× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df7b8189f37b8a02509cc128c3281904397c515c8685899703a1c9ec08d5fb6e
File name: 51a0155e-c907-11e6-89cb-80e65024849a.file
Detection ratio: 56 / 67
Analysis date: 2018-03-01 20:03:54 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.Locky.AZ 20180301
AegisLab Troj.Crypt.Zpack!c 20180301
AhnLab-V3 Trojan/Win32.Kryptik.R189885 20180301
ALYac Trojan.Ransom.Locky.AZ 20180301
Antiy-AVL Trojan/Win32.Crypt 20180301
Arcabit Trojan.Ransom.Locky.AZ 20180301
Avast Win32:Ransom-AYZ [Trj] 20180301
AVG Win32:Ransom-AYZ [Trj] 20180301
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20180301
AVware Trojan.Win32.Generic!BT 20180301
Baidu Win32.Trojan.Kryptik.ayl 20180301
BitDefender Trojan.Ransom.Locky.AZ 20180301
CAT-QuickHeal Ransom.Locky.A6 20180301
Comodo TrojWare.Win32.Agent.muemk 20180301
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Cylance Unsafe 20180301
Cyren W32/Locky.BL.gen!Eldorado 20180301
DrWeb Trojan.Encoder.6709 20180301
eGambit Unsafe.AI_Score_98% 20180301
Emsisoft Trojan-Ransom.Locky (A) 20180301
Endgame malicious (high confidence) 20180301
ESET-NOD32 a variant of Win32/Kryptik.FJCV 20180301
F-Prot W32/Locky.BL.gen!Eldorado 20180301
F-Secure Trojan.Ransom.Locky.AZ 20180301
Fortinet W32/Generic.AP.2667E!tr 20180301
GData Trojan.Ransom.Locky.AZ 20180301
Ikarus Trojan-Ransom.Agent 20180301
Sophos ML heuristic 20180121
Jiangmin Trojan.Crypt.aew 20180301
K7AntiVirus Trojan ( 004fc4881 ) 20180301
K7GW Trojan ( 004fc4881 ) 20180301
Kaspersky HEUR:Trojan.Win32.Generic 20180301
Malwarebytes Ransom.Locky 20180301
MAX malware (ai score=100) 20180301
McAfee GenericRXAO-AX!8FA3B2B77707 20180301
McAfee-GW-Edition BehavesLike.Win32.Cutwail.ch 20180301
Microsoft Ransom:Win32/Locky 20180301
eScan Trojan.Ransom.Locky.AZ 20180301
NANO-Antivirus Trojan.Win32.Encoder.eieatq 20180301
nProtect Ransom/W32.Agent.185856.D 20180301
Panda Trj/Genetic.gen 20180301
Qihoo-360 Win32/Trojan.Ransom.ac1 20180301
Rising Ransom.Locky!8.1CD4 (TFE:1:4Qa4dEJpqFJ) 20180301
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Ransom-FA 20180301
SUPERAntiSpyware Ransom.Locky/Variant 20180301
Symantec Ransom.Locky 20180301
Tencent Win32.Trojan.Generic.Efbf 20180301
TrendMicro Ransom_LOCKY.DLDSAQM 20180301
TrendMicro-HouseCall Ransom_LOCKY.DLDSAQM 20180301
VIPRE Trojan.Win32.Generic!BT 20180301
Webroot W32.Malware.Gen 20180301
WhiteArmor Malware.HighConfidence 20180223
Yandex Trojan.Agent!rPtsnob5p2s 20180228
Zillya Trojan.Kryptik.Win32.963835 20180301
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180301
Alibaba 20180301
Avast-Mobile 20180301
Bkav 20180301
ClamAV 20180301
CMC 20180301
Cybereason 20180225
Kingsoft 20180301
Palo Alto Networks (Known Signatures) 20180301
Symantec Mobile Insight 20180220
TheHacker 20180301
TotalDefense 20180301
Trustlook 20180301
VBA32 20180301
ViRobot 20180301
Zoner 20180301
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
David De Groot

Product Alert
Original name Alert.dll
Internal name Alert
File version 2.01.0007
Description Alert clock
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-03 12:01:12
Entry Point 0x000245D6
Number of sections 7
PE sections
PE imports
RegOpenKeyW
AbortPath
BeginPath
AnimatePalette
AddFontMemResourceEx
AngleArc
GetDriveTypeW
GetCurrentProcessId
GetCommandLineW
GlobalAddAtomA
QueryPerformanceCounter
CloseHandle
CreateFileA
GetModuleFileNameA
LoadLibraryA
CommandLineToArgvW
SendMessageA
CharLowerA
PlaySoundA
ClosePrinter
_except_handler3
exit
_wtoi
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
LegalTrademarks
David De Groot

SubsystemVersion
5.0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.0.7

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Alert clock

CharacterSet
Unicode

InitializedDataSize
39424

EntryPoint
0x245d6

OriginalFileName
Alert.dll

MIMEType
application/octet-stream

LegalCopyright
David De Groot

FileVersion
2.01.0007

TimeStamp
2016:11:03 13:01:12+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Alert

ProductVersion
2.01.0007

UninitializedDataSize
4096

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bluefive software

CodeSize
145408

ProductName
Alert

ProductVersionNumber
2.1.0.7

FileTypeExtension
dll

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 8fa3b2b77707795aa2c0e7c933206d09
SHA1 4e237035a812acf0c87a671c87effcddee7d1d6a
SHA256 df7b8189f37b8a02509cc128c3281904397c515c8685899703a1c9ec08d5fb6e
ssdeep
3072:uXvB6bZdafqO2yqJQE7cZxUGABhfUF50zXH3nXL:uZ6brJyup7cZkPy

authentihash b7d6bf34a241ca46e966d378ea5c51afcfd2309b4e1d84aaa7fa56d6af07b036
imphash 69161fad7896fa3f6cbd1db55bbf9f44
File size 181.5 KB ( 185856 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-03 14:00:17 UTC ( 1 year, 5 months ago )
Last submission 2018-03-01 20:03:54 UTC ( 1 month, 3 weeks ago )
File names PBMqOLLjcEpTZ0.dll
hhh7pb
51a0155e-c907-11e6-89cb-80e65024849a.file
hhh7pb.dll
51a0155e-c907-11e6-89cb-80e65024849a.file.exe
Alert
aa
Alert.dll
df7b8189f37b8a02509cc128c3281904397c515c8685899703a1c9ec08d5fb6e
835ad585-adcb-11e6-9137-80e65024849a.file
Y8iz_.vcf
output.102475925.txt
hhh7pb
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!