× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bc96d1ea56ba3ac507d02686c4a57dcd6b2e2ab4c1dac9fb7c8dc7b22afbd335
File name: 256182746242190.exe
Detection ratio: 45 / 67
Analysis date: 2018-04-03 08:08:59 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30506244 20180403
AegisLab Ml.Attribute.Gen!c 20180403
AhnLab-V3 Trojan/Win32.RansomCrypt.C2447796 20180403
ALYac Trojan.GenericKD.30506244 20180403
Antiy-AVL Trojan/Win32.Chapak 20180403
Arcabit Trojan.Generic.D1D17D04 20180403
Avast FileRepMalware 20180403
AVG FileRepMalware 20180403
Avira (no cloud) TR/Crypt.Xpack.hcack 20180403
AVware Trojan.Win32.Generic!BT 20180403
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20180403
BitDefender Trojan.GenericKD.30506244 20180403
Bkav W32.RsGrabND.Trojan 20180402
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cybereason malicious.aa5650 20180225
Cylance Unsafe 20180403
Cyren W32/Trojan.RRKI-9093 20180403
DrWeb Trojan.Encoder.24384 20180403
Emsisoft Trojan.GenericKD.30506244 (B) 20180403
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GFBA 20180403
Fortinet W32/GenKryptik.BVHS!tr 20180403
GData Trojan.GenericKD.30506244 20180403
Ikarus Trojan.Win32.Krypt 20180402
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052c50f1 ) 20180403
K7GW Trojan ( 0052c50f1 ) 20180403
Kaspersky Trojan.Win32.Chapak.gvb 20180403
Malwarebytes Ransom.GandCrab 20180403
MAX malware (ai score=97) 20180403
McAfee GenericRXEM-JI!EA7CEFDAA565 20180403
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.hc 20180403
Microsoft Trojan:Win32/CoinMiner.OR!bit 20180403
eScan Trojan.GenericKD.30506244 20180403
Palo Alto Networks (Known Signatures) generic.ml 20180403
Panda Trj/CI.A 20180402
Qihoo-360 HEUR/QVM10.1.2DCF.Malware.Gen 20180403
Rising Trojan.Chapak!8.F507 (TFE:5:I0OzsaaIrHK) 20180403
Sophos AV Mal/Generic-S 20180403
Symantec W32.Suviapen 20180403
Tencent Win32.Trojan.Chapak.Alsm 20180403
TrendMicro TROJ_GEN.R060C0DD118 20180403
TrendMicro-HouseCall TROJ_GEN.R060C0DD118 20180403
VIPRE Trojan.Win32.Generic!BT 20180403
ZoneAlarm by Check Point Trojan.Win32.Chapak.gvb 20180403
Alibaba 20180403
Avast-Mobile 20180402
CAT-QuickHeal 20180403
ClamAV 20180403
CMC 20180402
Comodo 20180403
eGambit 20180403
F-Prot 20180403
F-Secure 20180310
Jiangmin 20180403
Kingsoft 20180403
NANO-Antivirus 20180403
nProtect 20180403
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180403
Symantec Mobile Insight 20180401
TheHacker 20180330
TotalDefense 20180403
Trustlook 20180403
VBA32 20180402
ViRobot 20180403
WhiteArmor 20180324
Yandex 20180331
Zillya 20180402
Zoner 20180403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-30 19:57:54
Entry Point 0x000015D3
Number of sections 5
PE sections
PE imports
ReportEventW
GetBrushOrgEx
CreateDCA
EnumICMProfilesA
SetMiterLimit
GetBkMode
CreateScalableFontResourceA
GetTextMetricsA
GetCharWidthA
StretchBlt
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetEnvironmentVariableA
TlsGetValue
SetLastError
InterlockedDecrement
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
WriteProfileStringA
UnhandledExceptionFilter
SetFileShortNameA
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetPrivateProfileIntA
GenerateConsoleCtrlEvent
GetUserDefaultLCID
GetProcessHeap
CompareStringW
lstrcpyA
CompareStringA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
SetFilePointer
VirtualUnlock
ReadFile
CloseHandle
EnumResourceTypesW
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
AnimateWindow
DdeFreeStringHandle
SetMenuItemBitmaps
WaitForInputIdle
MapVirtualKeyW
DefWindowProcA
PostMessageW
ChangeClipboardChain
DrawFrameControl
CharToOemA
CoGetCurrentProcess
Number of PE resources by type
RT_ICON 18
RT_BITMAP 3
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_STRING 1
MAMA 1
ZOBUJUSODOZUHUYADOFOZUTUTUXUXE 1
SIDUROJAHEDATUMISO 1
Number of PE resources by language
NEUTRAL 28
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:30 12:57:54-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
105472

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x15d3

InitializedDataSize
893440

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 ea7cefdaa5650ea2d5689f0c6d59e1fe
SHA1 71284d3431caaf394eb647e3c2913476ec42bc13
SHA256 bc96d1ea56ba3ac507d02686c4a57dcd6b2e2ab4c1dac9fb7c8dc7b22afbd335
ssdeep
12288:sJn2lp7SRNjbQAm7OusoZzRWWLouS/jZ0p9:s92lpusP7ekRh8Z03

authentihash bd9532dc520e77d7452c9599143c0ada95e4b71ec8af56ca4a7ea1a3a9eedb94
imphash ee76c9b9d6d11be78206b059112255a3
File size 582.0 KB ( 595968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-31 01:29:10 UTC ( 10 months, 4 weeks ago )
Last submission 2018-06-12 21:42:16 UTC ( 8 months, 2 weeks ago )
File names 256182746242190.exe
ea7cefdaa5650ea2d5689f0c6d59e1feff105e1b_Trojan.Win32.Chapak.gvb
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs