× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb587c5ef7d98f44ae566de6f82fb5e7fd4cf64a0e4be2ec5feddf89502fa245
File name: c49a444d6e1614844658895e9f432c50
Detection ratio: 43 / 66
Analysis date: 2017-10-05 20:31:02 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.259843 20171005
AhnLab-V3 Trojan/Win32.Locky.R209860 20171005
ALYac Gen:Variant.Midie.40951 20171005
Arcabit Trojan.Zusy.D3F703 20171005
Avast Win32:Malware-gen 20171005
AVG Win32:Malware-gen 20171005
Avira (no cloud) TR/Crypt.ZPACK.tldap 20171005
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170930
BitDefender Gen:Variant.Zusy.259843 20171005
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20171005
Cyren W32/Locky.CB.gen!Eldorado 20171005
Emsisoft Gen:Variant.Zusy.259843 (B) 20171005
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DSCI 20171005
F-Prot W32/Locky.CB.gen!Eldorado 20171005
F-Secure Gen:Variant.Zusy.259843 20171005
Fortinet W32/Kryptik.FXEG!tr 20171005
GData Gen:Variant.Zusy.259843 20171005
Ikarus Trojan-Ransom.Locky 20171005
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 005185af1 ) 20171005
K7GW Trojan ( 005185af1 ) 20171005
Kaspersky Trojan.Win32.Refinka.drh 20171005
Malwarebytes Trojan.MalPack 20171005
MAX malware (ai score=87) 20171005
McAfee Ransomware-GFS!C49A444D6E16 20171005
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20171005
Microsoft Trojan:Win32/Dynamer!rfn 20171005
eScan Gen:Variant.Zusy.259843 20171005
NANO-Antivirus Trojan.Win32.Refinka.etfrgf 20171005
Panda Trj/GdSda.A 20171005
Qihoo-360 HEUR/QVM19.1.4E8A.Malware.Gen 20171005
Rising Malware.Heuristic!ET#99% (RDM+:cmRtazo3z4EhqRwFoCYoxsWEgnT+) 20171005
Sophos AV Mal/Elenoocka-E 20171005
Symantec Trojan.Gen.2 20171005
Tencent Win32.Trojan.Refinka.Syhu 20171005
TrendMicro Ransom_CERBER.SMALY0 20171005
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20171005
Webroot W32.Trojan.Gen 20171005
WhiteArmor Malware.HighConfidence 20170927
Zillya Trojan.Injector.Win32.562861 20171005
ZoneAlarm by Check Point Trojan.Win32.Refinka.drh 20171005
AegisLab 20171005
Alibaba 20170911
Antiy-AVL 20171005
Avast-Mobile 20171005
AVware 20171005
Bkav 20171005
CAT-QuickHeal 20171005
ClamAV 20171005
CMC 20171005
Comodo 20171005
DrWeb 20171005
Jiangmin 20171005
Kingsoft 20171005
nProtect 20171005
Palo Alto Networks (Known Signatures) 20171005
SentinelOne (Static ML) 20171001
SUPERAntiSpyware 20171005
Symantec Mobile Insight 20171005
TheHacker 20171002
TotalDefense 20171005
Trustlook 20171005
VBA32 20171005
VIPRE 20171005
ViRobot 20171005
Yandex 20171005
Zoner 20171005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-25 09:43:35
Entry Point 0x0000911A
Number of sections 4
PE sections
PE imports
GetFileAttributesA
WaitForSingleObject
CreateJobObjectW
GetTickCount
LoadLibraryA
GetCurrentDirectoryW
GetPrivateProfileStringA
lstrcatA
CreateDirectoryA
SetErrorMode
GetCommandLineA
GetProcAddress
GetProcessHeap
CreateWaitableTimerW
ReadConsoleW
GlobalAddAtomW
GetModuleHandleA
lstrcpy
FormatMessageA
InterlockedExchange
CreateSemaphoreW
CreateProcessA
GetLogicalDriveStringsW
IsBadReadPtr
IsBadStringPtrA
DefineDosDeviceA
FindResourceA
Chkdsk
FormatEx
Recover
Extend
Format
GetClassLongA
wsprintfA
LoadCursorA
LoadIconA
DispatchMessageA
DrawStateA
CharUpperW
PeekMessageA
CreateWindowExW
InsertMenuW
DialogBoxParamA
GetDlgItemTextW
GetPropA
LoadBitmapA
IsDialogMessageA
Number of PE resources by type
RT_RCDATA 5
RT_STRING 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:03:25 10:43:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50176

LinkerVersion
6.12

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x911a

InitializedDataSize
27136

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c49a444d6e1614844658895e9f432c50
SHA1 3782c730683a7c1c4311f8a208e01cae2aa7c70f
SHA256 bb587c5ef7d98f44ae566de6f82fb5e7fd4cf64a0e4be2ec5feddf89502fa245
ssdeep
3072:x7/6BTbAjwtvH8dVWPlD2Qi9mpwCmKUHhgXydi3E2n:VSBTbBt8dilaQKmp/mKUH2ydiE

authentihash 53d219d41c67569891837c762736ad44053e3e83f26242d35a0feb5a71051a9b
imphash 4e0c313e065e5c7acb5041dc1e50da88
File size 182.5 KB ( 186880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-05 20:31:02 UTC ( 1 year, 6 months ago )
Last submission 2018-10-24 18:38:14 UTC ( 5 months, 3 weeks ago )
File names c49a444d6e1614844658895e9f432c50
c49a444d6e1614844658895e9f432c50.vir
c49a444d6e1614844658895e9f432c50.virobj
c49a444d6e1614844658895e9f432c50.vir
c49a444d6e1614844658895e9f432c50.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications