× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
File name: {71257279-042b-371d-a1d3-fbf8d2fadffa}.exe
Detection ratio: 63 / 68
Analysis date: 2018-09-20 08:43:35 UTC ( 11 hours, 19 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BBPC 20180920
AegisLab Trojan.Win32.Blocker.j!c 20180920
AhnLab-V3 Trojan/Win32.Blocker.C199567 20180920
ALYac Trojan.Ransom.CryptoLocker.A 20180920
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20180919
Arcabit Trojan.Agent.BBPC 20180920
Avast Win32:Ransom-AQL [Trj] 20180920
AVG Win32:Ransom-AQL [Trj] 20180920
Avira (no cloud) TR/Crilock.A.11 20180920
AVware Trojan.Win32.Cryptolocker.mc (fs) 20180920
BitDefender Trojan.Agent.BBPC 20180920
Bkav W32.VariantMedfosF.Trojan 20180919
CAT-QuickHeal Ransom.Crilock.A5 20180918
ClamAV Win.Trojan.Cryptolocker-2 20180920
CMC Trojan-Ransom.Win32!O 20180919
Comodo TrojWare.Win32.Ransom.CryptoLocker.~BQ 20180920
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.99787f 20180225
Cylance Unsafe 20180920
Cyren W32/Ransom.RQHI-1717 20180920
DrWeb Trojan.Encoder.304 20180920
Emsisoft Trojan.Agent.BBPC (B) 20180920
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Filecoder.BQ 20180920
F-Prot W32/Ransom.EC 20180920
F-Secure Trojan.Agent.BBPC 20180920
Fortinet W32/Filecoder.BQ!tr 20180920
GData Win32.Trojan-Ransom.Cryptolocker.A 20180920
Ikarus Trojan-Ransom.CryptoLocker 20180920
Sophos ML heuristic 20180717
Jiangmin Trojan/Blocker.gig 20180920
K7AntiVirus Trojan ( 0001140e1 ) 20180920
K7GW Trojan ( 0001140e1 ) 20180920
Kaspersky Trojan-Ransom.Win32.Blocker.cfwh 20180920
Kingsoft Win32.Troj.Undef.(kcloud) 20180920
Malwarebytes Ransom.FileCryptor 20180920
MAX malware (ai score=100) 20180920
McAfee Generic.dx!04FB36199787 20180920
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20180920
Microsoft Ransom:Win32/Crilock.A 20180920
eScan Trojan.Agent.BBPC 20180920
NANO-Antivirus Trojan.Win32.Blocker.ctckvo 20180920
Palo Alto Networks (Known Signatures) generic.ml 20180920
Panda Trj/WLT.A 20180919
Qihoo-360 Win32/Trojan.Ransom.5c9 20180920
Rising Trojan.CryptoLocker!1.9E7C (CLOUD) 20180920
Sophos AV Troj/Ransom-ACV 20180920
SUPERAntiSpyware Trojan.Agent/Gen 20180907
Symantec Ransom.Cryptolocker 20180920
TACHYON Trojan/W32.Blocker.346112.B 20180920
Tencent Win32.Trojan.Blocker.Hfn 20180920
TheHacker Trojan/Filecoder.bq 20180918
TotalDefense Win32/CryptoLocker.K 20180920
TrendMicro TROJ_RANSOM.SMLD 20180920
TrendMicro-HouseCall TROJ_RANSOM.SMLD 20180920
VBA32 Hoax.Blocker 20180919
VIPRE Trojan.Win32.Cryptolocker.mc (fs) 20180920
ViRobot Trojan.Win32.S.Agent.346112.BG 20180920
Webroot W32.Obfuscated.Gen 20180920
Yandex Trojan.Kazy!HF4Ga+lwjwI 20180919
Zillya Trojan.Blocker.Win32.10224 20180920
ZoneAlarm by Check Point Trojan-Ransom.Win32.Blocker.cfwh 20180920
Zoner Trojan.Filecoder.BQ 20180919
Avast-Mobile 20180920
Babable 20180918
Baidu 20180914
eGambit 20180920
SentinelOne (Static ML) 20180830
Symantec Mobile Insight 20180918
Trustlook 20180920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-07 14:57:57
Entry Point 0x00001E00
Number of sections 5
PE sections
PE imports
CryptDestroyKey
RegCreateKeyExW
RegCloseKey
RegEnumValueW
CryptEncrypt
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptImportKey
CryptCreateHash
RegFlushKey
CryptGetKeyParam
RegOpenKeyExW
CryptGenKey
CryptReleaseContext
RegQueryInfoKeyW
RegEnumKeyExW
CryptAcquireContextW
CryptDecrypt
CryptDestroyHash
RegDeleteValueW
RegSetValueExW
CryptSetKeyParam
CryptGetHashParam
CryptExportKey
Ord(413)
InitCommonControlsEx
Ord(410)
CryptDecodeObjectEx
CryptStringToBinaryA
CryptImportPublicKeyInfo
GetDeviceCaps
GetObjectA
DeleteDC
CreateFontIndirectW
SelectObject
CreateSolidBrush
GetObjectW
SetBkMode
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
GetUserDefaultUILanguage
GetSystemTime
GetLastError
HeapFree
GetModuleFileNameW
SystemTimeToFileTime
ReleaseMutex
FileTimeToSystemTime
LoadLibraryW
GlobalFree
SetEvent
FreeLibrary
QueryPerformanceCounter
EnterCriticalSection
HeapAlloc
FlushFileBuffers
GetHandleInformation
GlobalUnlock
GetFileAttributesW
GetCommandLineW
DeleteCriticalSection
FileTimeToLocalFileTime
SizeofResource
GetVolumeInformationW
WaitForSingleObject
WaitForMultipleObjects
LockResource
SetFileTime
GetModuleHandleW
CreateThread
GetDateFormatW
SetErrorMode
MultiByteToWideChar
SetFilePointerEx
DeleteFileW
GetProcAddress
GetProcessHeap
GetComputerNameW
GetFileTime
GetTimeFormatW
GetLogicalDrives
GetFileSizeEx
WideCharToMultiByte
GetDiskFreeSpaceExW
MoveFileExW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
FindResourceExW
CreateMutexW
ReadFile
ResetEvent
FindFirstFileW
HeapReAlloc
GlobalLock
GetDriveTypeW
LocalFree
GetTempPathW
ResumeThread
CreateEventW
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
GetCurrentThread
SetFileAttributesW
SetThreadPriority
CloseHandle
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
GetEnvironmentVariableW
SetLastError
CopyFileExW
AlphaBlend
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetFileInfoW
Ord(12)
StrCmpW
StrCmpNW
PathUnquoteSpacesW
PathFindFileNameW
PathRemoveFileSpecW
PathMatchSpecW
PathAddBackslashW
PathQuoteSpacesW
StrCmpIW
PathRemoveBackslashW
StrChrW
SetFocus
EmptyClipboard
GetMonitorInfoW
GetForegroundWindow
GetParent
UpdateWindow
IntersectRect
EndDialog
SystemParametersInfoW
CreateDialogParamW
DefWindowProcW
GetDlgCtrlID
DestroyMenu
RegisterClassExW
PostQuitMessage
ScreenToClient
ShowWindow
GetCaretPos
FlashWindowEx
SetWindowPos
GetSystemMetrics
MonitorFromWindow
MessageBoxW
PeekMessageW
GetWindowRect
EndPaint
ScrollWindowEx
MoveWindow
DialogBoxParamW
AppendMenuW
CharLowerW
AdjustWindowRectEx
TranslateMessage
CreateWindowExW
MessageBoxIndirectW
GetScrollInfo
SetScrollInfo
GetKeyState
GetCursorPos
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
SetClipboardData
IsWindowVisible
UnregisterClassW
GetClientRect
SetWindowLongW
GetDlgItem
SetForegroundWindow
SetMenuDefaultItem
DispatchMessageW
ClientToScreen
InSendMessage
InvalidateRect
PostMessageW
DrawFocusRect
SetTimer
GetClassNameW
TrackPopupMenu
IsDialogMessageW
MonitorFromPoint
SetWindowTextW
GetWindowTextW
LoadIconW
GetDC
MsgWaitForMultipleObjects
GetWindowLongW
CloseClipboard
DrawTextW
DestroyWindow
ReplyMessage
OpenClipboard
SetWindowTheme
WinHttpConnect
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
GdipCreateFontFromDC
GdipCreateStringFormat
GdipDeleteBrush
GdipCreateSolidFill
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipSetStringFormatHotkeyPrefix
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipGetImageWidth
GdipAlloc
GdipDrawImageRectI
GdipCloneBrush
GdipFree
GdipDrawString
GdipGetImageHeight
GdipDeleteStringFormat
GdipCloneImage
GdipSetStringFormatLineAlign
_except_handler3
_purecall
_vsnprintf
memmove
memset
memcpy
_vsnwprintf
CoInitializeEx
CoUninitialize
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_RCDATA 11
RT_DIALOG 5
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 19
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:09:07 15:57:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
64512

LinkerVersion
11.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1e00

InitializedDataSize
284160

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 04fb36199787f2e3e2135611a38321eb
SHA1 65559245709fe98052eb284577f1fd61c01ad20d
SHA256 d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
ssdeep
6144:sWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkEuCaNT85I2vCMX5l+ZRv

authentihash ebb27a081a337cc9f514610c1b03a5cefbcdb2f89a8ee63e06c400d44de69274
imphash 7e8ad4139efc6cbcf31df3bc4b291dd8
File size 338.0 KB ( 346112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2013-09-08 15:47:14 UTC ( 5 years ago )
Last submission 2018-09-20 08:43:35 UTC ( 11 hours, 19 minutes ago )
File names 0709.exe.x-msdos-program
{34184A33-0407-212E-3300-09040709E2C2}.exe
{213D7E33-3912-1C20-3D3D-01070BCDFFF3}.exe
malware_sample.exe
test.exe
bank.exe
37769.bin
file-2.exe
{71257279-042b-371d-a1d3-fbf8d2fadffa}.exe
cry3.exe
{D0EE94E5-EF8C-E6CC-8E83-EDE6D2CD2F14}.exe
file.exe
localfile~
vti-rescan
cryptolocker!!!.exe
0709.exe.dat
salab138.soleranetworks.com_2014-10-15T11.09.45-0600_192.168.0.32-2201_174.138.172.57-80_04fb36199787f2e3e2135611a38321eb_8.exe
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
cry2.exe
0709.exe
cryptolocker_DO_NOT_RUN_WILL_ENCRYPT_ALL_FILES.notanexe
{71257279-042b-371d-a1d3-fbf8d2fadffa}.ex_
malware
{71257279-042b-371d-a1d3-fbf8d2fadffa}.exe
04fb36
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!