× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d18a33ab469110a1c263ee27409b71f15ed9ff6ccfba50f977af821aa9c2f38f
File name: c2d51158e25fb1cd53bb3c57189c54cc.virus
Detection ratio: 34 / 63
Analysis date: 2017-09-27 22:26:49 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.40568 20170927
AhnLab-V3 Trojan/Win32.Locky.R209564 20170927
ALYac Trojan.GenericKDZ.40568 20170927
Arcabit Trojan.Generic.D9E78 20170927
Avast Win32:Malware-gen 20170927
AVG Win32:Malware-gen 20170927
Avira (no cloud) TR/Crypt.ZPACK.grbtl 20170927
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170927
BitDefender Trojan.GenericKDZ.40568 20170927
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170927
Emsisoft Trojan.GenericKDZ.40568 (B) 20170927
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DRYR 20170927
F-Secure Trojan.GenericKDZ.40568 20170927
Fortinet W32/Kryptik.FVZV!tr 20170927
GData Win32.Trojan-Ransom.Locky.DZ 20170927
Ikarus Trojan-Ransom.Locky 20170927
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Refinka.cwb 20170927
Malwarebytes Trojan.PasswordStealer 20170927
MAX malware (ai score=88) 20170927
McAfee Ransom-Locky!C2D51158E25F 20170927
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20170927
Microsoft Trojan:Win32/Dynamer!rfn 20170927
eScan Trojan.GenericKDZ.40568 20170927
Panda Trj/Genetic.gen 20170927
Qihoo-360 HEUR/QVM20.1.224E.Malware.Gen 20170927
Sophos AV Mal/Elenoocka-E 20170927
Symantec Packed.Generic.493 20170927
TrendMicro Ransom_CERBER.SMALY0 20170927
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170927
Webroot W32.Trojan.Gen 20170927
ZoneAlarm by Check Point Trojan.Win32.Refinka.cwb 20170927
AegisLab 20170927
Alibaba 20170911
Avast-Mobile 20170927
AVware 20170927
CAT-QuickHeal 20170927
ClamAV 20170927
CMC 20170927
Comodo 20170927
Cyren 20170927
DrWeb 20170927
F-Prot 20170927
Jiangmin 20170927
K7AntiVirus 20170927
K7GW 20170927
Kingsoft 20170927
NANO-Antivirus 20170927
nProtect 20170927
Palo Alto Networks (Known Signatures) 20170927
Rising 20170926
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170927
Symantec Mobile Insight 20170927
Tencent 20170927
TheHacker 20170925
TotalDefense 20170927
Trustlook 20170927
VBA32 20170927
VIPRE 20170927
ViRobot 20170927
Yandex 20170908
Zillya 20170927
Zoner 20170927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-09 05:09:20
Entry Point 0x00003D89
Number of sections 4
PE sections
PE imports
CMP_Init_Detection
CMP_Report_LogOn
CM_Add_Range
CM_Add_IDA
GetConsoleAliasA
LoadLibraryA
SearchPathW
GetExpandedNameW
GetCurrentProcessId
GetProcAddress
GetModuleFileNameW
WaitForSingleObject
GetLogicalDriveStringsA
WaitNamedPipeA
GetTempPathW
GetStringTypeA
IsBadReadPtr
FindNextFileA
GetCurrentThreadId
GetFileAttributesW
GetProfileSectionA
GetModuleHandleW
LeaveCriticalSection
GradientFill
AlphaBlend
TraceSQLCancel
TraceSQLError
LoadCursorA
LoadIconA
IsDialogMessageW
PostMessageA
CreateDesktopW
LoadStringW
MessageBoxA
IsCharUpperW
DispatchMessageW
DrawStateW
GetPropA
LoadMenuW
GetClassLongA
Number of PE resources by type
RT_RCDATA 2
RT_STRING 1
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:05:09 06:09:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56832

LinkerVersion
8.0

EntryPoint
0x3d89

InitializedDataSize
125440

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 c2d51158e25fb1cd53bb3c57189c54cc
SHA1 35190efc56bba2095189d3bb5a2b9a3c34f8fa49
SHA256 d18a33ab469110a1c263ee27409b71f15ed9ff6ccfba50f977af821aa9c2f38f
ssdeep
3072:8pvYAN+UQvM8lJkAl2KX2MfzqPNzSrre61T6HIG2ELSf6D:jArQEcrlRuzWeGT6HIQ

authentihash 32bf933300e4caa61e4f0fe93ac55c54032fc028713f92b4067b04d232bdc411
imphash ec6767208d6992a38a5fd601c63cfb7c
File size 179.0 KB ( 183296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-27 22:26:49 UTC ( 1 year, 4 months ago )
Last submission 2018-05-24 00:38:11 UTC ( 9 months ago )
File names c2d51158e25fb1cd53bb3c57189c54cc.vir
c2d51158e25fb1cd53bb3c57189c54cc.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications