× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dbf6e09c1ee66ae22b9ede51e931e8da444b0b7eefc7817a9f220d8077ee2d44
File name: 87tg7v645c.exe
Detection ratio: 8 / 54
Analysis date: 2016-03-07 16:13:23 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.FCC2 20160307
ESET-NOD32 Win32/Filecoder.Locky.A 20160307
Kaspersky UDS:DangerousObject.Multi.Generic 20160307
McAfee-GW-Edition BehavesLike.Win32.AAEH.ch 20160307
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160307
Sophos AV Mal/Generic-S 20160307
TrendMicro Ransom_LOCKY.LC 20160307
TrendMicro-HouseCall Ransom_LOCKY.LC 20160307
Ad-Aware 20160307
AegisLab 20160307
Yandex 20160306
AhnLab-V3 20160307
Alibaba 20160307
ALYac 20160305
Arcabit 20160307
Avast 20160307
AVG 20160307
Avira (no cloud) 20160307
AVware 20160307
Baidu-International 20160307
BitDefender 20160307
ByteHero 20160307
CAT-QuickHeal 20160305
ClamAV 20160306
CMC 20160307
Comodo 20160307
Cyren 20160307
DrWeb 20160307
Emsisoft 20160307
F-Prot 20160307
F-Secure 20160307
Fortinet 20160307
GData 20160307
Ikarus 20160307
Jiangmin 20160307
K7AntiVirus 20160307
K7GW 20160307
Malwarebytes 20160307
McAfee 20160307
Microsoft 20160307
eScan 20160307
NANO-Antivirus 20160307
nProtect 20160307
Panda 20160307
Rising 20160307
SUPERAntiSpyware 20160306
Symantec 20160307
Tencent 20160307
TheHacker 20160305
VBA32 20160306
VIPRE 20160307
ViRobot 20160307
Zillya 20160306
Zoner 20160307
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-09-07 23:11:22
Entry Point 0x000214EC
Number of sections 4
PE sections
PE imports
HeapFree
GlobalAlloc
HeapDestroy
FatalAppExitA
FindFirstFileW
GetConsoleScreenBufferInfo
FindFirstChangeNotificationW
__p__fmode
_outp
log
_acmdln
__p__commode
_errno
ceil
toupper
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
GetScrollRange
LoadBitmapW
SetClassLongW
SetRectEmpty
CopyIcon
KillTimer
SendNotifyMessageW
GetClipboardData
ShowScrollBar
IsWindow
GetTabbedTextExtentA
RegisterClassExW
RegisterClipboardFormatA
MoveWindow
IntersectRect
MessageBoxA
DrawIcon
GetDlgItemTextW
CharUpperA
GetMenuItemID
GetKeyState
GetDlgCtrlID
DrawStateA
DrawIconEx
GetClassInfoW
CharLowerBuffA
WinHelpA
UnionRect
LoadAcceleratorsA
GetKeyboardState
GetMenuItemCount
ValidateRect
CopyAcceleratorTableW
GetFocus
CharToOemA
WindowFromDC
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 8
RT_VERSION 1
Number of PE resources by language
PORTUGUESE BRAZILIAN 7
PUNJABI DEFAULT 6
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.180.98.9

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
147456

EntryPoint
0x214ec

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011

FileVersion
96, 128, 113, 96

TimeStamp
2006:09:08 00:11:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Halogens

ProductVersion
234, 40, 118, 230

FileDescription
Eyes

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Global Graphics Software Ltd.

CodeSize
135168

ProductName
Intellectuals Flannel

ProductVersionNumber
0.186.248.128

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e4e1325c4ded2cd8b4487f8a16c5095b
SHA1 8599b0f4b49cccc1505a3aa177f922bb75340049
SHA256 dbf6e09c1ee66ae22b9ede51e931e8da444b0b7eefc7817a9f220d8077ee2d44
ssdeep
3072:5OV3k6wVvaEwCFjJdpWrjji/g7nZ1rB9vwWLaIWC1LhRB:5Ou5vaE/VUjj7DZb9YWWIW

authentihash e5fa8bf60a4f52d6fa163129bc76fcfb678d1e36c917b1290b1423b32d6f8a9f
imphash b45cb3f240d24775b2c7c93b362f80ff
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-07 12:14:07 UTC ( 1 year, 6 months ago )
Last submission 2017-08-08 00:57:54 UTC ( 1 month, 1 week ago )
File names 87tg7v645c[1].exe.1812241170.DROPPED
SUUN.exe
ESADlocky.exe
faPEDGTkPwo.exe
dbf6e09c1ee66ae22b9ede51e931e8da444b0b7eefc7817a9f220d8077ee2d44.exe
HKFzUDTp.exe
1D351F4B.vXE
AdhMjVfgI.exe
87tg7v645c.exe
GNmWeWHGx.exe
87tg7v645c.exe
output.89258856.txt
87tg7v645c[1].exe.4060.dr
89258856
DdVNICMdu.exe
gotpage.BIN
87tg7v645c.exe
e4e1325c4ded2cd8b4487f8a16c5095b.exe
5AF520AD3507DA22AAA756357E78EB57
3185526
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications