× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
File name: d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9.bin
Detection ratio: 59 / 69
Analysis date: 2019-02-20 00:24:15 UTC ( 1 day, 23 hours ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BBPC 20190219
AhnLab-V3 Trojan/Win32.Blocker.C199567 20190219
ALYac Trojan.Ransom.CryptoLocker.A 20190219
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20190219
Arcabit Trojan.Agent.BBPC 20190219
Avast Win32:Ransom-AQL [Trj] 20190219
AVG Win32:Ransom-AQL [Trj] 20190219
Avira (no cloud) TR/Crilock.A.11 20190219
BitDefender Trojan.Agent.BBPC 20190219
Bkav W32.VariantMedfosF.Trojan 20190219
CAT-QuickHeal Ransom.Crilock.A5 20190219
ClamAV Win.Trojan.Cryptolocker-2 20190219
CMC Trojan-Ransom.Win32!O 20190219
Comodo Malware@#oi695v6zm5q5 20190219
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190219
Cyren W32/Ransom.RQHI-1717 20190219
DrWeb Trojan.Encoder.304 20190219
Emsisoft Trojan.Agent.BBPC (B) 20190219
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/Filecoder.BQ 20190219
F-Prot W32/Ransom.EC 20190219
F-Secure Trojan.TR/Crilock.A.11 20190219
Fortinet W32/Filecoder.BQ!tr 20190219
GData Win32.Trojan-Ransom.Cryptolocker.A 20190219
Ikarus Trojan-Ransom.CryptoLocker 20190219
Jiangmin Trojan/Blocker.gig 20190219
K7AntiVirus Trojan ( 0001140e1 ) 20190219
K7GW Trojan ( 0001140e1 ) 20190219
Kaspersky Trojan-Ransom.Win32.Blocker.cfwh 20190219
Kingsoft Win32.Troj.Undef.(kcloud) 20190219
Malwarebytes Ransom.FileCryptor 20190219
McAfee Generic.dx!04FB36199787 20190219
McAfee-GW-Edition BehavesLike.Win32.Gupboot.fc 20190219
Microsoft Ransom:Win32/Crilock.A 20190219
eScan Trojan.Agent.BBPC 20190219
NANO-Antivirus Trojan.Win32.Blocker.ctckvo 20190219
Palo Alto Networks (Known Signatures) generic.ml 20190219
Panda Trj/WLT.A 20190219
Qihoo-360 Win32/Trojan.Ransom.5c9 20190219
Rising Trojan.CryptoLocker!1.9E7C (CLOUD) 20190219
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/Ransom-ACV 20190219
SUPERAntiSpyware Trojan.Agent/Gen 20190213
Symantec Ransom.Cryptolocker 20190219
TACHYON Trojan/W32.Blocker.346112.B 20190219
Tencent Win32.Trojan.Blocker.Hfn 20190219
TheHacker Trojan/Filecoder.bq 20190217
TotalDefense Win32/CryptoLocker.K 20190219
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_RANSOM.SMLD 20190219
TrendMicro-HouseCall TROJ_RANSOM.SMLD 20190219
VBA32 Hoax.Blocker 20190219
ViRobot Trojan.Win32.S.Agent.346112.BG 20190219
Webroot W32.Obfuscated.Gen 20190219
Yandex Trojan.Kazy!HF4Ga+lwjwI 20190218
Zillya Trojan.Blocker.Win32.10224 20190219
ZoneAlarm by Check Point Trojan-Ransom.Win32.Blocker.cfwh 20190219
Zoner Trojan.Win32.20293 20190219
Acronis 20190219
AegisLab 20190219
Alibaba 20180921
Avast-Mobile 20190219
Babable 20180917
Baidu 20190214
Cybereason 20190109
eGambit 20190219
Sophos ML 20181128
MAX 20190219
Symantec Mobile Insight 20190206
Trustlook 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-07 14:57:57
Entry Point 0x00001E00
Number of sections 5
PE sections
PE imports
CryptDestroyKey
RegCreateKeyExW
RegCloseKey
RegEnumValueW
CryptEncrypt
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptImportKey
CryptCreateHash
RegFlushKey
CryptGetKeyParam
RegOpenKeyExW
CryptGenKey
CryptReleaseContext
RegQueryInfoKeyW
RegEnumKeyExW
CryptAcquireContextW
CryptDecrypt
CryptDestroyHash
RegDeleteValueW
RegSetValueExW
CryptSetKeyParam
CryptGetHashParam
CryptExportKey
Ord(413)
InitCommonControlsEx
Ord(410)
CryptDecodeObjectEx
CryptStringToBinaryA
CryptImportPublicKeyInfo
GetDeviceCaps
GetObjectA
DeleteDC
CreateFontIndirectW
SelectObject
CreateSolidBrush
GetObjectW
SetBkMode
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
GetUserDefaultUILanguage
GetSystemTime
GetLastError
HeapFree
GetModuleFileNameW
SystemTimeToFileTime
ReleaseMutex
FileTimeToSystemTime
LoadLibraryW
GlobalFree
SetEvent
FreeLibrary
QueryPerformanceCounter
EnterCriticalSection
HeapAlloc
FlushFileBuffers
GetHandleInformation
GlobalUnlock
GetFileAttributesW
GetCommandLineW
DeleteCriticalSection
FileTimeToLocalFileTime
SizeofResource
GetVolumeInformationW
WaitForSingleObject
WaitForMultipleObjects
LockResource
SetFileTime
GetModuleHandleW
CreateThread
GetDateFormatW
SetErrorMode
MultiByteToWideChar
SetFilePointerEx
DeleteFileW
GetProcAddress
GetProcessHeap
GetComputerNameW
GetFileTime
GetTimeFormatW
GetLogicalDrives
GetFileSizeEx
WideCharToMultiByte
GetDiskFreeSpaceExW
MoveFileExW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
FindResourceExW
CreateMutexW
ReadFile
ResetEvent
FindFirstFileW
HeapReAlloc
GlobalLock
GetDriveTypeW
LocalFree
GetTempPathW
ResumeThread
CreateEventW
InitializeCriticalSection
LoadResource
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
GetCurrentThread
SetFileAttributesW
SetThreadPriority
CloseHandle
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
GetEnvironmentVariableW
SetLastError
CopyFileExW
AlphaBlend
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetFileInfoW
Ord(12)
StrCmpW
StrCmpNW
PathUnquoteSpacesW
PathFindFileNameW
PathRemoveFileSpecW
PathMatchSpecW
PathAddBackslashW
PathQuoteSpacesW
StrCmpIW
PathRemoveBackslashW
StrChrW
SetFocus
EmptyClipboard
GetMonitorInfoW
GetForegroundWindow
GetParent
UpdateWindow
IntersectRect
EndDialog
SystemParametersInfoW
CreateDialogParamW
DefWindowProcW
GetDlgCtrlID
DestroyMenu
RegisterClassExW
PostQuitMessage
ScreenToClient
ShowWindow
GetCaretPos
FlashWindowEx
SetWindowPos
GetSystemMetrics
MonitorFromWindow
MessageBoxW
PeekMessageW
GetWindowRect
EndPaint
ScrollWindowEx
MoveWindow
DialogBoxParamW
AppendMenuW
CharLowerW
AdjustWindowRectEx
TranslateMessage
CreateWindowExW
MessageBoxIndirectW
GetScrollInfo
SetScrollInfo
GetKeyState
GetCursorPos
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
SetClipboardData
IsWindowVisible
UnregisterClassW
GetClientRect
SetWindowLongW
GetDlgItem
SetForegroundWindow
SetMenuDefaultItem
DispatchMessageW
ClientToScreen
InSendMessage
InvalidateRect
PostMessageW
DrawFocusRect
SetTimer
GetClassNameW
TrackPopupMenu
IsDialogMessageW
MonitorFromPoint
SetWindowTextW
GetWindowTextW
LoadIconW
GetDC
MsgWaitForMultipleObjects
GetWindowLongW
CloseClipboard
DrawTextW
DestroyWindow
ReplyMessage
OpenClipboard
SetWindowTheme
WinHttpConnect
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
GdipCreateFontFromDC
GdipCreateStringFormat
GdipDeleteBrush
GdipCreateSolidFill
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipSetStringFormatHotkeyPrefix
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipGetImageWidth
GdipAlloc
GdipDrawImageRectI
GdipCloneBrush
GdipFree
GdipDrawString
GdipGetImageHeight
GdipDeleteStringFormat
GdipCloneImage
GdipSetStringFormatLineAlign
_except_handler3
_purecall
_vsnprintf
memmove
memset
memcpy
_vsnwprintf
CoInitializeEx
CoUninitialize
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_RCDATA 11
RT_DIALOG 5
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 19
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:09:07 07:57:57-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
64512

LinkerVersion
11.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1e00

InitializedDataSize
284160

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 04fb36199787f2e3e2135611a38321eb
SHA1 65559245709fe98052eb284577f1fd61c01ad20d
SHA256 d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
ssdeep
6144:sWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvC:sWkEuCaNT85I2vCMX5l+ZRv

authentihash ebb27a081a337cc9f514610c1b03a5cefbcdb2f89a8ee63e06c400d44de69274
imphash 7e8ad4139efc6cbcf31df3bc4b291dd8
File size 338.0 KB ( 346112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2013-09-08 15:47:14 UTC ( 5 years, 5 months ago )
Last submission 2019-02-05 12:29:19 UTC ( 2 weeks, 2 days ago )
File names 0709.exe.x-msdos-program
{34184A33-0407-212E-3300-09040709E2C2}.exe
{213D7E33-3912-1C20-3D3D-01070BCDFFF3}.exe
malware_sample.exe
test.exe
bank.exe
37769.bin
file-2.exe
{71257279-042b-371d-a1d3-fbf8d2fadffa}.exe
cry3.exe
{D0EE94E5-EF8C-E6CC-8E83-EDE6D2CD2F14}.exe
file.exe
localfile~
vti-rescan
cryptolocker!!!.exe
0709.exe.dat
salab138.soleranetworks.com_2014-10-15T11.09.45-0600_192.168.0.32-2201_174.138.172.57-80_04fb36199787f2e3e2135611a38321eb_8.exe
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
cry2.exe
0709.exe
cryptolocker_DO_NOT_RUN_WILL_ENCRYPT_ALL_FILES.notanexe
{71257279-042b-371d-a1d3-fbf8d2fadffa}.ex_
malware
{71257279-042b-371d-a1d3-fbf8d2fadffa}.exe
04fb36
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!