/Troldesh.A 20150906
eScan Gen:Variant.Zusy.160328 20150906
NANO-Antivirus Trojan.Win32.Fsysna.dwnqex 20150906
Panda Trj/Genetic.gen 20150906
Qihoo-360 HEUR/QVM41.2.Malware.Gen 20150906
Sophos AV Mal/Generic-S 20150906
Symantec Infostealer.Limitail 20150906
Tencent Win32.Trojan.Kazy.Dvps 20150906
TrendMicro TROJ_GEN.R00JC0DI615 20150906
VIPRE Trojan.Win32.Generic!BT 20150906
AegisLab 20150906
AhnLab-V3 20150906
Alibaba 20150902
AVware 20150901
CAT-QuickHeal 20150905
ClamAV 20150906
CMC 20150902
Comodo 20150906
F-Prot 20150906
Jiangmin 20150905
K7AntiVirus 20150906
K7GW 20150906
Kingsoft 20150906
nProtect 20150904
Rising 20150906
SUPERAntiSpyware 20150905
TheHacker 20150904
TrendMicro-HouseCall 20150906
VBA32 20150905
ViRobot 20150906
Zillya 20150905
Zoner 20150906
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Ceripokertop
Original name Stab.exe
Internal name Stab
File version 5.11.0052
Description fflash game Sign in. Forgot Your Password? Practice an Online Assessment · Learn More about CERT. View a Video Overview. System Requirements · Contact Us.
Comments Sign in. Forgot Your Password? Practice an Online Assessment · Learn More about CERT. View a Video Overview. System Requirements · Contact Us.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-03 14:35:43
Entry Point 0x00001108
Number of sections 3
PE sections
Overlays
MD5 2d05bcafe66c05e69b4abb82739751af
File type data
Offset 61440
Size 806428
Entropy 8.00
PE imports
[+] MSVBVM60.DLL
EVENT_SINK_QueryInterface
Ord(689)
Ord(537)
Ord(570)
Ord(595)
Ord(685)
Ord(607)
Ord(525)
EVENT_SINK_AddRef
Ord(717)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(608)
Ord(100)
ProcCallEngine
Ord(690)
EVENT_SINK_Release
Ord(616)
Ord(617)
Ord(581)
Ord(631)
Ord(619)
Ord(563)
Number of PE resources by type
Struct(0) 3
RT_STRING 1
59 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
TELUGU DEFAULT 1
ENGLISH US 1
NORWEGIAN NYNORSK 1
PE resources
ExifTool file metadata
LegalTrademarks
Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.

SubsystemVersion
4.0

Comments
Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.

LinkerVersion
6.0

ImageVersion
5.11

FileSubtype
0

FileVersionNumber
5.11.0.52

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
fflash game Sign in. Forgot Your Password? Practice an Online Assessment Learn More about CERT. View a Video Overview. System Requirements Contact Us.

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x1108

OriginalFileName
Stab.exe

MIMEType
application/octet-stream

FileVersion
5.11.0052

TimeStamp
2015:09:03 15:35:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Stab

ProductVersion
5.11.0052

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
45056

ProductName
Ceripokertop

ProductVersionNumber
5.11.0.52

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 12540390c920357fbd40b1c0a36c702b
SHA1 1dde64f57d63891d4ffba90c93dc3f9503461151
SHA256 b8a5251001731d31844b55c76cd8dcbafd0ec263848f29c9a5eb69b00b1ecbdd
ssdeep
12288:nnnV+AduTc7zQCnPCg/IMZdvu4btJSOqQqcFGkFJ5vII02L3q/pQdjP0qpGuQQU:luYzQQPVDuKJSOdGkFb49IcqohD

authentihash 5149cbfa3e54e1a06345144fcad6c696079deeb52228657122292536d1307dd6
imphash 70404cfeb3a0b6bcf20a9d0e065bb479
File size 847.5 KB ( 867868 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-04 15:46:03 UTC ( 2 years ago )
Last submission 2017-08-16 17:12:48 UTC ( 1 month ago )
File names Stab.exe
2015-09-03-Troldesh.A-Ransomware.exe
HTTP-F9xRtBu3ZbiHuTK79.exe
crn.exe
b8a5251001731d31844b55c76cd8dcbafd0ec263848f29c9a5eb69b00b1ecbdd.bin
Stab
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | | Google groups | ToS | Privacy policy