× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bdba80fe4638b8ec8d0cde505cfd62ba89d90c86d856e409cabc032a34ec5750
File name: rad69926.tmp.exe
Detection ratio: 26 / 56
Analysis date: 2017-02-06 21:18:58 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.59172 20170206
AhnLab-V3 Trojan/Win32.Cerber.C1771574 20170206
Arcabit Trojan.Mikey.DE724 20170206
Avast Win32:Malware-gen 20170206
AVG Crypt7.DSS 20170206
Avira (no cloud) TR/Crypt.ZPACK.tdlmg 20170206
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9989 20170206
BitDefender Gen:Variant.Mikey.59172 20170206
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb Trojan.Encoder.10193 20170206
Emsisoft Gen:Variant.Mikey.59172 (B) 20170206
ESET-NOD32 a variant of Win32/Kryptik.FNXH 20170206
F-Secure Gen:Variant.Mikey.59172 20170206
GData Gen:Variant.Mikey.59172 20170206
Sophos ML virus.win32.ramnit.j 20170203
K7AntiVirus Trojan ( 005045b51 ) 20170206
K7GW Trojan ( 005045b51 ) 20170206
Malwarebytes Ransom.Cerber 20170206
McAfee-GW-Edition BehavesLike.Win32.Sality.hh 20170206
eScan Gen:Variant.Mikey.59172 20170206
Panda Trj/RansomCrypt.J 20170206
Qihoo-360 HEUR/QVM08.0.0000.Malware.Gen 20170206
Rising Malware.Generic!gBf0NkBqwpT@2 (thunder) 20170206
Symantec Ransom.Cerber 20170206
TrendMicro Ransom_HPCERBER.SM51 20170206
TrendMicro-HouseCall Ransom_HPCERBER.SM51 20170206
AegisLab 20170206
Alibaba 20170122
ALYac 20170206
Antiy-AVL 20170206
AVware 20170206
Bkav 20170206
CAT-QuickHeal 20170206
ClamAV 20170206
CMC 20170206
Comodo 20170206
Cyren 20170206
F-Prot 20170206
Fortinet 20170206
Ikarus 20170206
Jiangmin 20170206
Kaspersky 20170206
Kingsoft 20170206
McAfee 20170206
Microsoft 20170206
NANO-Antivirus 20170206
nProtect 20170206
Sophos AV 20170206
SUPERAntiSpyware 20170206
Tencent 20170206
TheHacker 20170205
Trustlook 20170206
VBA32 20170206
VIPRE 20170206
ViRobot 20170206
WhiteArmor 20170202
Yandex 20170206
Zillya 20170206
Zoner 20170206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-05 14:08:59
Entry Point 0x0000A4B2
Number of sections 5
PE sections
Overlays
MD5 6a423a41644824090635b66c8a840055
File type data
Offset 593920
Size 384
Entropy 7.51
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetSystemInfo
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
FlushFileBuffers
VirtualProtect
GetVersionExA
GetModuleFileNameA
VirtualQuery
RtlUnwind
LoadLibraryA
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
SetFilePointer
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
CompareStringW
WideCharToMultiByte
GetFileAttributesA
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetStartupInfoA
CompareStringA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
GetEnvironmentStringsW
GetFileType
GetTickCount
HeapAlloc
GetCurrentThreadId
VirtualAlloc
CloseHandle
Ord(192)
WSASendDisconnect
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_HTML 1
Number of PE resources by language
ENGLISH US 2
RUSSIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:05 15:08:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
7.1

EntryPoint
0xa4b2

InitializedDataSize
577536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 cf0fad4981a26aaf588ec9fea5615f74
SHA1 4ae067ce6a204f92ff301922bce1435236df463c
SHA256 bdba80fe4638b8ec8d0cde505cfd62ba89d90c86d856e409cabc032a34ec5750
ssdeep
12288:zVTIWTya7c13mfS8AqGNf4tufhxoMzEB7Y3WkaoV6:zu1+ufhxhzD3WkaoV6

authentihash f0e1181c851fe28b5cca002e79eaa9d32123b1c12a5ad60d8da5ba117048f831
imphash 0efa0e78501c352d2db89ec20177060a
File size 580.4 KB ( 594304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (50.1%)
Win64 Executable (generic) (32.2%)
Win32 Dynamic Link Library (generic) (7.6%)
Win32 Executable (generic) (5.2%)
Generic Win/DOS Executable (2.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-06 21:18:58 UTC ( 2 years, 1 month ago )
Last submission 2017-02-06 21:18:58 UTC ( 2 years, 1 month ago )
File names rad69926.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs