× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d3378c99134259db2ada97669007f90af17798fb9a8f2c33f3f8e00ab223f8d3
File name: ssj.jpg
Detection ratio: 52 / 66
Analysis date: 2019-03-25 02:09:25 UTC ( 5 hours, 22 minutes ago )
Antivirus Result Update
Acronis suspicious 20190322
Ad-Aware Trojan.GenericKD.31549945 20190324
AegisLab Trojan.Win32.Shade.4!c 20190325
AhnLab-V3 Trojan/Win32.Shade.C2950584 20190324
ALYac Trojan.Ransom.Shade 20190324
Antiy-AVL Trojan[Ransom]/Win32.Shade 20190325
Arcabit Trojan.Generic.D1E169F9 20190324
Avast Win32:RansomX-gen [Ransom] 20190325
AVG Win32:RansomX-gen [Ransom] 20190325
Avira (no cloud) TR/Crypt.XPACK.sht 20190324
BitDefender Trojan.GenericKD.31549945 20190324
CAT-QuickHeal TrojanRansom.Shade 20190324
ClamAV Win.Trojan.Agent-6826013-0 20190324
Comodo Malware@#1b9yv3wh4uhm0 20190325
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.1ca4a2 20190324
Cyren W32/Trojan.DHXT-2754 20190324
DrWeb Trojan.Encoder.858 20190324
Emsisoft Trojan.Agent (A) 20190324
Endgame malicious (high confidence) 20190322
ESET-NOD32 a variant of Win32/Kryptik.GOWG 20190324
F-Secure Trojan.TR/Crypt.XPACK.sht 20190324
Fortinet Malicious_Behavior.SB 20190324
GData Trojan.GenericKD.31549945 20190325
Ikarus Trojan.Win32.Krypt 20190324
Sophos ML heuristic 20190313
Jiangmin Trojan.Shade.qu 20190324
K7AntiVirus Riskware ( 0040eff71 ) 20190324
K7GW Riskware ( 0040eff71 ) 20190324
Kaspersky Trojan-Ransom.Win32.Shade.pje 20190324
Malwarebytes Ransom.Troldesh 20190324
MAX malware (ai score=100) 20190325
McAfee Trojan-FQMJ!022DB605F946 20190325
McAfee-GW-Edition Trojan-FQMJ!022DB605F946 20190324
Microsoft VirTool:Win32/CeeInject.AAK!bit 20190324
eScan Trojan.GenericKD.31549945 20190325
NANO-Antivirus Trojan.Win32.Encoder.fmiked 20190325
Palo Alto Networks (Known Signatures) generic.ml 20190325
Panda Trj/CI.A 20190324
Qihoo-360 HEUR/QVM20.1.B1D3.Malware.Gen 20190325
Rising Ransom.Troldesh!8.5D1 (CLOUD) 20190325
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Cerber-AL 20190322
Tencent Win32.Trojan.Falsesign.Bnx 20190325
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall Ransom.Win32.SHADE.SM 20190324
VBA32 BScope.TrojanSpy.Zbot 20190322
VIPRE LooksLike.Win32.Reveton.c!ag (v) 20190324
ViRobot Trojan.Win32.Z.Troldesh.1256712 20190324
Yandex Trojan.Shade! 20190324
Zillya Trojan.Shade.Win32.969 20190324
ZoneAlarm by Check Point Trojan-Ransom.Win32.Shade.pje 20190324
Alibaba 20190306
Avast-Mobile 20190324
Babable 20180918
Baidu 20190318
Bkav 20190320
CMC 20190321
eGambit 20190325
Kingsoft 20190325
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190220
TACHYON 20190325
TheHacker 20190324
TotalDefense 20190324
Trustlook 20190325
Zoner 20190325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 51.1052.0.0
Description setip/Unikstall
Signature verification The digital signature of the object did not verify.
Signing date 3:09 AM 3/25/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-21 11:07:38
Entry Point 0x00001ED0
Number of sections 4
PE sections
Overlays
MD5 47aad9e740ee01c0804f19a80e19471e
File type data
Offset 1253376
Size 3336
Entropy 7.34
PE imports
AdjustTokenPrivileges
OpenServiceW
RegDeleteValueW
RegCloseKey
OpenProcessToken
CloseServiceHandle
EnumServicesStatusExW
FreeSid
RegQueryInfoKeyW
RegQueryValueExA
OpenSCManagerW
RegEnumValueW
RegOpenKeyExW
CheckTokenMembership
QueryServiceStatusEx
QueryServiceConfigW
LookupPrivilegeValueW
AllocateAndInitializeSid
DeleteService
RegQueryValueExW
CreateICA
GetTextCharset
GetEnhMetaFileW
GetROP2
EngCreatePalette
XLATEOBJ_piVector
OffsetViewportOrgEx
GdiCreateLocalMetaFilePict
OffsetClipRgn
GdiReleaseDC
GdiAlphaBlend
EngDeleteClip
FillPath
GetColorSpace
GetStockObject
GetPath
GdiGetLocalDC
EngStrokeAndFillPath
GdiFlush
CreateCompatibleDC
GetTextAlign
FlattenPath
AnyLinkedFonts
GetClipRgn
CancelDC
CreateSolidBrush
WidenPath
CopyMetaFileA
AbortDoc
AddFontResourceW
GetStdHandle
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetPrivateProfileStructW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
FormatMessageW
InitializeCriticalSection
TlsGetValue
SetFileAttributesW
SetLastError
GetWriteWatch
HeapAlloc
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
MultiByteToWideChar
SetFilePointer
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
HeapCreate
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
ReadProcessMemory
DeleteFileW
GetProcAddress
GetConsoleAliasesA
GetProcessHeap
CreateFileMappingW
CompareStringW
lstrcpyW
CompareStringA
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
GetCommandLineA
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
UnmapViewOfFile
VirtualFree
GetProcessVersion
LocalShrink
VirtualAlloc
CommandLineToArgvW
SHBrowseForFolderW
StrCmpNA
GetMessagePos
IMPGetIMEA
DdeCmpStringHandles
DrawStateA
GetForegroundWindow
ArrangeIconicWindows
SetWindowWord
GetSystemMetrics
GetKBCodePage
DrawIcon
LoadCursorFromFileA
CharLowerW
MessageBoxExW
SetDlgItemTextW
GetKeyState
GetAsyncKeyState
DestroyIcon
LoadStringA
DdeDisconnect
GetDesktopWindow
GetThreadDesktop
MonitorFromRect
ChangeDisplaySettingsExA
GetTopWindow
DdeCreateDataHandle
CloseDesktop
IsCharUpperW
GetMenuItemCount
DestroyWindow
IsDialogMessageA
GetMenuItemInfoW
Number of PE resources by type
RT_STRING 17
RT_RCDATA 12
RT_ICON 5
RT_BITMAP 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 28
ENGLISH US 10
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
51.1052.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
setip/Unikstall

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1246720

EntryPoint
0x1ed0

MIMEType
application/octet-stream

FileVersion
51.1052.0.0

TimeStamp
2019:01:21 12:07:38+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
6144

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 022db605f946edc0134c4e689be311c3
SHA1 e0b89081ca4a2be4bbd806119f98e7eb7ccc5e9a
SHA256 d3378c99134259db2ada97669007f90af17798fb9a8f2c33f3f8e00ab223f8d3
ssdeep
24576:qz1BHQ2u8ah9OTc4HLMwXXDI7hGUj3hAEN40eVzcWMY7TxC3:q5BwCbc4Z6hGUj5N/eVzcWL0

authentihash 5f02e92b7b0ee880f1feb32fd0940dfac3b5948b9bfbfcbd5fcc96f39712eaab
imphash 85ad4735f82693ca2e7f3af4f9de6e63
File size 1.2 MB ( 1256712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-21 11:18:37 UTC ( 2 months ago )
Last submission 2019-02-26 21:59:26 UTC ( 3 weeks, 5 days ago )
File names output.114999743.txt
csrss.exe
21895567
ssj.jpg
csrss.exe
output.114999746.txt
output.114999749.txt
output.114973008.txt
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
TCP connections