× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7
File name: 20f2ca720cb4dcca9195113f258ca4ef.vir
Detection ratio: 55 / 65
Analysis date: 2019-02-19 00:24:48 UTC ( 1 day, 9 hours ago )
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Trojan.GenericKD.6008177 20190218
AhnLab-V3 Trojan/Win32.Locky.C2141509 20190218
ALYac Trojan.Ransom.LockyCrypt 20190218
Antiy-AVL Trojan[Ransom]/Win32.Locky 20190218
Arcabit Trojan.Generic.D5BAD71 20190218
Avast Win32:Malware-gen 20190218
AVG Win32:Malware-gen 20190218
Avira (no cloud) TR/Crypt.ZPACK.igtsy 20190218
BitDefender Trojan.GenericKD.6008177 20190218
CAT-QuickHeal Ransom.Exxroute.A4 20190218
ClamAV Win.Trojan.Tofsee-6345150-0 20190218
CMC Trojan-Ransom.Win32!O 20190218
Comodo Backdoor.Win32.Poison.GGN@799o9a 20190218
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.20cb4d 20190109
Cylance Unsafe 20190218
Cyren W32/Ransom.FG.gen!Eldorado 20190218
DrWeb Trojan.Encoder.13570 20190218
eGambit Unsafe.AI_Score_94% 20190218
Emsisoft Trojan.GenericKD.6008177 (B) 20190218
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/Filecoder.Locky.L 20190218
F-Prot W32/Ransom.FG.gen!Eldorado 20190218
F-Secure Trojan.TR/Crypt.ZPACK.igtsy 20190218
Fortinet W32/Elenoocka.E!tr 20190218
GData Win32.Trojan.Kryptik.IS 20190218
Sophos ML heuristic 20181128
Jiangmin Trojan.Refinka.kd 20190218
K7AntiVirus Trojan ( 0051918c1 ) 20190218
K7GW Trojan ( 0051918c1 ) 20190218
Kaspersky Trojan-Ransom.Win32.Locky.zio 20190218
Malwarebytes Trojan.PasswordStealer 20190218
MAX malware (ai score=100) 20190218
McAfee Ransomware-Cerber 20190218
McAfee-GW-Edition BehavesLike.Win32.Ransomware.jc 20190218
Microsoft Ransom:Win32/Locky.A 20190218
eScan Trojan.GenericKD.6008177 20190218
NANO-Antivirus Trojan.Win32.Locky.exkcek 20190218
Palo Alto Networks (Known Signatures) generic.ml 20190218
Panda Trj/WLT.D 20190218
Qihoo-360 HEUR/QVM19.1.EBBF.Malware.Gen 20190218
Rising Trojan.Kryptik!1.B3BF (CLOUD) 20190218
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Elenoocka-E 20190218
Symantec Ransom.Locky.B 20190218
TACHYON Ransom/W32.Locky.630784 20190217
Tencent Win32.Trojan.Raasj.Auto 20190218
Trapmine malicious.high.ml.score 20190123
VBA32 Trojan.FakeAV.01657 20190218
ViRobot Trojan.Win32.Agent.630784.R 20190218
Webroot W32.Trojan.Gen 20190218
Yandex Trojan.Filecoder!80nhylorGA4 20190215
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.zio 20190218
Zoner Trojan.Win32.63041 20190218
AegisLab 20190218
Alibaba 20180921
Avast-Mobile 20190218
Babable 20180917
Baidu 20190214
Kingsoft 20190218
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190206
TheHacker 20190217
TotalDefense 20190218
Trustlook 20190218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-12 05:23:19
Entry Point 0x0000DF52
Number of sections 4
PE sections
PE imports
CDLocateRng
MD5Final
MD5Update
WaitForSingleObject
lstrcmp
GetTickCount
lstrcmpiW
LoadLibraryA
OpenFileMappingW
GetCommandLineW
OpenWaitableTimerW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetTempFileNameW
CreateSemaphoreA
GetModuleHandleA
FindResourceExW
CreateWaitableTimerA
FormatMessageW
CreateProcessW
GetFileAttributesW
SetLastError
OpenEventA
WriteConsoleW
wsprintfA
CreateWindowExA
MessageBoxW
IsDialogMessageA
LoadIconA
PostMessageA
DispatchMessageW
DialogBoxParamA
GetDlgItemTextW
GetClassLongA
CharToOemA
Number of PE resources by type
BSAW 5
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:09:11 22:23:19-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
62464

LinkerVersion
5.12

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0xdf52

InitializedDataSize
33280

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 20f2ca720cb4dcca9195113f258ca4ef
SHA1 2f5e2914af69f91c5e84e7ea0fc58dad4b6b741e
SHA256 c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7
ssdeep
12288:pAwz1IoCo7oVkMN7A67jLlLjlH4i49S3G4RvyCc7bKVrhwuk:pAUCoexA67Nt4DODR6C4m6

authentihash 31393c860a33cf44e5ba76e7e52adde50526c02448a2b906fcc74912705acd28
imphash 6e700f18085b6c29fd4cd1d778cc1eed
File size 616.0 KB ( 630784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-18 08:23:29 UTC ( 1 year, 5 months ago )
Last submission 2018-07-21 14:23:53 UTC ( 7 months ago )
File names 87thiuh3gfDGS
2_.exe
20f2ca720cb4dcca9195113f258ca4ef.bin
rcCzyIyrUzw.exe
Ly.exe
localfile~
txdOsXP.exe
c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7
CJgBjTI.exe
locky
20f2ca720cb4dcca9195113f258ca4ef.vir
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications