× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ef25bdbcf05fa478df3ddc5f4f717c070e443da04cfc590d44409c815f237cb3
File name: SF.exe
Detection ratio: 46 / 67
Analysis date: 2018-04-18 14:41:29 UTC ( 5 days, 14 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40189340 20180418
AegisLab Troj.Ransom.W32.Crypren!c 20180418
AhnLab-V3 Trojan/Win32.Crypren.C2465616 20180418
ALYac Trojan.Ransom.Spartacus 20180418
Antiy-AVL Trojan[Ransom]/Win32.Crypren 20180418
Arcabit Trojan.Generic.D2653D9C 20180418
Avast Win32:Malware-gen 20180418
AVG Win32:Malware-gen 20180418
Avira (no cloud) TR/Ransom.odaei 20180418
AVware Trojan.Win32.Generic!BT 20180418
BitDefender Trojan.GenericKD.40189340 20180418
CAT-QuickHeal Trojan.Occamy 20180418
Comodo UnclassifiedMalware 20180418
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180418
Cyren W32/Trojan.RRUP-6464 20180418
DrWeb Trojan.Encoder.25098 20180418
Emsisoft Trojan.GenericKD.40189340 (B) 20180418
ESET-NOD32 MSIL/Filecoder.MT 20180418
F-Secure Trojan.GenericKD.40189340 20180418
Fortinet W32/Crypren.AEII!tr 20180418
GData Trojan.GenericKD.40189340 20180418
Ikarus Trojan-Ransom.Spartacus 20180418
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052d79c1 ) 20180418
K7GW Trojan ( 0052d79c1 ) 20180418
Kaspersky Trojan-Ransom.Win32.Crypren.aeii 20180418
Malwarebytes Ransom.Spartacus 20180418
McAfee RDN/Ransom 20180418
McAfee-GW-Edition RDN/Ransom 20180417
Microsoft Trojan:Win32/Occamy.B 20180418
eScan Trojan.GenericKD.40189340 20180418
Palo Alto Networks (Known Signatures) generic.ml 20180418
Panda Trj/GdSda.A 20180418
Qihoo-360 Win32/Trojan.Ransom.f9b 20180418
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180418
Symantec Trojan.KillDiskmens 20180418
Tencent Win32.Trojan.Crypren.Hsta 20180418
TrendMicro Ransom_STACUS.THDAFAH 20180418
TrendMicro-HouseCall Ransom_STACUS.THDAFAH 20180418
VIPRE Trojan.Win32.Generic!BT 20180418
ViRobot Trojan.Win32.Z.Crypren.96768 20180418
Webroot W32.Trojan.GenKD 20180418
Yandex Trojan.Crypren!AkeYVfpKhN8 20180417
ZoneAlarm by Check Point Trojan-Ransom.Win32.Crypren.aeii 20180418
Alibaba 20180418
Avast-Mobile 20180418
Baidu 20180417
Bkav 20180410
ClamAV 20180418
CMC 20180418
Cybereason None
eGambit 20180418
Endgame 20180403
F-Prot 20180418
Jiangmin 20180418
Kingsoft 20180418
MAX 20180418
NANO-Antivirus 20180418
nProtect 20180418
Rising 20180418
SUPERAntiSpyware 20180418
Symantec Mobile Insight 20180412
TheHacker 20180415
Trustlook 20180418
VBA32 20180418
WhiteArmor 20180408
Zillya 20180418
Zoner 20180418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product SF
Original name SF.exe
Internal name SF.exe
File version 1.0.0.0
Description SF
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-19 20:36:44
Entry Point 0x00018ADE
Number of sections 4
.NET details
Module Version ID 14571411-da32-4db8-a450-341dc75e0f86
TypeLib ID 282b8d86-f33f-441e-8bb5-95903351be39
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2560

EntryPoint
0x18ade

OriginalFileName
SF.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
1.0.0.0

TimeStamp
2018:01:19 21:36:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SF.exe

ProductVersion
1.0.0.0

FileDescription
SF

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
93184

ProductName
SF

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 25dee2e70c931f3fa832a5b189117ce8
SHA1 a01294ffd541229718948e17f791694efb596123
SHA256 ef25bdbcf05fa478df3ddc5f4f717c070e443da04cfc590d44409c815f237cb3
ssdeep
1536:a/ig7VKL+3ansDh5uj79lqnhVRXeBLNzGtHxWztCLlKD9Y3cmVtbG4f1Yg7g:k3KSKe5+bqnh3eBLSRWztCLlKD9Y3cU6

authentihash 042ce3dd8dd83b7b5145205cbf462f8884fd7629e65289e50626e9b32d721c72
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 94.5 KB ( 96768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (79.2%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Win16/32 Executable Delphi generic (2.2%)
OS/2 Executable (generic) (2.1%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-04-08 23:42:46 UTC ( 2 weeks, 1 day ago )
Last submission 2018-04-16 15:13:29 UTC ( 1 week ago )
File names 25dee2e70c931f3fa832a5b189117ce8
ef25bdbcf05fa478df3ddc5f4f717c070e443da04cfc590d44409c815f237cb3._exe
SF.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!