× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c89944f9ec704c2b8da3a1acf726699022e7c68334110f72007d762217a9a4a5
File name: c89944f9ec704c2b8da3a1acf726699022e7c68334110f72007d762217a9a4a5
Detection ratio: 22 / 65
Analysis date: 2017-09-21 19:36:52 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Inject.tnKf 20170921
Antiy-AVL Trojan[Downloader]/Win32.Betload 20170921
Avira (no cloud) TR/Dropper.Gen 20170921
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9593 20170921
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170921
Endgame malicious (high confidence) 20170821
Ikarus Trojan.Atros4 20170921
Sophos ML heuristic 20170914
Jiangmin TrojanDownloader.Paph.ds 20170921
K7AntiVirus Trojan ( 0050856d1 ) 20170921
K7GW Hacktool ( 655367771 ) 20170921
McAfee Artemis!9A60890FC062 20170921
McAfee-GW-Edition BehavesLike.Win32.Downloader.tc 20170921
Palo Alto Networks (Known Signatures) generic.ml 20170921
Panda Trj/Genetic.gen 20170921
Qihoo-360 HEUR/QVM41.1.FF67.Malware.Gen 20170921
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazpyBIm9OTGkWPZbjqhu+zSw) 20170921
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170921
Tencent Suspicious.Heuristic.Gen.b.0 20170921
TrendMicro-HouseCall Suspicious_GEN.F47V0921 20170921
Ad-Aware 20170921
AhnLab-V3 20170921
Alibaba 20170911
ALYac 20170921
Arcabit 20170921
Avast 20170921
Avast-Mobile 20170921
AVG 20170921
AVware 20170921
BitDefender 20170921
CAT-QuickHeal 20170921
ClamAV 20170921
CMC 20170920
Comodo 20170921
Cyren 20170921
DrWeb 20170921
Emsisoft 20170921
ESET-NOD32 20170921
F-Prot 20170921
F-Secure 20170921
Fortinet 20170921
GData 20170921
Kaspersky 20170921
Kingsoft 20170921
Malwarebytes 20170921
MAX 20170921
Microsoft 20170921
eScan 20170921
NANO-Antivirus 20170921
nProtect 20170921
Sophos AV 20170921
SUPERAntiSpyware 20170921
Symantec Mobile Insight 20170921
TheHacker 20170921
TotalDefense 20170921
TrendMicro 20170921
Trustlook 20170921
VBA32 20170921
VIPRE 20170921
ViRobot 20170921
Webroot 20170921
WhiteArmor 20170829
Yandex 20170908
Zillya 20170921
ZoneAlarm by Check Point 20170921
Zoner 20170921
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-18 10:10:35
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
GetObjectA
DeleteDC
SelectObject
GetTextExtentPoint32A
GetStockObject
CreateBitmap
SetPixel
CreateSolidBrush
GetDIBits
GetObjectType
BitBlt
SetBkColor
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetTextColor
GetNativeSystemInfo
GetEnvironmentVariableA
HeapFree
EnterCriticalSection
HeapCreate
FreeLibrary
HeapDestroy
HeapAlloc
TlsAlloc
GetVersionExA
LoadLibraryA
RemoveDirectoryA
GetShortPathNameA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetCurrentDirectoryA
GetCurrentProcessId
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
HeapSize
GetCommandLineA
GetProcAddress
SetFilePointer
GetTempPathA
WideCharToMultiByte
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetTempFileNameA
GetSystemDirectoryA
HeapReAlloc
SetEnvironmentVariableA
SetFileAttributesA
GetExitCodeProcess
TerminateProcess
GetModuleFileNameA
InitializeCriticalSection
LoadResource
SetCurrentDirectoryA
Sleep
CreateFileA
ExitProcess
GetCurrentThreadId
FindResourceA
GetFileSize
SetLastError
LeaveCriticalSection
strncmp
malloc
strstr
tolower
fabs
memmove
memset
fclose
memcpy
_stricmp
floor
strcpy
sprintf
_strnicmp
free
ceil
strlen
strcmp
strncpy
RevokeDragDrop
CoTaskMemFree
CoInitialize
ShellExecuteExA
PathRemoveArgsA
PathAddBackslashA
PathQuoteSpacesA
PathGetArgsA
PathUnquoteSpacesA
PathRenameExtensionA
SetFocus
RedrawWindow
GetForegroundWindow
GetParent
ReleaseDC
SetPropA
FillRect
EnumWindows
RegisterWindowMessageA
DefWindowProcA
ShowWindow
GetSystemMetrics
GetPropA
SetWindowPos
GetWindowThreadProcessId
CharLowerA
GetWindowRect
DispatchMessageA
EnableWindow
PostMessageA
EnumChildWindows
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
IsWindowEnabled
GetWindow
GetSysColor
SetActiveWindow
GetDC
GetKeyState
DrawTextA
RemovePropA
DefFrameProcA
DestroyIcon
UnregisterClassA
IsWindowVisible
SendMessageA
GetClientRect
CreateWindowExA
RegisterClassA
SetRect
GetWindowLongA
GetWindowTextLengthA
CharUpperA
LoadCursorA
LoadIconA
GetMessageA
GetActiveWindow
DestroyAcceleratorTable
GetSysColorBrush
CallWindowProcA
GetClassNameA
GetFocus
MsgWaitForMultipleObjects
TranslateAcceleratorA
GetWindowTextA
CreateAcceleratorTableA
IsChild
DestroyWindow
timeBeginPeriod
Number of PE resources by type
RT_RCDATA 5
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:01:18 11:10:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
59904

LinkerVersion
2.5

EntryPoint
0x1000

InitializedDataSize
1197568

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9a60890fc062d10d826c31d049706ab7
SHA1 3ae8d97461fb08c4327431c0589322e3cbb1e3de
SHA256 c89944f9ec704c2b8da3a1acf726699022e7c68334110f72007d762217a9a4a5
ssdeep
24576:DDSANUv0/NUvKLpkr2dY/aBcjJOBHOBIQBajMtWvoJiLE1+XgRKz89G/4ZSb0FuH:T80/8KLpkr2dY/aBcjJOBHOBIQBajMtA

authentihash 3328244ce6dbdc33f5097274ca1e7527f4a4e540e3ac7f670a40a2999748816f
imphash 47b0da2d13e0214f54c3bd05550e8319
File size 1.2 MB ( 1258496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (32.5%)
Win32 Executable MS Visual C++ (generic) (23.6%)
Win64 Executable (generic) (20.9%)
Windows screen saver (9.9%)
Win32 Dynamic Link Library (generic) (4.9%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-21 13:27:52 UTC ( 2 months, 3 weeks ago )
Last submission 2017-12-16 20:03:26 UTC ( 1 day, 14 hours ago )
File names c89944f9ec704c2b8da3a1acf726699022e7c68334110f72007d762217a9a4a5.exe
nRansom.exe
16874.exe
c89944f9ec704c2b8da3a1acf726699022e7c68334110f72007d762217a9a4a5
localfile~
nLocker.exe
nRansom.exe
3ae8d97461fb08c4327431c0589322e3cbb1e3de.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs