× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b960b8e1ff8974082cf18d1110ef41c70659812631709243b3cbe5eec486bed6
File name: iu8y7g6b
Detection ratio: 56 / 68
Analysis date: 2018-07-25 18:20:02 UTC ( 3 weeks, 2 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3101360 20180725
AegisLab Troj.Ransom.W32!c 20180725
AhnLab-V3 Win-Trojan/Lockycrypt.Gen 20180725
ALYac Trojan.Ransom.LockyCrypt 20180725
Antiy-AVL Trojan[Ransom]/Win32.Locky.gena 20180725
Arcabit Trojan.Generic.D2F52B0 20180725
Avast Win32:Locky-Q [Trj] 20180725
AVG Win32:Locky-Q [Trj] 20180725
Avira (no cloud) HEUR/AGEN.1000628 20180725
AVware Trojan.Win32.Generic!BT 20180725
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9984 20180725
BitDefender Trojan.GenericKD.3101360 20180725
CAT-QuickHeal Trojan.Locky 20180725
ClamAV Win.Ransomware.Locky-30725 20180725
Comodo UnclassifiedMalware 20180725
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.8fb74e 20180225
Cylance Unsafe 20180725
Cyren W32/Locky.G.gen!Eldorado 20180725
DrWeb Trojan.DownLoader19.38965 20180725
Emsisoft Trojan.GenericKD.3101360 (B) 20180725
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.EREH 20180725
F-Prot W32/Locky.G.gen!Eldorado 20180725
F-Secure Trojan.GenericKD.3101360 20180725
Fortinet W32/Kryptik.ERJK!tr 20180725
GData Win32.Trojan-Ransom.Locky.AD 20180725
Ikarus Trojan-Ransom.Locky 20180725
Sophos ML heuristic 20180717
Jiangmin Trojan.Locky.cj 20180725
K7AntiVirus Trojan ( 004e08351 ) 20180725
K7GW Trojan ( 004e08351 ) 20180725
Kaspersky Trojan-Ransom.Win32.Locky.fu 20180725
Malwarebytes Ransom.Locky 20180725
MAX malware (ai score=100) 20180725
McAfee Ransomware-FGD!C9723E28FB74 20180725
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20180725
Microsoft Ransom:Win32/Locky.A 20180725
eScan Trojan.GenericKD.3101360 20180725
NANO-Antivirus Trojan.Win32.Dwn.eazeyv 20180725
Palo Alto Networks (Known Signatures) generic.ml 20180725
Panda Trj/Genetic.gen 20180725
Qihoo-360 Win32/Trojan.c1c 20180725
Sophos AV Troj/Ransom-CZH 20180725
SUPERAntiSpyware Ransom.Locky/Variant 20180725
Symantec Ransom.TeslaCrypt 20180725
TACHYON Trojan/W32.Locky.210944.C 20180725
Tencent Trojan.Win32.Kryptik.b 20180725
TrendMicro Ransom_LOCKY.SMM 20180725
TrendMicro-HouseCall Ransom_LOCKY.SMM 20180725
VIPRE Trojan.Win32.Generic!BT 20180725
ViRobot Trojan.Win32.Locky.Gen.B 20180725
Webroot W32.Trojan.Gen 20180725
Yandex Trojan.Kryptik!Uzj3FZVbXYk 20180725
Zillya Trojan.CryptGen.Win32.3 20180725
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.fu 20180725
Alibaba 20180713
Avast-Mobile 20180725
Babable 20180725
Bkav 20180725
CMC 20180725
eGambit 20180725
Kingsoft 20180725
Rising 20180725
SentinelOne (Static ML) 20180701
TheHacker 20180723
TotalDefense 20180722
Trustlook 20180725
VBA32 20180725
Zoner 20180725
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-14 07:18:27
Entry Point 0x000104DB
Number of sections 5
PE sections
PE imports
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_SetBkColor
_TrackMouseEvent
CreatePropertySheetPageW
ImageList_Create
Ord(17)
PropertySheetW
ImageList_ReplaceIcon
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
CreatePolygonRgn
GetWindowExtEx
SetMapMode
TextOutW
SaveDC
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
CombineRgn
GetClipBox
GetDeviceCaps
DeleteDC
RestoreDC
SetPixel
PtInRegion
GetObjectW
BitBlt
CreateDIBSection
GetObjectA
ExtTextOutW
CreateBitmap
RectVisible
CreatePalette
SetBkColor
PtVisible
CreateCompatibleDC
CreateRectRgn
DeleteObject
SetDIBColorTable
GetTextColor
Polyline
DPtoLP
GetViewportExtEx
GetTextExtentPoint32W
SetRectRgn
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
HeapDestroy
GetFileAttributesW
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
FormatMessageW
SetWaitableTimer
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
GetFullPathNameW
GetCurrentThread
SetLastError
GetEnvironmentVariableA
CopyFileW
GetModuleFileNameW
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
RaiseException
OpenWaitableTimerA
EnumResourceLanguagesW
ActivateActCtx
GetVolumeInformationW
OpenWaitableTimerW
MultiByteToWideChar
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
SetFileAttributesW
SetUnhandledExceptionFilter
MulDiv
UnlockFile
SetEnvironmentVariableA
TerminateProcess
InterlockedDecrement
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalFindAtomW
GetStartupInfoA
GetDateFormatA
GetFileSize
GlobalDeleteAtom
GetModuleHandleW
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
AddAtomW
GetProcessHeap
CreateWaitableTimerW
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
CompareStringA
FindFirstFileW
DuplicateHandle
GetUserDefaultLCID
GlobalAlloc
GetPrivateProfileSectionW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
LockFile
lstrlenW
CreateProcessW
CancelWaitableTimer
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
CancelIo
WritePrivateProfileStringW
lstrcpynW
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
GetTimeFormatA
WNetCancelConnectionW
WNetAddConnection2W
SHBindToParent
SHBrowseForFolderW
SHGetFolderLocation
SHFileOperationW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
StrRetToBufW
MapWindowPoints
GetMessagePos
SetMenuItemBitmaps
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
GrayStringW
EndPaint
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
SendMessageA
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
ClientToScreen
GetActiveWindow
GetWindowTextW
GetWindowTextLengthW
GetTopWindow
GetWindowTextA
InvalidateRgn
PtInRect
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetNextDlgGroupItem
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
IsZoomed
GetWindowPlacement
TabbedTextOutA
IsDialogMessageW
FillRect
SetWindowContextHelpId
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
TabbedTextOutW
GetWindowLongW
IsChild
SetFocus
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcA
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
EnumChildWindows
IntersectRect
CharLowerW
SendDlgItemMessageW
PostMessageW
SetWindowTextA
CheckMenuItem
GetClassLongW
SetWindowTextW
GetMenuCheckMarkDimensions
ScreenToClient
GetMenuState
GetSystemMenu
SetForegroundWindow
CreateDialogIndirectParamW
DrawTextA
DrawTextExW
EndDialog
CopyRect
GetCapture
MessageBoxW
GetWindowDC
AdjustWindowRectEx
SetDlgItemTextW
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpW
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ValidateRect
IsRectEmpty
GetFocus
wsprintfW
GetDlgItemTextW
SetCursor
RemovePropW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipDisposeImage
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipAlloc
GdipCreateBitmapFromFileICM
GdipCloneImage
GdiplusStartup
GdipGetImagePixelFormat
GdipDrawImageI
GdipGetImageGraphicsContext
GdipFree
GdipDeleteGraphics
__p__fmode
_acmdln
??1type_info@@UAE@XZ
__dllonexit
_except_handler3
?terminate@@YAXXZ
_mbscmp
_onexit
exit
_XcptFilter
_strdup
__setusermatherr
__p__commode
__CxxFrameHandler
_mbsicmp
_CxxThrowException
_adjust_fdiv
_CIsin
_splitpath
free
__getmainargs
_controlfp
_setmbcp
_vsnprintf
_initterm
_exit
__set_app_type
OleUIBusyW
Number of PE resources by type
RT_ICON 12
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
136704

ImageVersion
0.0

ProductName
Advanced Task Scheduler 32-bit Edition

FileVersionNumber
4.1.0.612

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
advscheduler_admin.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.1.0.612

TimeStamp
2016:03:14 08:18:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Advanced Task Scheduler 32-bit Edition

ProductVersion
4.1.0.612

FileDescription
Advanced Task Scheduler 32-bit Edition

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright Southsoftware.com, 2002-2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Douthsoftware.com

CodeSize
77824

FileSubtype
0

ProductVersionNumber
4.1.0.612

EntryPoint
0x104db

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c9723e28fb74ef9b8ee3d1780cf4f7a5
SHA1 512e998d7e05c084bdd0297ad3b84b17ab0ecece
SHA256 b960b8e1ff8974082cf18d1110ef41c70659812631709243b3cbe5eec486bed6
ssdeep
3072:xQzOTNuqzphV2ocYZ4MdWJq5krOj349AuLAGg7/H/5pgALmWKalPeQTl5:kosCPcC9f5kry34945/LmWtec

authentihash ab0aa90c3bcbe758b981a585ea890698954c6fad7b43995b02ec275f97b5ca0a
imphash f0a7d5b5123e8b1b9ac6ccaa738cf0ce
File size 206.0 KB ( 210944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-14 12:24:02 UTC ( 2 years, 5 months ago )
Last submission 2018-07-04 19:17:25 UTC ( 1 month, 2 weeks ago )
File names rKtLxlljp.js
text.exe
iu8y7g6b
iu8y7g6b.exe
_9xaIEJ.tar
hrb3sW2htJPYeqV.exe
SeQ2TPuyByrB.exe.123417074.DROPPED
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications