× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ecbe8ab4a1d08eac6a0cab99ace3e0eb6a37a9834e2996c208cdf91b351ff022
File name: messg.jpg
Detection ratio: 47 / 69
Analysis date: 2019-02-20 00:46:34 UTC ( 1 month ago )
Antivirus Result Update
Acronis suspicious 20190219
Ad-Aware Trojan.GenericKD.31615007 20190220
AhnLab-V3 Trojan/Win32.Hermesran.R254356 20190219
ALYac Trojan.Ransom.Shade 20190220
Antiy-AVL Trojan[Ransom]/Win32.Shade 20190220
Avast Win32:Trojan-gen 20190220
AVG Win32:Trojan-gen 20190220
Avira (no cloud) TR/AD.Troldesh.jqrop 20190219
BitDefender Trojan.GenericKD.31615007 20190220
CAT-QuickHeal Trojan.Azden 20190219
Comodo Malware@#1itqh2rz0y47o 20190219
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190220
Cyren W32/Trojan.HXGR-2675 20190220
DrWeb Trojan.Encoder.858 20190220
Emsisoft Trojan-Ransom.Shade (A) 20190220
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/Filecoder.Shade.A 20190220
F-Secure Trojan.TR/AD.Troldesh.jqrop 20190219
Fortinet W32/Kryptik.GOUT!tr.ransom 20190220
GData Trojan.GenericKD.31615007 20190219
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00546c801 ) 20190219
K7GW Trojan ( 00546c801 ) 20190219
Kaspersky Trojan-Ransom.Win32.Shade.pll 20190220
Malwarebytes Trojan.MalPack 20190219
McAfee Trojan-FQMJ!CAD93BDCBCF8 20190220
McAfee-GW-Edition Trojan-FQMJ!CAD93BDCBCF8 20190219
Microsoft Trojan:Win32/Occamy.C 20190220
eScan Trojan.GenericKD.31615007 20190220
NANO-Antivirus Trojan.Win32.Kryptik.fmnowj 20190220
Palo Alto Networks (Known Signatures) generic.ml 20190220
Panda Trj/GdSda.A 20190219
Qihoo-360 HEUR/QVM20.1.E8FF.Malware.Gen 20190220
Rising Trojan.Kryptik!8.8 (CLOUD) 20190220
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Cerber-K 20190219
Symantec Ransom.Troldesh 20190219
Tencent Win32.Trojan.Shade.Tccf 20190220
Trapmine malicious.high.ml.score 20190123
TrendMicro Ransom_Shade.R03FC0OB119 20190219
TrendMicro-HouseCall Ransom_Shade.R03FC0OB119 20190220
VBA32 TrojanRansom.Shade 20190219
Webroot W32.Malware.gen 20190220
Yandex Trojan.Shade! 20190219
Zillya Trojan.Shade.Win32.985 20190219
ZoneAlarm by Check Point Trojan-Ransom.Win32.Shade.pll 20190220
AegisLab 20190220
Alibaba 20180921
Arcabit 20190220
Avast-Mobile 20190219
Babable 20180918
Baidu 20190215
Bkav 20190219
ClamAV 20190219
CMC 20190219
Cybereason 20190109
eGambit 20190220
F-Prot 20190220
Jiangmin 20190220
Kingsoft 20190220
MAX 20190221
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190207
TACHYON 20190220
TheHacker 20190217
TotalDefense 20190219
Trustlook 20190220
ViRobot 20190219
Zoner 20190220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name msinfo.dll
Internal name msinfo.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description System Information
Signature verification The digital signature of the object did not verify.
Signing date 3:24 AM 2/20/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-31 04:02:08
Entry Point 0x000039A0
Number of sections 5
PE sections
Overlays
MD5 9b47931a755e6d4fe12c050ca74c9e9b
File type data
Offset 1214464
Size 3336
Entropy 7.33
PE imports
RegOpenKeyExW
GetEnhMetaFileA
GetDCBrushColor
GetColorSpace
CreateMetaFileA
GetPixelFormat
GetPolyFillMode
CancelDC
GetTextColor
GetMapMode
GetLastError
LoadLibraryW
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
LoadLibraryA
RtlUnwind
GetCurrentProcess
SetConsoleCtrlHandler
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
GetStartupInfoW
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
GetModuleFileNameW
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
SetPriorityClass
FreeLibrary
LocalFree
TerminateProcess
CreateEventW
OutputDebugStringW
OpenEventW
Sleep
SetThreadPriority
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
GetListBoxInfo
CharToOemBuffA
CreatePopupMenu
IsCharUpperA
DestroyCursor
EndMenu
GetInputState
IsMenu
GetDesktopWindow
EnumClipboardFormats
GetCursor
DrawMenuBar
GetWindowContextHelpId
LoadCursorA
GetProcessWindowStation
GetClipboardSequenceNumber
DestroyWindow
Number of PE resources by type
RT_ICON 26
RT_GROUP_ICON 2
RT_RCDATA 1
RT_BITMAP 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 32
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
System Information

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1199104

EntryPoint
0x39a0

OriginalFileName
msinfo.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2019:01:31 05:02:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
msinfo.dll

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
15872

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 cad93bdcbcf806d7409e6899d1d40d5d
SHA1 e543186e78d2d36a00dbc187e34e2379a7f993d7
SHA256 ecbe8ab4a1d08eac6a0cab99ace3e0eb6a37a9834e2996c208cdf91b351ff022
ssdeep
24576:V/KnFivASBMXgRNhrW+PZrtNeGmUVIjtLpw5tLpwX:1gFivAuMX6NQ+PZrtwGmcutLUtLk

authentihash 8545150bcd8faa1c2d70c1c417cabc9746ad894e564312f7e2d988f6f76803bd
imphash 3c775e96b806128b1dc225d68ec6d59a
File size 1.2 MB ( 1217800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-31 04:55:13 UTC ( 1 month, 3 weeks ago )
Last submission 2019-02-14 13:57:14 UTC ( 1 month ago )
File names output.115101552.txt
msinfo.dll
output.115120311.txt
messg.jpg
radFBB39.tmp
rad6D853.tmp
csrss(114).gxe
csrss.exe
csrss.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications