× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e43fb62c12fcf1be9f9982e81a59350a8f9dd2389198c0b332cef832a63aac0f
File name: output.115101523.txt
Detection ratio: 51 / 70
Analysis date: 2019-02-09 22:31:19 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190208
Ad-Aware Trojan.GenericKD.31537595 20190209
AegisLab Trojan.Win32.Shade.4!c 20190209
AhnLab-V3 Trojan/Win32.Shade.C2948133 20190209
ALYac Trojan.Ransom.Shade 20190209
Antiy-AVL Trojan/Win32.Agent 20190209
Arcabit Trojan.Generic.D1E139BB 20190208
Avast Win32:Malware-gen 20190209
AVG Win32:Malware-gen 20190209
Avira (no cloud) TR/AD.Troldesh.nelvv 20190209
BitDefender Trojan.GenericKD.31537595 20190209
CAT-QuickHeal Trojan.Multi 20190209
Comodo Malware@#1iks73actujcy 20190209
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cylance Unsafe 20190209
Cyren W32/Trojan.GKUG-2409 20190209
DrWeb Trojan.Encoder.858 20190209
Emsisoft Trojan-Ransom.Shade (A) 20190209
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Filecoder.Shade.A 20190209
F-Prot W32/Kryptik.QS.gen!Eldorado 20190209
F-Secure Trojan.TR/AD.Troldesh.nelvv 20190209
Fortinet Malicious_Behavior.SB 20190209
GData Trojan.GenericKD.31537595 20190209
Ikarus Trojan-Ransom.FileCrypter 20190209
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0001140e1 ) 20190209
K7GW Trojan ( 0001140e1 ) 20190209
Kaspersky Trojan-Ransom.Win32.Shade.pix 20190209
Malwarebytes Ransom.Troldesh 20190209
MAX malware (ai score=100) 20190209
McAfee Trojan-Ransom 20190209
McAfee-GW-Edition Trojan-Ransom 20190209
Microsoft VirTool:Win32/CeeInject.AAK!bit 20190209
eScan Trojan.GenericKD.31537595 20190209
NANO-Antivirus Trojan.Win32.Encoder.fmdncu 20190209
Palo Alto Networks (Known Signatures) generic.ml 20190209
Panda Trj/GdSda.A 20190209
Qihoo-360 Win32/Trojan.Ransom.f3d 20190209
Rising Ransom.Troldesh!8.5D1 (CLOUD) 20190209
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190209
Symantec Downloader 20190209
Tencent Win32.Trojan.Shade.Ecaj 20190209
Trapmine malicious.high.ml.score 20190123
TrendMicro Ransom.Win32.SHADE.THOABBAI 20190209
TrendMicro-HouseCall Ransom.Win32.SHADE.THOABBAI 20190209
VBA32 TrojanRansom.Troldesh 20190208
ViRobot Trojan.Win32.Ransom.1086216 20190209
Webroot W32.Trojan.Gen 20190209
ZoneAlarm by Check Point Trojan-Ransom.Win32.Shade.pix 20190209
Alibaba 20180921
Avast-Mobile 20190209
Babable 20180918
Baidu 20190202
Bkav 20190201
ClamAV 20190209
CMC 20190209
Cybereason 20190109
eGambit 20190209
Jiangmin 20190209
Kingsoft 20190209
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190209
TheHacker 20190203
TotalDefense 20190206
Trustlook 20190209
Yandex 20190208
Zillya 20190208
Zoner 20190209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 8:53 AM 2/28/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-18 02:32:51
Entry Point 0x000080A0
Number of sections 3
PE sections
Overlays
MD5 869f42207db46bc5adbf4674b800f985
File type data
Offset 1082880
Size 3336
Entropy 7.32
PE imports
RegQueryValueExA
RegOpenKeyExW
VirtualAllocEx
GetProcAddress
LoadLibraryW
GetModuleHandleW
SetUnhandledExceptionFilter
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:01:17 18:32:51-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
31232

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x80a0

InitializedDataSize
1050624

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 8a714ad99ae5dbd5fd8432efafb5b8e6
SHA1 d8418df846e93da657312acd64a671887e8d0fa7
SHA256 e43fb62c12fcf1be9f9982e81a59350a8f9dd2389198c0b332cef832a63aac0f
ssdeep
12288:X9RvHO/Y9IreCfctWBc+hCUwbLJwezpEnfc27nVMHrfTpWr33W5oz5yOt3G/f/vW:XKIoeCEtac88bLEcSnVKf1U55yOA34Cm

authentihash b7942784bb3c0782a5ffb1f133c8285958d5c7448814cd5ce0fd2c60e738e53a
imphash de3ab2af93982fc1df824dd1fb9b4288
File size 1.0 MB ( 1086216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-18 03:51:52 UTC ( 2 months ago )
Last submission 2019-02-14 13:57:54 UTC ( 1 month ago )
File names ssj.exe
csrss.exe
output.114973005.txt
output.115101523.txt
ssj.jpg
output.114978890.txt
csrss.exe
output.114974751.txt
output.114978892.txt
output.114971112.txt
output.114973013.txt
csrss.exe
output.114974880.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened mutexes
Runtime DLLs
TCP connections