× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0
File name: yxugwjud6698.exe
Detection ratio: 0 / 67
Analysis date: 2019-03-08 12:43:50 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis 20190222
Ad-Aware 20190308
AegisLab 20190308
AhnLab-V3 20190308
Alibaba 20190306
ALYac 20190308
Antiy-AVL 20190308
Arcabit 20190308
Avast 20190308
Avast-Mobile 20190308
AVG 20190308
Avira (no cloud) 20190308
Babable 20180918
Baidu 20190306
BitDefender 20190308
Bkav 20190308
CAT-QuickHeal 20190308
ClamAV 20190308
CMC 20190308
Comodo 20190308
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190308
Cyren 20190308
DrWeb 20190308
eGambit 20190308
Emsisoft 20190308
Endgame 20190215
ESET-NOD32 20190308
F-Prot 20190308
F-Secure 20190308
Fortinet 20190308
GData 20190308
Ikarus 20190308
Sophos ML 20181128
Jiangmin 20190308
K7AntiVirus 20190308
K7GW 20190308
Kaspersky 20190308
Kingsoft 20190308
Malwarebytes 20190308
MAX 20190308
McAfee 20190308
McAfee-GW-Edition 20190308
Microsoft 20190307
eScan 20190308
NANO-Antivirus 20190308
Palo Alto Networks (Known Signatures) 20190308
Panda 20190308
Qihoo-360 20190308
Rising 20190308
SentinelOne (Static ML) 20190203
Sophos AV 20190308
SUPERAntiSpyware 20190307
Symantec 20190308
Symantec Mobile Insight 20190220
TACHYON 20190308
Tencent 20190308
TheHacker 20190304
Trapmine 20190301
Trustlook 20190308
VBA32 20190307
VIPRE 20190308
ViRobot 20190308
Webroot 20190308
Yandex 20190306
ZoneAlarm by Check Point 20190308
Zoner 20190308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) ALISA LTD 2019

Product Service yxugwjud
Original name yxugwjud
Internal name yxugwjud
File version 1.3.2.0
Description Background Tasks Host
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 6:59 PM 4/16/2019
Signers
[+] ALISA LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer Sectigo RSA Code Signing CA
Valid from 12:00 AM 02/22/2019
Valid to 11:59 PM 02/21/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint ACB38D45108C4F0C8894040646137C95E9BB39D8
Serial number 5D A1 73 EB 1A C7 63 40 AC 05 8E 1F F4 BF 5E 1B
[+] Sectigo RSA Code Signing CA
Status Valid
Issuer USERTrust RSA Certification Authority
Valid from 12:00 AM 11/02/2018
Valid to 11:59 PM 12/31/2030
Valid usage Code Signing, Timestamp Signing
Algorithm sha384RSA
Thumbprint 94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66
Serial number 1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A
[+] Sectigo
Status Valid
Issuer USERTrust RSA Certification Authority
Valid from 12:00 AM 02/01/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Serial number 01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-02 19:41:12
Entry Point 0x0009A42C
Number of sections 5
PE sections
Overlays
MD5 c3ca99d0de4db22bb7a19b5bb7cca5b8
File type data
Offset 1249280
Size 4984
Entropy 7.47
PE imports
SetSecurityDescriptorDacl
CloseServiceHandle
CryptReleaseContext
OpenProcessToken
CryptAcquireContextA
EnumDependentServicesW
OpenSCManagerW
CryptGenRandom
InitializeSecurityDescriptor
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
QueryServiceStatusEx
GetStdHandle
GetDriveTypeW
InterlockedPopEntrySList
WaitForSingleObject
FindFirstFileW
EncodePointer
CreateTimerQueue
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
MapViewOfFileEx
EnumSystemLocalesW
OpenFileMappingA
UnregisterWait
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetCommandLineA
GetThreadTimes
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
GetThreadPriority
FreeLibraryAndExitThread
CreateEventW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
SignalObjectAndWait
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
DeviceIoControl
TlsGetValue
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
RaiseException
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
DeleteTimerQueueTimer
RegisterWaitForSingleObject
CreateThread
InterlockedFlushSList
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ChangeTimerQueueTimer
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
QueryDepthSList
CompareStringW
GetModuleFileNameW
FindFirstFileExA
FindNextFileW
CreateTimerQueueTimer
CreateFileMappingA
FindNextFileA
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
ReadConsoleW
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetNativeSystemInfo
GetLastError
IsValidCodePage
InterlockedPushEntrySList
LCMapStringW
GetSystemInfo
GetConsoleCP
UnregisterWaitEx
GetTimeFormatW
GetEnvironmentStringsW
WaitForSingleObjectEx
VirtualFree
SwitchToThread
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
SetThreadAffinityMask
GetCurrentThread
QueryPerformanceFrequency
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
Wow64RevertWow64FsRedirection
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
GetLogicalProcessorInformation
CreateProcessA
GetNumaHighestNodeNumber
Wow64DisableWow64FsRedirection
UnmapViewOfFile
CreateProcessW
Sleep
VirtualAlloc
SHGetFolderPathW
SHGetFileInfoW
PathIsNetworkPathA
WSAStartup
WSACleanup
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.16

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.2.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Background Tasks Host

ImageFileCharacteristics
Executable, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Unicode

InitializedDataSize
322560

EntryPoint
0x9a42c

OriginalFileName
yxugwjud

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) ALISA LTD 2019

FileVersion
1.3.2.0

TimeStamp
2019:03:02 20:41:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
yxugwjud

ProductVersion
1.3.2.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ALISA LTD

CodeSize
935936

ProductName
Service yxugwjud

ProductVersionNumber
1.3.2.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 16bcc3b7f32c41e7c7222bf37fe39fe6
SHA1 a25bc5442c86bdeb0dec6583f0e80e241745fb73
SHA256 eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0
ssdeep
24576:uj/6CtkHRos9l+zan4Q6eQqF5ZgQibE2zkMiJHic9OuTw258tox6T9G0SKoRl:A/NtkHRos9l+zan4QTB/2zkPtBq2itoP

authentihash 6d0054dc32616687d9dbbc3cfe7148be157751b9bdfe55ace21a7aa46dd32be3
imphash 5ac063140bb65ee6bf5852bb45b1e9b6
File size 1.2 MB ( 1254264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2019-03-08 12:43:50 UTC ( 1 month, 2 weeks ago )
Last submission 2019-03-24 08:19:43 UTC ( 4 weeks, 1 day ago )
File names LockerGoga ransomware.exe
yxugwjud6698.exe
yxugwjud
LockerGoga ransomware
LockerGoga.exe
LockerGoga
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!