× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e8088c266a0e536325ff90fd5026a109deafe466d3f8004e6fe9cc83905eaf65
File name: jhdgc63
Detection ratio: 16 / 65
Analysis date: 2017-09-28 16:47:14 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170928
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170928
Endgame malicious (high confidence) 20170821
Fortinet W32/Locky.FWSD!tr.ransom 20170928
Sophos ML heuristic 20170914
McAfee-GW-Edition BehavesLike.Win32.Ransomware.hc 20170928
Palo Alto Networks (Known Signatures) generic.ml 20170928
Qihoo-360 HEUR/QVM20.1.267C.Malware.Gen 20170928
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazqucEDDJV/dnAC4Nfbd1O2A) 20170928
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170928
Symantec ML.Attribute.HighConfidence 20170928
TrendMicro Ransom_CERBER.SMALY0 20170928
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170928
WhiteArmor Malware.HighConfidence 20170927
Ad-Aware 20170928
AegisLab 20170928
AhnLab-V3 20170928
Alibaba 20170911
ALYac 20170928
Antiy-AVL 20170928
Arcabit 20170928
Avast 20170928
Avast-Mobile 20170928
AVG 20170928
Avira (no cloud) 20170928
AVware 20170928
BitDefender 20170928
CAT-QuickHeal 20170928
ClamAV 20170928
CMC 20170928
Comodo 20170928
Cyren 20170928
DrWeb 20170928
Emsisoft 20170928
ESET-NOD32 20170928
F-Prot 20170928
F-Secure 20170928
GData 20170928
Ikarus 20170928
Jiangmin 20170928
K7AntiVirus 20170928
K7GW 20170928
Kaspersky 20170928
Kingsoft 20170928
Malwarebytes 20170928
MAX 20170928
McAfee 20170928
Microsoft 20170928
eScan 20170928
NANO-Antivirus 20170928
nProtect 20170928
Panda 20170928
SUPERAntiSpyware 20170928
Symantec Mobile Insight 20170928
Tencent 20170928
TheHacker 20170925
TotalDefense 20170928
Trustlook 20170928
VBA32 20170928
VIPRE 20170928
ViRobot 20170928
Webroot 20170928
Yandex 20170908
Zillya 20170928
ZoneAlarm by Check Point 20170928
Zoner 20170928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-24 10:56:05
Entry Point 0x00002AF7
Number of sections 4
PE sections
PE imports
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
ClusterEnum
CloseClusterGroup
CloseClusterNode
CreateJobObjectA
GetFileAttributesA
GetModuleFileNameW
UnmapViewOfFile
WaitForSingleObject
CreateMailslotW
GetOEMCP
GetLogicalDriveStringsW
CreateFileA
GetCommandLineA
LoadLibraryA
GetProcAddress
MoveFileExA
GetModuleHandleW
SetLastError
CPEncrypt
CPGenKey
CPDecrypt
InsertMenuA
PeekMessageA
LoadStringA
GetPropW
LoadMenuA
LoadCursorW
LoadIconW
IsDialogMessageA
LoadBitmapA
GetClassLongA
CharToOemA
Number of PE resources by type
RT_RCDATA 2
RT_STRING 1
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:24 12:56:05+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
41984

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, Aggressive working-set trim, 32-bit, No debug

EntryPoint
0x2af7

InitializedDataSize
546816

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3806953d0eda6981eb74f6203b418cd1
SHA1 e94d31d1e3f9b12fbf10f909dae4aef40538c1d0
SHA256 e8088c266a0e536325ff90fd5026a109deafe466d3f8004e6fe9cc83905eaf65
ssdeep
12288:q2auxM5/3Wi748sx3JpXCcb6w8m8OfFSUzEC86FR/jiQSKXc:Suq5uigx7ycGpj8H8MJigc

authentihash e97630f18848c2828643f8ed87237247e9e3337556274562e478a1635e817c09
imphash 0f5a34db9f244a5b90c7dc3980446f0d
File size 576.0 KB ( 589824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-28 16:47:14 UTC ( 1 year, 6 months ago )
Last submission 2019-03-06 04:02:26 UTC ( 1 month, 2 weeks ago )
File names e8088c266a0e536325ff90fd5026a109deafe466d3f8004e6fe9cc83905eaf65
jhdgc63
output.112296238.txt
jhdgc63
VirusShare_3806953d0eda6981eb74f6203b418cd1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications