× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: def95ea7fcea820294a13db5fdaa02c5d4b0baa93a5fda91c616534f783bc743
File name: def95ea7fcea820294a13db5fdaa02c5d4b0baa93a5fda91c616534f783bc743
Detection ratio: 51 / 59
Analysis date: 2017-03-17 09:46:20 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Heur.CryptoWall.1 20170317
AegisLab W32.W.Ngrbot.mDuH 20170317
AhnLab-V3 Trojan/Win32.MDA.C790418 20170317
ALYac Gen:Heur.CryptoWall.1 20170316
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20170316
Arcabit Trojan.CryptoWall.1 20170316
Avast Win32:Dorder-R [Trj] 20170316
AVG Generic_r.EPZ 20170316
Avira (no cloud) TR/Crypt.Xpack.179194 20170316
AVware Trojan.Win32.Generic!BT 20170316
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170316
BitDefender Gen:Heur.CryptoWall.1 20170316
CAT-QuickHeal Ransom.Crowti.A4 20170316
Comodo UnclassifiedMalware 20170316
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/S-d1064251!Eldorado 20170316
DrWeb BackDoor.NewFiz.28 20170316
Emsisoft Gen:Heur.CryptoWall.1 (B) 20170316
Endgame malicious (high confidence) 20170222
ESET-NOD32 Win32/Dorkbot.I 20170316
F-Prot W32/S-d1064251!Eldorado 20170316
F-Secure Gen:Heur.CryptoWall.1 20170316
Fortinet W32/Injector.CDJQ!tr 20170316
GData Gen:Heur.CryptoWall.1 20170316
Ikarus Worm.Win32.Kasidet 20170316
Sophos ML worm.win32.gamarue.ar 20170203
Jiangmin Trojan/Foreign.zsm 20170316
K7AntiVirus Trojan ( 004bbffb1 ) 20170316
K7GW Trojan ( 004bbffb1 ) 20170316
Kaspersky HEUR:Trojan.Win32.Generic 20170316
Malwarebytes Trojan.Agent.ED 20170316
McAfee Generic-FAWO!72269C016DA6 20170316
McAfee-GW-Edition Generic-FAWO!72269C016DA6 20170316
eScan Gen:Heur.CryptoWall.1 20170316
NANO-Antivirus Trojan.Win32.Ngrbot.dqbqny 20170316
Palo Alto Networks (Known Signatures) generic.ml 20170317
Panda Trj/Genetic.gen 20170316
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20170317
Rising Trojan.Generic (cloud:Lj1DAfsLs2K) 20170317
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV Mal/Generic-S 20170317
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20170317
Symantec Trojan.Gen.2 20170317
Tencent Win32.Worm.Dorkbot.Aedy 20170317
VBA32 Hoax.Foreign 20170316
VIPRE Trojan.Win32.Generic!BT 20170317
ViRobot Trojan.Win32.Injector.311296.A[h] 20170317
Webroot Malicious 20170317
Yandex Trojan.Foreign!QcZ+8kWf7/M 20170317
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170317
Zoner Trojan.Foreign 20170317
Alibaba 20170228
ClamAV 20170316
Kingsoft 20170317
Microsoft 20170316
nProtect 20170316
TheHacker 20170315
TotalDefense 20170317
TrendMicro 20170317
TrendMicro-HouseCall 20170317
Trustlook 20170317
WhiteArmor 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) 2005, 2006, Alexander Asyabrik aka Shura

Product DecrypTC
Original name decryptc.exe
Internal name decryptc
File version 1.2.0.0
Description FTP passwords' decrypting tool for TC
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-03 06:40:56
Entry Point 0x00022082
Number of sections 4
PE sections
PE imports
GetOpenFileNameA
GetSaveFileNameA
GetStdHandle
GetDriveTypeA
EncodePointer
SetInformationJobObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetCPInfo
GetThreadIOPendingFlag
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
PurgeComm
TlsGetValue
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
LockFileEx
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
TerminateProcess
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
CreateJobSet
GetTickCount
TlsAlloc
LoadLibraryA
RtlUnwind
CreateRemoteThread
ConvertFiberToThread
GetStartupInfoA
UnlockFile
SetProcessPriorityBoost
GetProcAddress
GetNamedPipeHandleStateW
GetProcessHeap
AssignProcessToJobObject
MapUserPhysicalPagesScatter
FindFirstFileExW
EncodeSystemPointer
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetShortPathNameW
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
PulseEvent
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
SetMailslotInfo
VirtualAlloc
ResetEvent
GetParent
GetScrollBarInfo
GetInputState
ReleaseCapture
CopyIcon
CreateCaret
ToAsciiEx
HiliteMenuItem
IsCharAlphaW
GetKBCodePage
SetCapture
DrawIcon
GetNextDlgGroupItem
GetClassLongW
IsMenu
GetMessageTime
GetWindow
VkKeyScanW
GetWindowWord
UpdateLayeredWindow
PaintDesktop
ScrollWindow
FindWindowExA
GetClientRect
CloseWindow
GetMenuCheckMarkDimensions
SetRect
GetLayeredWindowAttributes
GetSubMenu
SendMessageTimeoutA
LoadIconA
GetKeyboardType
DefDlgProcA
EnumThreadWindows
IsDlgButtonChecked
DeferWindowPos
ToAscii
SendMessageTimeoutW
GetWindowRgnBox
GetAncestor
ReplyMessage
SetCursor
CoRegisterClassObject
Number of PE resources by type
RT_VERSION 1
RT_DLGINCLUDE 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
CodeSize
160256

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
FTP passwords' decrypting tool for TC

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
86528

EntryPoint
0x22082

OriginalFileName
decryptc.exe

MIMEType
application/octet-stream

LegalCopyright
(c) 2005, 2006, Alexander Asyabrik aka Shura

FileVersion
1.2.0.0

TimeStamp
2015:04:03 07:40:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
decryptc

ProductVersion
1.2.0.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SNC

LegalTrademarks
(c) 2005, 2006, SNC

ProductName
DecrypTC

ProductVersionNumber
1.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 72269c016da6eeb7e059dc1134cfbff4
SHA1 07a0c005322f770efa91ac250146ba491c84579d
SHA256 def95ea7fcea820294a13db5fdaa02c5d4b0baa93a5fda91c616534f783bc743
ssdeep
3072:eS0GfrOiyX5+SyceVUJRVs6oqTIldSsAv+p+BE4SKCbwULo/CPj5Onl9c:n0hig5iceVUls6okIdcvX1ew2GCPa9c

authentihash 5dbf2bea4e3028cc817b604cfae32ad92db3ebe0e9afbcecd8a1872172ecf600
imphash ba97fc765e445a69e16d288e547cc643
File size 242.0 KB ( 247808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2015-04-09 17:37:15 UTC ( 3 years, 10 months ago )
Last submission 2017-03-17 09:46:20 UTC ( 1 year, 11 months ago )
File names decryptc
live.exe
decryptc.exe
DEF95EA7FCEA820294A13DB5FDAA02C5D4B0BAA93A5FDA91C616534F783BC743.EXE
live.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Created mutexes
Runtime DLLs
UDP communications