× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db09e6f69ea651370d796ee2fd4a78d9a11cd82faea3f8d5ef007c04065b1e25
File name: onore.exe
Detection ratio: 28 / 67
Analysis date: 2017-10-21 12:01:20 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
AegisLab Ransom.Hpcerber.Smont4!c 20171021
Avast FileRepMetagen [Malware] 20171021
AVG FileRepMetagen [Malware] 20171021
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9980 20171020
BitDefender Gen:Variant.Graftor.418668 20171021
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171021
DrWeb Trojan.PWS.Panda.11620 20171021
eGambit malicious_confidence_100% 20171021
Emsisoft Gen:Variant.Graftor.418668 (B) 20171021
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/GenKryptik.BATZ 20171021
Fortinet W32/Kryptik.FXWM!tr 20171021
Sophos ML heuristic 20170914
K7GW Trojan ( 00519ede1 ) 20171021
Kaspersky UDS:DangerousObject.Multi.Generic 20171021
MAX malware (ai score=88) 20171021
McAfee Artemis!49513443CCC5 20171021
McAfee-GW-Edition BehavesLike.Win32.AdwareDealPly.ch 20171021
eScan Gen:Variant.Graftor.418668 20171021
Palo Alto Networks (Known Signatures) generic.ml 20171021
Rising Malware.Heuristic!ET#98% (RDM+:cmRtazq//CBRDPFJfq4sP/kRIJNj) 20171021
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Elenoocka-E 20171021
Symantec ML.Attribute.HighConfidence 20171020
TrendMicro Ransom_HPCERBER.SMONT4 20171021
TrendMicro-HouseCall Ransom_HPCERBER.SMONT4 20171021
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171021
Ad-Aware 20171021
AhnLab-V3 20171021
Alibaba 20170911
ALYac 20171021
Antiy-AVL 20171021
Arcabit 20171021
Avast-Mobile 20171021
Avira (no cloud) 20171021
AVware 20171021
Bkav 20171020
CAT-QuickHeal 20171020
ClamAV 20171021
CMC 20171018
Comodo 20171021
Cyren 20171021
F-Prot 20171021
F-Secure 20171021
GData 20171021
Ikarus 20171021
Jiangmin 20171021
K7AntiVirus 20171019
Kingsoft 20171021
Malwarebytes 20171021
Microsoft 20171021
NANO-Antivirus 20171021
nProtect 20171021
Panda 20171021
Qihoo-360 20171021
SUPERAntiSpyware 20171021
Symantec Mobile Insight 20171011
Tencent 20171021
TheHacker 20171017
TotalDefense 20171021
Trustlook 20171021
VBA32 20171020
VIPRE 20171021
ViRobot 20171021
Webroot 20171021
WhiteArmor 20171016
Yandex 20171020
Zillya 20171019
Zoner 20171021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-19 03:22:40
Entry Point 0x00004613
Number of sections 4
PE sections
PE imports
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
Ctl3dRegister
Ctl3dGetVer
Ctl3dCtlColor
GetNumberFormatA
CreateProcessA
CreateSemaphoreA
OpenJobObjectW
GetModuleHandleA
OpenEventW
GetEnvironmentStringsA
SleepEx
CreateJobObjectW
CreateDirectoryW
SetErrorMode
CloseHandle
OpenMutexW
ReadProcessMemory
CreateFileA
GetProcAddress
lstrcmpW
GetLocalTime
UpdateResourceA
SHGetFileInfoA
SHGetFolderPathW
StrChrW
SHEmptyRecycleBinW
DllGetClassObject
SHBrowseForFolderW
ShellAboutA
SHChangeNotify
ShellMessageBoxA
SHCreateShellItem
SHQueryRecycleBinA
SHAlloc
DragQueryFileA
FindExecutableA
SHGetMalloc
ShellExecuteA
SHFileOperationA
Number of PE resources by type
RT_RCDATA 10
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:10:19 04:22:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4613

InitializedDataSize
147456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 49513443ccc5845927cd66204f5f4e11
SHA1 8575b9c2c4c531d4f16d0671fcb7df424241e188
SHA256 db09e6f69ea651370d796ee2fd4a78d9a11cd82faea3f8d5ef007c04065b1e25
ssdeep
3072:woeoclH7FoqvGsFDErn3YC7BFAfaWLiuiPwKnGYEQuGu/M9:KvvGsK3YC7P4UPwKnGYEQuR0

authentihash 2a5cd10714110e1107b7f7c3750d0b56f89240b188751e6fdb9891fa978e164b
imphash f78f694ba30c48a52b36c66c70905dd6
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-21 09:39:53 UTC ( 1 year, 6 months ago )
Last submission 2018-07-20 19:34:23 UTC ( 9 months ago )
File names 1024-8575b9c2c4c531d4f16d0671fcb7df424241e188
onore.exe
49513443ccc5845927cd66204f5f4e11.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs