× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c3dc6aadf93f924342ac254051cad1b8d65248b89a05a5415258539f12b0ddc0
File name: aae9c7a44f5a231207d3b57a0edfb459
Detection ratio: 42 / 68
Analysis date: 2017-10-31 22:19:07 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12525189 20171031
AegisLab Ransom.Hplocky.Sme!c 20171031
AhnLab-V3 Win-Trojan/Sagecrypt.Gen 20171031
ALYac Trojan.Ransom.LockyCrypt 20171031
Arcabit Trojan.Generic.DBF1E85 20171031
Avast Win32:Malware-gen 20171031
AVG Win32:Malware-gen 20171031
Avira (no cloud) TR/Crypt.Xpack.pucfx 20171031
AVware Trojan.Win32.Generic!BT 20171031
BitDefender Trojan.GenericKD.12525189 20171031
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20170628
Cylance Unsafe 20171031
DrWeb Trojan.PWS.Panda.11620 20171031
eGambit Unsafe.AI_Score_99% 20171031
Emsisoft Trojan.GenericKD.12525189 (B) 20171031
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/Spy.Zbot.ACZ 20171031
F-Secure Trojan.GenericKD.12525189 20171031
Fortinet W32/Zbot.ACZ!tr.spy 20171031
GData Trojan.GenericKD.12525189 20171031
Ikarus Trojan.Crypt 20171031
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Yakes.uqug 20171031
Malwarebytes Trojan.MalPack 20171031
MAX malware (ai score=39) 20171031
McAfee Artemis!AAE9C7A44F5A 20171031
McAfee-GW-Edition BehavesLike.Win32.Ransomware.fc 20171031
eScan Trojan.GenericKD.12525189 20171031
Palo Alto Networks (Known Signatures) generic.ml 20171031
Panda Trj/CI.A 20171031
Qihoo-360 Trojan.Generic 20171031
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Generic-S 20171031
Symantec Trojan Horse 20171031
Tencent Win32.Trojan.Yakes.Lqov 20171031
TrendMicro Ransom_HPLOCKY.SME 20171031
TrendMicro-HouseCall Ransom_HPLOCKY.SME 20171031
VIPRE Trojan.Win32.Generic!BT 20171031
ViRobot Trojan.Win32.Z.Sagecrypt.367616.C 20171031
Webroot W32.Trojan.Gen 20171031
ZoneAlarm by Check Point Trojan.Win32.Yakes.uqug 20171031
Alibaba 20170911
Antiy-AVL 20171031
Avast-Mobile 20171031
Baidu 20171031
Bkav 20171031
CAT-QuickHeal 20171031
ClamAV 20171031
CMC 20171031
Comodo 20171031
Cyren 20171031
F-Prot 20171031
Jiangmin 20171031
K7AntiVirus 20171031
K7GW 20171031
Kingsoft 20171031
Microsoft 20171031
NANO-Antivirus 20171031
nProtect 20171031
Rising 20171031
SUPERAntiSpyware 20171031
Symantec Mobile Insight 20171027
TheHacker 20171031
TotalDefense 20171031
Trustlook 20171031
VBA32 20171031
WhiteArmor 20171024
Yandex 20171031
Zillya 20171031
Zoner 20171031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-30 03:26:17
Entry Point 0x0000C59F
Number of sections 4
PE sections
PE imports
ImageList_GetDragImage
ImageList_Create
Ord(17)
ImageList_Add
ImageList_SetDragCursorImage
ImageList_EndDrag
GetOpenFileNameA
CertEnumCertificatesInStore
CertGetNameStringA
CertOpenStore
CertCloseStore
CertEnumPhysicalStore
CertOpenSystemStoreA
CertCompareCertificateName
GetDeviceCaps
SwapBuffers
DeleteDC
DescribePixelFormat
SelectObject
SetStretchBltMode
CreatePen
GetStockObject
SetTextJustification
ChoosePixelFormat
SetPixelFormat
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
WaitForSingleObject
EncodePointer
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
lstrcmpiA
GetCPInfo
FindActCtxSectionStringA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
IsValidLocale
GetProcAddress
LocalSize
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
LoadRegTypeLib
VariantTimeToSystemTime
UnRegisterTypeLib
SystemTimeToVariantTime
VariantClear
VariantInit
glFlush
glVertex2d
glColor3f
glLightfv
glMatrixMode
glViewport
glClear
glEnd
glOrtho
wglGetCurrentDC
glLineWidth
glBegin
glLoadIdentity
glEnable
glBlendFunc
UuidToStringA
RpcStringFreeA
UuidCreate
SetupCopyOEMInfA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SHGetFolderPathW
SHCreateDirectoryExA
SHGetSpecialFolderPathA
SHGetFolderPathA
MapWindowPoints
EmptyClipboard
UpdateWindow
BeginPaint
HideCaret
OffsetRect
DeferWindowPos
FindWindowW
RegisterClassExA
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
BeginDeferWindowPos
SetScrollPos
GetWindowRect
DispatchMessageA
EndPaint
PostMessageA
MoveWindow
TranslateMessage
DialogBoxParamA
GetWindow
SetActiveWindow
GetDC
CopyImage
EndDeferWindowPos
SystemParametersInfoA
SetWindowTextA
LoadStringA
SetClipboardData
EnumDisplayDevicesA
GetSystemMetrics
SendMessageA
LoadStringW
GetClientRect
GetDlgItem
CreateDialogParamA
EnableMenuItem
RegisterClassA
ScreenToClient
IsClipboardFormatAvailable
CreateWindowExA
LoadCursorA
LoadIconA
GetMessageA
GetDesktopWindow
LoadImageA
ReleaseDC
CloseClipboard
OpenClipboard
GetAncestor
DestroyWindow
waveInAddBuffer
waveOutWrite
waveOutOpen
waveInClose
mmioWrite
waveOutPrepareHeader
timeSetEvent
mmioOpenA
mmioCreateChunk
WTSQuerySessionInformationA
WTSQueryUserConfigA
Ord(144)
RevokeDragDrop
RegisterDragDrop
StgOpenStorage
CoInitializeEx
Number of PE resources by type
CUSTOM 8
RT_STRING 6
RT_ICON 5
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_RCDATA 1
RT_BITMAP 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:10:30 04:26:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
128000

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xc59f

InitializedDataSize
238592

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 aae9c7a44f5a231207d3b57a0edfb459
SHA1 082f462099f5f79e51c30409ffae7d2c6dc1c368
SHA256 c3dc6aadf93f924342ac254051cad1b8d65248b89a05a5415258539f12b0ddc0
ssdeep
6144:xxvr4bQzGAHsEBfXS/yz2cqdk0X36Vs4UmO:PrrGOsEBfWyB+xX36W4k

authentihash f69612624de945d4fd7281cdb1fbdf0bf3d06328d8bfa2006a2aca14ade14173
imphash 1184ba2c2710f872895813eb67a7dfd5
File size 359.0 KB ( 367616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-30 10:01:27 UTC ( 1 year, 4 months ago )
Last submission 2018-05-10 00:17:14 UTC ( 10 months, 2 weeks ago )
File names Temp.exe
modello(2)
ZEUSPANDA
stimulator.exe
5.exe
localfile~
ore.exe
modello
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs