× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ef07905923461ce13a3ca18ef6eb1833a8c8d327d47e9cc8641a2ca3d5ce97f3
File name: exp.exe
Detection ratio: 56 / 70
Analysis date: 2018-12-10 08:36:54 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.GandCrab.W 20181210
AegisLab Trojan.Win32.GandCrypt.4!c 20181210
AhnLab-V3 Trojan/Win32.Gandcrab.R247471 20181210
ALYac Trojan.Ransom.GandCrab.W 20181210
Antiy-AVL Trojan[Ransom]/Win32.GandCrypt 20181210
Arcabit Trojan.Ransom.GandCrab.W 20181210
Avast Win32:RansomX-gen [Ransom] 20181210
AVG Win32:RansomX-gen [Ransom] 20181210
Avira (no cloud) HEUR/AGEN.1036379 20181209
BitDefender Trojan.Ransom.GandCrab.W 20181210
Bkav W32.PorusidLTS.Trojan 20181208
CAT-QuickHeal Ransom.Gandcrab.S3989043 20181209
ClamAV Win.Ransomware.Gandcrab-6667060-0 20181210
Comodo TrojWare.Win32.Gandcrab.AA@7w10qu 20181210
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.8d7e9f 20180225
Cylance Unsafe 20181210
Cyren W32/Trojan.TYHU-0759 20181210
DrWeb Trojan.Encoder.26667 20181210
Emsisoft Trojan.Ransom.GandCrab.W (B) 20181210
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Filecoder.GandCrab.D 20181210
F-Prot W32/S-02398261!Eldorado 20181210
F-Secure Trojan.Ransom.GandCrab.W 20181210
Fortinet W32/GandCrab.D!tr 20181210
GData Trojan.Ransom.GandCrab.W 20181210
Ikarus Trojan-Ransom.GandCrab 20181209
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00536ba11 ) 20181210
K7GW Trojan ( 00536ba11 ) 20181210
Kaspersky Trojan-Ransom.Win32.GandCrypt.fbd 20181210
Malwarebytes Ransom.GandCrab 20181210
MAX malware (ai score=100) 20181210
McAfee Ran-GandCrabv4!DB947D361F3E 20181210
McAfee-GW-Edition BehavesLike.Win32.RanGandCrabv4.ch 20181210
Microsoft Ransom:Win32/Gandcrab.AW!bit 20181210
eScan Trojan.Ransom.GandCrab.W 20181210
NANO-Antivirus Trojan.Win32.GandCrypt.fjrarj 20181210
Palo Alto Networks (Known Signatures) generic.ml 20181210
Qihoo-360 HEUR/QVM20.1.A145.Malware.Gen 20181210
Rising Trojan.Filecoder!1.B42B (C64:YzY0OhhEyFNUiZDc) 20181210
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/GandCrab-E 20181210
SUPERAntiSpyware Ransom.GandCrab/Variant 20181205
Symantec Ransom.GandCrab!g4 20181209
TACHYON Ransom/W32.GandCrab.142336 20181210
Trapmine suspicious.low.ml.score 20181205
TrendMicro Ransom.Win32.GANDCRAB.SMK 20181210
TrendMicro-HouseCall Ransom.Win32.GANDCRAB.SMK 20181210
VBA32 BScope.TrojanRansom.Cryptor 20181207
ViRobot Trojan.Win32.Agent.142336.AE 20181209
Webroot W32.Malware.gen 20181210
Yandex Trojan.GandCrypt! 20181207
Zillya Trojan.GandCrypt.Win32.1154 20181208
ZoneAlarm by Check Point Trojan-Ransom.Win32.GandCrypt.fbd 20181210
Zoner Trojan.Gandcrab 20181207
Alibaba 20180921
Avast-Mobile 20181209
Babable 20180918
Baidu 20181207
CMC 20181209
eGambit 20181210
Jiangmin 20181210
Kingsoft 20181210
Panda 20181209
Symantec Mobile Insight 20181207
Tencent 20181210
TheHacker 20181202
TotalDefense 20181209
Trustlook 20181210
VIPRE 20181208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-26 08:47:08
Entry Point 0x00006229
Number of sections 5
PE sections
PE imports
GetTokenInformation
GetSidSubAuthorityCount
RegCreateKeyExW
GetSidSubAuthority
CryptGetKeyParam
OpenProcessToken
GetUserNameW
CryptDestroyKey
RegSetValueExW
CryptReleaseContext
RegOpenKeyExW
CryptExportKey
CryptAcquireContextW
CryptEncrypt
RegCloseKey
CryptGenKey
RegQueryValueExW
CryptImportKey
GetDeviceCaps
GetBitmapBits
DeleteDC
SetBitmapBits
SelectObject
GetStockObject
CreateFontW
SetPixel
GetPixel
GetDIBits
GetObjectW
CreateBitmap
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetStdHandle
GetDriveTypeW
WaitForSingleObject
GetDriveTypeA
EncodePointer
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
VirtualLock
lstrcatW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
GetDiskFreeSpaceW
GetTempPathW
GetStringTypeW
LocalFree
ConnectNamedPipe
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
LoadLibraryA
VerSetConditionMask
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
GetSystemDirectoryW
MoveFileExW
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
lstrcmpiA
GetOEMCP
GetTickCount
FlushFileBuffers
lstrcmpiW
RtlUnwind
UnlockFile
GetWindowsDirectoryW
OpenProcess
GetProcAddress
CreateNamedPipeW
GetProcessHeap
GetComputerNameW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
FindFirstFileW
lstrcmpW
FindFirstFileExW
WaitForMultipleObjects
CreateEventW
CreateFileW
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
GetShortPathNameW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GlobalAlloc
lstrlenW
Process32NextW
GetCurrentProcessId
GetCPInfo
GetCommandLineA
Process32FirstW
GetModuleHandleA
VirtualUnlock
ReadFile
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
IsValidCodePage
WriteFile
VirtualFree
Sleep
VirtualAlloc
WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW
NdrClientCall2
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
ReleaseDC
GetForegroundWindow
SetProcessWindowStation
DrawTextA
wsprintfA
FillRect
wsprintfW
SystemParametersInfoW
CreateWindowStationW
DrawTextW
GetDC
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoA
InternetOpenW
HttpOpenRequestW
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:26 09:47:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
80896

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x6229

InitializedDataSize
68096

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 db947d361f3e06b039a705a2728606fa
SHA1 f3cdae48d7e9f53667a1a7c5332c151f63cf61d0
SHA256 ef07905923461ce13a3ca18ef6eb1833a8c8d327d47e9cc8641a2ca3d5ce97f3
ssdeep
1536:JLMVCWvZ8URtqOz3d+1Qs6H9Mk2e3E2avMWC3yMgYxf6+okbdWsWjcdpQCaIxWzX:VM9ntZ3s1QJdnU2SQdf64ZZOCaIxWec

authentihash f5e549d782618ad0c1c36b151058949fb13e3ee99c18a6475232bd22eb315e37
imphash 34fc9f1d705d6f6d4e6c04b364ef13e0
File size 139.0 KB ( 142336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-04 01:31:51 UTC ( 5 months, 2 weeks ago )
Last submission 2018-12-10 05:44:22 UTC ( 5 months, 1 week ago )
File names exp.exe
exp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!