× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf32e333d663fe20ab1c77d2f3f3af946fb159c51b1cd3b4b2afd6fc3e1897bb
File name: messg.jpg
Detection ratio: 48 / 70
Analysis date: 2019-02-22 13:11:18 UTC ( 3 weeks, 3 days ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Variant.Fugrafa.1182 20190222
AegisLab Hacktool.Win32.Krap.lKMc 20190222
AhnLab-V3 Trojan/Win32.Shade.C3014193 20190222
ALYac Trojan.Ransom.Shade 20190222
Antiy-AVL Trojan/Win32.Agent 20190222
Arcabit Trojan.Fugrafa.D49E 20190222
Avast Win32:Malware-gen 20190222
AVG Win32:Malware-gen 20190222
BitDefender Gen:Variant.Fugrafa.1182 20190222
Comodo Malware@#lh81m9o50cix 20190222
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cylance Unsafe 20190222
Cyren W32/Trojan.ZNKY-8472 20190222
DrWeb Trojan.Encoder.858 20190222
eGambit PE.Heur.InvalidSig 20190222
Emsisoft Trojan-Ransom.Shade (A) 20190222
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPQK 20190222
Fortinet W32/Kryptik.GOJP!tr.ransom 20190222
GData Gen:Variant.Fugrafa.1182 20190222
Ikarus Trojan.Win32.Crypt 20190222
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190222
K7GW Riskware ( 0040eff71 ) 20190222
Kaspersky Trojan-Ransom.Win32.Shade.poy 20190222
MAX malware (ai score=100) 20190222
McAfee GenericRXGY-ZV!695A0D416CDC 20190222
McAfee-GW-Edition GenericRXGY-ZV!695A0D416CDC 20190222
Microsoft Ransom:Win32/Troldesh.A 20190222
eScan Gen:Variant.Fugrafa.1182 20190222
NANO-Antivirus Trojan.Win32.Encoder.fmxkef 20190222
Palo Alto Networks (Known Signatures) generic.ml 20190222
Panda Trj/GdSda.A 20190222
Qihoo-360 HEUR/QVM20.1.3307.Malware.Gen 20190222
Rising Ransom.FileCryptor!8.1A7 (CLOUD) 20190222
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190222
Symantec Downloader 20190222
Tencent Win32.Trojan.Falsesign.Wozy 20190222
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_GEN.F0C2C00BD19 20190222
TrendMicro-HouseCall TROJ_GEN.F0C2C00BD19 20190222
VBA32 BScope.Malware-Cryptor.Filecoder 20190222
VIPRE Trojan.Win32.Generic!BT 20190222
ViRobot Trojan.Win32.Z.Troldesh.1593544 20190222
Yandex Trojan.Shade! 20190222
ZoneAlarm by Check Point Trojan-Ransom.Win32.Shade.poy 20190222
Alibaba 20180921
Avast-Mobile 20190222
Avira (no cloud) 20190222
Babable 20180918
Baidu 20190215
Bkav 20190222
CAT-QuickHeal 20190221
ClamAV 20190222
CMC 20190222
Cybereason 20190109
F-Prot 20190222
F-Secure 20190222
Jiangmin 20190222
Kingsoft 20190222
Malwarebytes 20190222
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190222
TheHacker 20190217
Trustlook 20190222
Webroot 20190222
Zillya 20190221
Zoner 20190222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 2:06 PM 2/22/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-13 07:46:12
Entry Point 0x00026AE0
Number of sections 3
PE sections
Overlays
MD5 73c1ade2177ea829e7049721de081488
File type data
Offset 1590784
Size 2760
Entropy 7.40
PE imports
RegOpenKeyExA
RegQueryValueExW
CreateMetaFileA
UpdateColors
GetBkColor
DeleteMetaFile
SaveDC
GetLastError
HeapFree
GetStdHandle
LCMapStringW
lstrlenW
SetHandleCount
LoadLibraryA
LoadLibraryW
GlobalFree
VirtualProtect
GetVersionExW
FreeLibrary
QueryPerformanceCounter
HeapDestroy
ExitProcess
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
lstrcmpiW
VirtualQuery
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
GetUserDefaultLCID
GetCommandLineW
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
SetStdHandle
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetSystemInfo
GetPrivateProfileStringW
GetLocaleInfoW
lstrcmpW
lstrcpynW
CompareStringW
lstrcpyW
GetFullPathNameW
WideCharToMultiByte
GetModuleFileNameW
GetStringTypeA
SetFilePointer
FindNextFileW
InterlockedExchange
CreateSemaphoreW
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
FindFirstFileW
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
LocalFree
TerminateProcess
SetUnhandledExceptionFilter
IsValidCodePage
HeapCreate
GlobalAlloc
VirtualFree
FindClose
lstrcatW
Sleep
GetFileType
SetFileAttributesW
GetTickCount
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
GetModuleHandleA
GetAsyncKeyState
GetForegroundWindow
MapDialogRect
CharPrevA
SetPropA
CharUpperW
RemovePropA
GetMonitorInfoA
ShowWindow
GetPropA
LoadMenuW
SendDlgItemMessageA
BeginDeferWindowPos
SetWindowLongW
MessageBoxW
GetDC
DrawIcon
AdjustWindowRectEx
IsWindowEnabled
IsCharAlphaNumericA
EndDeferWindowPos
SystemParametersInfoA
GetDlgCtrlID
GetClassInfoA
GetMenu
DrawFocusRect
GetLastActivePopup
GetClassInfoW
MonitorFromWindow
RegisterClassA
InSendMessage
GetSubMenu
GetTopWindow
GetSysColorBrush
CharNextA
DeferWindowPos
GetDialogBaseUnits
CreateWindowExW
ReleaseDC
GetWindowTextA
GetMenuContextHelpId
DestroyWindow
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:02:13 08:46:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
156672

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x26ae0

InitializedDataSize
1433600

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 695a0d416cdccad008acb2369b0165a2
SHA1 c9002f65273ac587f5753f50cf61911885d92521
SHA256 bf32e333d663fe20ab1c77d2f3f3af946fb159c51b1cd3b4b2afd6fc3e1897bb
ssdeep
24576:kcDD3THmsmB7K1k52fzgtv0HqIYG3yC3Q1KbeRho7KWU8RKDyAlAY:bTHmsq72zgtv0HYG37bD7KWU8UhV

authentihash e8411cffd4df924e32975cf6c223a3adee6b210e3937366f7ff5a3ef93f4b400
imphash 3d5653e951869b517f5970bc8af2ea09
File size 1.5 MB ( 1593544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-13 08:18:03 UTC ( 1 month ago )
Last submission 2019-02-13 20:11:43 UTC ( 1 month ago )
File names messg.jpg
22951498
bf32e333d663fe20ab1c77d2f3f3af946fb159c51b1cd3b4b2afd6fc3e1897bb.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications