× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d05e036c61f893b9899f7cc26997588e5d77ae02f61c264f6ba036b33184bbfb
File name: file.exe.bin
Detection ratio: 5 / 55
Analysis date: 2016-06-15 12:52:45 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160615
ESET-NOD32 a variant of Win32/Kryptik.FAAK 20160615
Malwarebytes Ransom.Crypt0L0cker 20160615
McAfee-GW-Edition BehavesLike.Win32.Dropper.bm 20160614
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160615
Ad-Aware 20160615
AegisLab 20160615
AhnLab-V3 20160615
Alibaba 20160615
ALYac 20160615
Antiy-AVL 20160615
Arcabit 20160615
Avast 20160615
AVG 20160615
Avira (no cloud) 20160615
AVware 20160615
Baidu-International 20160614
BitDefender 20160615
CAT-QuickHeal 20160615
ClamAV 20160614
CMC 20160614
Comodo 20160615
Cyren 20160615
DrWeb 20160615
Emsisoft 20160615
F-Prot 20160615
F-Secure 20160615
Fortinet 20160615
GData 20160615
Ikarus 20160615
Jiangmin 20160615
K7AntiVirus 20160615
K7GW 20160615
Kaspersky 20160615
Kingsoft 20160615
McAfee 20160615
Microsoft 20160615
eScan 20160615
NANO-Antivirus 20160615
nProtect 20160615
Panda 20160614
Sophos AV 20160615
SUPERAntiSpyware 20160615
Symantec 20160615
Tencent 20160615
TheHacker 20160614
TotalDefense 20160615
TrendMicro 20160615
TrendMicro-HouseCall 20160615
VBA32 20160614
VIPRE 20160615
ViRobot 20160615
Yandex 20160614
Zillya 20160614
Zoner 20160615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1999 - 2013 Speedbit Ltd.

Product DAP Ununstall
Original name DapRemove.exe
Internal name DapRemove
File version 10, 0, 5, 2
Description DAP Ununstall
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-15 11:02:51
Entry Point 0x00001EC0
Number of sections 5
PE sections
PE imports
RegQueryValueExW
GetEnhMetaFileA
PathToRegion
CreateMetaFileA
EngAlphaBlend
GetRgnBox
EngStretchBlt
GetEnhMetaFileBits
GdiProcessSetup
GetEnhMetaFileW
SetStretchBltMode
EngBitBlt
EngDeleteSurface
DeleteDC
SetBkMode
GetCharWidthA
SetTextColor
FillRgn
SetAbortProc
PlayEnhMetaFile
ExtTextOutA
SaveDC
SetTextAlign
CreateRoundRectRgn
CreateCompatibleDC
PolyBezierTo
SelectObject
CreateFontIndirectExA
CopyMetaFileW
GetWinMetaFileBits
CreateColorSpaceW
GetSystemPaletteUse
WidenPath
UpdateICMRegKeyW
GetLastError
GetStdHandle
GetDriveTypeW
lstrlenW
FindFirstChangeNotificationA
lstrlenA
LoadLibraryW
FreeLibrary
ReplaceFile
DefineDosDeviceA
LoadLibraryA
GetFileAttributesW
VerifyVersionInfoW
GetStartupInfoA
LocalAlloc
GetCommandLineW
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetFileType
GetFileAttributesA
GetModuleHandleA
FindNextFileW
FindFirstFileW
GetModuleHandleW
EscapeCommFunction
GetDriveTypeA
LocalFree
FormatMessageW
UnmapViewOfFile
Sleep
SetLastError
HeapAlloc
GetVersion
GetProcessHeap
VirtualAlloc
WriteConsoleW
ShellAboutA
ShellExecuteExA
SHCreateDirectoryExW
FindExecutableA
ExtractIconExA
SHBindToParent
SHIsFileAvailableOffline
ShellExecuteW
SHEmptyRecycleBinA
SHGetSettings
ExtractAssociatedIconExA
SHBrowseForFolderA
SHPathPrepareForWriteW
Shell_NotifyIcon
DoEnvironmentSubstA
SHGetDiskFreeSpaceExW
SHLoadNonloadedIconOverlayIdentifiers
StrChrIA
StrCmpNW
StrStrIW
StrStrW
TranslateAccelerator
ChildWindowFromPointEx
DrawTextExW
SetMenuItemBitmaps
DestroyWindow
CharUpperW
CheckRadioButton
CharUpperA
ShowWindow
FindWindowA
LoadBitmapA
GetClipboardData
LoadBitmapW
GetSystemMetrics
HiliteMenuItem
IsWindow
PeekMessageW
DestroyIcon
UpdateWindow
CopyAcceleratorTableW
DdeKeepStringHandle
LoadIconW
CharLowerW
SetWindowLongA
CharNextW
DdeEnableCallback
GetProcessWindowStation
OpenWindowStationA
GetPropW
GetDC
DestroyCursor
EndDeferWindowPos
CreateWindowStationA
GetProcessDefaultLayout
CreatePopupMenu
ShowCaret
EnableMenuItem
SetParent
GetLastActivePopup
IsWindowVisible
GetGuiResources
LoadStringW
GetDlgItem
AllowSetForegroundWindow
GetNextDlgTabItem
SetKeyboardState
GetScrollInfo
BroadcastSystemMessage
AnimateWindow
FindWindowExA
GetSysColor
PostThreadMessageW
SwitchToThisWindow
ShowCursor
CharNextA
WaitForInputIdle
EnumPropsExW
ExcludeUpdateRgn
ChangeMenuW
EnumPropsW
CreateWindowExW
CharLowerA
CloseClipboard
CharToOemA
GetKeyState
TranslateAcceleratorW
timeGetTime
__p__fmode
malloc
setlocale
fprintf
_cexit
__initenv
_c_exit
_wcsdup
vfwprintf
exit
_XcptFilter
__setusermatherr
_adjust_fdiv
_except_handler3
__p__commode
free
vswprintf
__getmainargs
fwprintf
_controlfp
_initterm
_exit
__set_app_type
_iob
Number of PE resources by type
RT_DIALOG 3
RT_HTML 3
RT_ICON 3
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.5.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
722432

EntryPoint
0x1ec0

OriginalFileName
DapRemove.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1999 - 2013 Speedbit Ltd.

FileVersion
10, 0, 5, 2

TimeStamp
2016:06:15 12:02:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DapRemove

ProductVersion
10, 0, 5, 2

FileDescription
DAP Ununstall

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
S peedbit Ltd.

CodeSize
76800

ProductName
DAP Ununstall

ProductVersionNumber
10.0.5.2

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 b8a7d443a5a36298a892484ca2f78a34
SHA1 b8979ba4c74786341cba4023b5009300af3be603
SHA256 d05e036c61f893b9899f7cc26997588e5d77ae02f61c264f6ba036b33184bbfb
ssdeep
6144:PDizlGGu5kl+aJPUiMMSkOF0zQkXKujhwKbmTG9GLRCMzVnvEeg+rIaTXQgzqnh:PDiRGGeGJPUtEjz8FLRCiVnvEe/rA

authentihash ba232ba0e58954c5e5622eeabea607f6d1d2ec8406a0d17e87f3ba5563b28ac2
imphash 6cfa45bf553fa88413235e6617688589
File size 781.0 KB ( 799744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-15 11:59:20 UTC ( 2 years, 10 months ago )
Last submission 2018-05-23 12:22:43 UTC ( 11 months ago )
File names cryptolocler.exe
DapRemove
APIPYLUF.EXE
file.exe.bin
b8979ba4c74786341cba4023b5009300af3be603.exe
file.exe
zwirus.exe
crypt0l0cker
d05e036c61f893b9899f7cc26997588e5d77ae02f61c264f6ba036b33184bbfb.bin.exe
DapRemove.exe
rad08742.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications