× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01
File name: fb7ac185-a99f-11e7-8afb-80e65024849a.file
Detection ratio: 55 / 65
Analysis date: 2018-06-13 00:15:18 UTC ( 8 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30875223 20180612
AegisLab Ransom.Cerber.Smaly0!c 20180612
ALYac Trojan.Ransom.LockyCrypt 20180612
Antiy-AVL Trojan/Win32.SGeneric 20180613
Arcabit Trojan.Generic.D1D71E57 20180612
Avast Win32:Malware-gen 20180612
AVG Win32:Malware-gen 20180612
Avira (no cloud) TR/Crypt.ZPACK.spunl 20180612
AVware Trojan.Win32.Generic!BT 20180612
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20180612
BitDefender Trojan.GenericKD.30875223 20180612
Bkav W32.ButoricLTF.Trojan 20180612
CAT-QuickHeal Ransom.Exxroute.ZZ5 20180612
Comodo TrojWare.Win32.Ransom.Locky.AI 20180613
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.dc3686 20180225
Cyren W32/Trojan.NDIM-7030 20180612
DrWeb Trojan.Encoder.13570 20180612
Emsisoft Trojan-Ransom.Locky (A) 20180612
ESET-NOD32 Win32/Filecoder.Locky.M 20180613
F-Secure Trojan.GenericKD.30875223 20180612
Fortinet W32/GenKryptik.BHMX!tr 20180612
GData Win32.Trojan.Kryptik.IY 20180612
Ikarus Trojan-Ransom.Locky 20180612
Sophos ML heuristic 20180601
Jiangmin Trojan.Locky.dmx 20180612
K7AntiVirus Trojan ( 005190011 ) 20180612
K7GW Trojan ( 005190011 ) 20180612
Kaspersky HEUR:Trojan.Win32.Generic 20180612
Malwarebytes Ransom.Locky 20180612
MAX malware (ai score=100) 20180613
McAfee RDN/Ransomware-GHE 20180612
McAfee-GW-Edition BehavesLike.Win32.Ransomware.hc 20180612
Microsoft Ransom:Win32/Locky.A 20180612
eScan Trojan.GenericKD.30875223 20180612
NANO-Antivirus Trojan.Win32.Refinka.etflfx 20180613
Palo Alto Networks (Known Signatures) generic.ml 20180613
Panda Trj/RnkBend.A 20180612
Qihoo-360 Trojan.Generic 20180613
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Elenoocka-E 20180612
SUPERAntiSpyware Ransom.Cerber/Variant 20180613
Symantec Ransom.Locky.B 20180612
TACHYON Ransom/W32.Locky.588800 20180613
Tencent Win32.Trojan.Raas.Auto 20180613
TheHacker Trojan/Kryptik.fxdq 20180608
TrendMicro Ransom_CERBER.SMALY0 20180612
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20180612
VBA32 Trojan.FakeAV.01657 20180612
VIPRE Trojan.Win32.Generic!BT 20180612
ViRobot Trojan.Win32.S.Locky.588800 20180612
Webroot W32.Trojan.Gen 20180613
Zillya Trojan.Filecoder.Win32.6333 20180612
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180612
AhnLab-V3 20180612
Alibaba 20180612
Avast-Mobile 20180612
CMC 20180612
eGambit 20180613
Endgame 20180612
F-Prot 20180612
Kingsoft 20180613
Rising 20180612
Symantec Mobile Insight 20180605
TotalDefense 20180612
Trustlook 20180613
Yandex 20180609
Zoner 20180612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-15 19:02:29
Entry Point 0x00002AFE
Number of sections 4
PE sections
PE imports
AzCloseHandle
AzFreeMemory
AzGroupDelete
AzGetProperty
AzGroupCreate
PhoneBookEnumNumbers
PhoneBookEnumCountries
PhoneBookLoad
CreateMailslotW
GetLogicalDriveStringsA
MoveFileExW
MapViewOfFile
LoadLibraryA
WaitForSingleObject
GetModuleHandleW
CreateJobObjectW
GetTickCount
GetCommandLineW
CreateFileA
GetModuleFileNameA
GetProcAddress
GetFileAttributesW
SetLastError
SE_ProcessDying
SE_DllLoaded
SE_InstallBeforeInit
LoadCursorA
LoadIconA
GetClassLongW
CharToOemW
LoadBitmapW
LoadStringW
PeekMessageA
InsertMenuW
GetPropA
LoadMenuW
IsDialogMessageA
Number of PE resources by type
RT_RCDATA 2
EFDU 1
GERT 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:07:15 21:02:29+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
42496

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, Aggressive working-set trim, 32-bit, No debug

EntryPoint
0x2afe

InitializedDataSize
545280

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b75bd60dc3686fe62eb4a4a8372be966
SHA1 68fc9c06dec69b161e940c385dd1b229f4f972b2
SHA256 d57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01
ssdeep
12288:cSkz1puUwKX0E2sYOhRWpZtT+Lk5hM/DormbVUZD/6+4EimQuO7:cd1UUwu1VYOhqZtTQk5iMrmbVE/1xi

authentihash ad50b5a8e6c1c7998b18cd3d59094b8d501238798c12c32863dc7d3ccb5351a6
imphash 47cb64d0f13d82401b3e634555f970fc
File size 575.0 KB ( 588800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-03 16:02:57 UTC ( 1 year, 4 months ago )
Last submission 2019-01-06 06:54:47 UTC ( 1 month, 2 weeks ago )
File names output.112565719.txt
output.112315646.txt
pOyjvSmY2.exe.1.dr
output.112313167.txt
uyitfu65uy
output.112565721.txt
fb7ac185-a99f-11e7-8afb-80e65024849a.file
output.112313168.txt
output.112350384.txt
output.112315536.txt
output.112455084.txt
output.112455095.txt
output.112455094.txt
EyVRxo3.exe
output.112565720.txt
output.112455090.txt
locky ransomware
373_08_31_2017_22_44_17_373.exe.malware.MRG
output.112380206.txt
b75bd60d.gxe
pOyjvSmY2.exe
localfile~
output.112315648.txt
output.112350383.txt
fb7ac185-a99f-11e7-8afb-80e65024849a.file
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications