× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ebc06b56785f32b5d80bab14ed518e3d6e189c925f6d54dc7805fc7e867a1273
File name: malware.exe
Detection ratio: 22 / 64
Analysis date: 2017-09-26 17:40:52 UTC ( 3 weeks, 5 days ago ) View latest
Antivirus Result Update
AegisLab Ransom.Cerber.Smaly0!c 20170926
Avast FileRepMalware 20170926
AVG FileRepMalware 20170926
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170926
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170926
Endgame malicious (high confidence) 20170821
Fortinet W32/Locky.FWSD!tr.ransom 20170926
Sophos ML heuristic 20170914
Malwarebytes Ransom.Locky 20170926
MAX malware (ai score=99) 20170926
McAfee Ransom-Locky!EFDB6033DCCF 20170926
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.hc 20170926
Palo Alto Networks (Known Signatures) generic.ml 20170926
Qihoo-360 HEUR/QVM20.1.1B88.Malware.Gen 20170926
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170926
Symantec ML.Attribute.HighConfidence 20170926
TrendMicro Ransom_CERBER.SMALY0 20170926
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170926
Webroot W32.Malware.Gen 20170926
WhiteArmor Malware.HighConfidence 20170829
Ad-Aware 20170926
AhnLab-V3 20170926
Alibaba 20170911
ALYac 20170926
Antiy-AVL 20170926
Arcabit 20170926
Avast-Mobile 20170926
Avira (no cloud) 20170926
AVware 20170926
BitDefender 20170926
CAT-QuickHeal 20170926
ClamAV 20170926
CMC 20170926
Comodo 20170926
Cyren 20170926
DrWeb 20170926
Emsisoft 20170926
ESET-NOD32 20170926
F-Prot 20170926
F-Secure 20170926
GData 20170926
Ikarus 20170926
Jiangmin 20170926
K7AntiVirus 20170926
K7GW 20170926
Kaspersky 20170926
Kingsoft 20170926
Microsoft 20170925
eScan 20170926
NANO-Antivirus 20170926
nProtect 20170926
Panda 20170926
Rising 20170926
SUPERAntiSpyware 20170926
Symantec Mobile Insight 20170926
Tencent 20170926
TheHacker 20170925
Trustlook 20170926
VBA32 20170926
VIPRE 20170926
ViRobot 20170926
Yandex 20170908
Zillya 20170926
ZoneAlarm by Check Point 20170926
Zoner 20170926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-16 19:36:37
Entry Point 0x00003D89
Number of sections 4
PE sections
PE imports
CMP_Init_Detection
CMP_Report_LogOn
CM_Add_Range
CM_Add_IDA
LeaveCriticalSection
GetTempPathA
GetConsoleAliasA
LoadLibraryA
WaitNamedPipeW
GetCurrentProcessId
GetModuleFileNameW
GetProfileSectionW
WaitForSingleObject
SearchPathA
GetStringTypeA
IsBadWritePtr
GetLogicalDriveStringsW
FindNextFileA
GetCurrentThreadId
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetExpandedNameA
GradientFill
AlphaBlend
TraceSQLCancel
TraceSQLError
LoadCursorA
LoadIconA
IsDialogMessageW
DrawStateA
GetPropW
PostMessageA
CreateDesktopW
LoadStringW
MessageBoxA
IsCharUpperW
DispatchMessageW
LoadMenuW
GetClassLongA
Number of PE resources by type
RT_RCDATA 2
RT_STRING 1
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:06:16 20:36:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56832

LinkerVersion
8.0

EntryPoint
0x3d89

InitializedDataSize
546816

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Overlay parents
Compressed bundles
File identification
MD5 efdb6033dccf27fe103b8fc13bc4f2d7
SHA1 40c29251a7c4325e950af1276fbf82196c3bddb8
SHA256 ebc06b56785f32b5d80bab14ed518e3d6e189c925f6d54dc7805fc7e867a1273
ssdeep
12288:vj6wdOcYExLY0ebcIZ3pxCU5/2jEa95pY0Er4L1wD88P5DmWmey:vjRLe0Mco3pxCU5/2jEafpVe4L1C88xu

authentihash 7eaa4de6916c944014c0b8986339084aefee9ed8e9cf9fdb89c74d005dc2c35c
imphash 81b22482e6654561d85aa4fe1626ec78
File size 590.5 KB ( 604672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-26 16:52:23 UTC ( 3 weeks, 5 days ago )
Last submission 2017-10-05 20:48:40 UTC ( 2 weeks, 3 days ago )
File names jkhguygv73
efdb6033.gxe
jkhguygv73[1].1.dr
malware.exe
TIdfWaypLmd.exe
output.112292665.txt
efdb6033dccf27fe103b8fc13bc4f2d7.exe
vhJIoM.exe
locky
366_08_31_2017_22_44_17_366.exe.malware.MRG
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs