× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c3d08138d1788e671f1af183fc267f2b16e34b7e93bafd9235bb9dbaa89a0114
File name: ZJWJB.exe
Detection ratio: 20 / 73
Analysis date: 2019-05-15 21:52:38 UTC ( 1 week, 1 day ago ) View latest
Antivirus Result Update
Avira (no cloud) HEUR/AGEN.1039893 20190515
ClamAV Win.Ransomware.Ryuk-6892922-0 20190515
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.ec959a 20190417
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win64/Filecoder.Ryuk.A 20190515
F-Secure Heuristic.HEUR/AGEN.1039893 20190515
FireEye Generic.mg.f4387abefed9df52 20190515
Fortinet W64/Ryuk.A!tr.ransom 20190515
Ikarus Trojan-Ransom.Ryuk 20190515
Kaspersky HEUR:Trojan.Win32.Generic 20190515
Malwarebytes Ransom.Ryuk 20190515
McAfee Ransom-Ryuk!F4387ABEFED9 20190515
McAfee-GW-Edition Ransom-Ryuk!F4387ABEFED9 20190515
Microsoft Ransom:Win64/Ryuk.PA!MTB 20190515
Rising Ransom.Ryuk!1.B855 (CLASSIC) 20190515
Sophos AV Troj/Ransom-FAF 20190515
Symantec Ransom.Ryuk!gen1 20190515
Trapmine malicious.high.ml.score 20190325
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190515
Acronis 20190515
Ad-Aware 20190515
AegisLab 20190515
AhnLab-V3 20190515
Alibaba 20190513
ALYac 20190515
Antiy-AVL 20190515
APEX 20190513
Arcabit 20190515
Avast 20190515
Avast-Mobile 20190515
AVG 20190515
Babable 20190424
Baidu 20190318
BitDefender 20190515
Bkav 20190515
CAT-QuickHeal 20190515
CMC 20190321
Comodo 20190515
Cylance 20190515
Cyren 20190515
DrWeb 20190515
eGambit 20190515
Emsisoft 20190515
F-Prot 20190515
GData 20190515
Sophos ML 20190313
Jiangmin 20190515
K7AntiVirus 20190515
K7GW 20190515
Kingsoft 20190515
MAX 20190515
eScan 20190515
NANO-Antivirus 20190515
Palo Alto Networks (Known Signatures) 20190515
Panda 20190515
Qihoo-360 20190515
SentinelOne (Static ML) 20190511
SUPERAntiSpyware 20190514
Symantec Mobile Insight 20190510
TACHYON 20190515
Tencent 20190515
TheHacker 20190513
TotalDefense 20190515
TrendMicro 20190515
TrendMicro-HouseCall 20190515
Trustlook 20190515
VBA32 20190515
VIPRE 20190515
ViRobot 20190515
Webroot 20190515
Yandex 20190501
Zillya 20190515
Zoner 20190514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2019-05-12 23:29:14
Entry Point 0x000086B4
Number of sections 7
PE sections
PE imports
GetTokenInformation
LookupAccountSidW
OpenProcessToken
ImpersonateSelf
EnumServicesStatusW
OpenSCManagerW
OpenThreadToken
AdjustTokenPrivileges
SystemFunction036
LookupPrivilegeValueW
GetIpNetTable
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FindClose
TlsGetValue
SetLastError
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TerminateProcess
GetModuleHandleExW
GlobalAlloc
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetVersionExW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
GetWindowsDirectoryW
OpenProcess
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
FindNextFileW
RtlLookupFunctionEntry
FindFirstFileExW
RtlUnwindEx
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
Process32NextW
VirtualFreeEx
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
VirtualFree
Sleep
VirtualAlloc
ShellExecuteW
CommandLineToArgvW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2019:05:13 01:29:14+02:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
91136

LinkerVersion
14.0

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x86b4

InitializedDataSize
2879488

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 f4387abefed9df52645d80ccdaf400d0
SHA1 19c6458ec959af99ba0088764dd22da07bb7aef2
SHA256 c3d08138d1788e671f1af183fc267f2b16e34b7e93bafd9235bb9dbaa89a0114
ssdeep
3072:1RhJFW9AR6koCQ62pEkqPfKaUgy5GOJxHiLVOmn4iIOln:rRWsQ3EkqPSZ6AFo

authentihash f1651d0ef2b546e04162202c0e7ba6e8b804aaabe44f317387e78b9aafb118f4
imphash 82f213d5bce1622b7641a717f98f5c01
File size 205.5 KB ( 210432 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2019-05-15 21:52:38 UTC ( 1 week, 1 day ago )
Last submission 2019-05-15 21:52:38 UTC ( 1 week, 1 day ago )
File names ZJWJB.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!