× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f2a98724919f7c15c09532e9a102362839d02588ab078d8348801ad98d5470f6
File name: 6bf84d641c52c1d222986901006e854d
Detection ratio: 43 / 68
Analysis date: 2017-10-30 21:23:48 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.262207 20171030
AhnLab-V3 Trojan/Win32.Agent.C2212460 20171030
ALYac Gen:Variant.Zusy.262207 20171030
Antiy-AVL Trojan/Win32.Mansabo 20171030
Arcabit Trojan.Zusy.D4003F 20171030
Avast Win32:Malware-gen 20171030
AVG Win32:Malware-gen 20171030
Avira (no cloud) TR/Crypt.ZPACK.xkupb 20171030
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20171030
BitDefender Gen:Variant.Zusy.262207 20171030
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
Cylance Unsafe 20171030
Cyren W32/Locky.LRMK-2263 20171030
DrWeb Trojan.Trick.45135 20171030
Emsisoft Gen:Variant.Zusy.262207 (B) 20171030
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/TrickBot.V 20171030
F-Prot W32/Locky.QK 20171030
F-Secure Gen:Variant.Zusy.262207 20171030
Fortinet W32/Kryptik.FYAD!tr 20171030
GData Gen:Variant.Zusy.262207 20171030
Sophos ML heuristic 20170914
Jiangmin Backdoor.Androm.too 20171030
K7AntiVirus Trojan ( 0051a34b1 ) 20171030
K7GW Trojan ( 0051a34b1 ) 20171030
Kaspersky Trojan.Win32.Mansabo.zw 20171030
Malwarebytes Ransom.Cerber 20171030
MAX malware (ai score=87) 20171030
McAfee Ransomware-GHM!6BF84D641C52 20171030
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gc 20171030
Microsoft Ransom:Win32/HydraCrypt.B 20171030
eScan Gen:Variant.Zusy.262207 20171030
NANO-Antivirus Trojan.Win32.Trick.eukwmm 20171030
Palo Alto Networks (Known Signatures) generic.ml 20171030
Panda Trj/CI.A 20171030
Qihoo-360 Win32/Trojan.2bc 20171030
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/CerberW-A 20171030
Symantec Trojan.Gen.2 20171030
TrendMicro Ransom_HPCERBER.SMALY0A 20171030
TrendMicro-HouseCall Ransom_HPCERBER.SMALY0A 20171030
Webroot W32.Trojan.Gen 20171030
ZoneAlarm by Check Point Trojan.Win32.Mansabo.zw 20171030
AegisLab 20171030
Alibaba 20170911
Avast-Mobile 20171030
AVware 20171030
Bkav 20171030
CAT-QuickHeal 20171030
ClamAV 20171030
CMC 20171030
Comodo 20171030
Cybereason 20170628
eGambit 20171030
Ikarus 20171030
Kingsoft 20171030
nProtect 20171030
Rising 20171030
SUPERAntiSpyware 20171030
Symantec Mobile Insight 20171027
Tencent 20171030
TheHacker 20171028
TotalDefense 20171030
Trustlook 20171030
VBA32 20171030
VIPRE 20171030
ViRobot 20171030
WhiteArmor 20171024
Yandex 20171030
Zillya 20171030
Zoner 20171030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-24 09:24:12
Entry Point 0x000057A2
Number of sections 4
PE sections
Overlays
MD5 70c3ba9c65df02d8222624064ee996a5
File type data
Offset 90112
Size 415424
Entropy 7.78
PE imports
GetSystemTime
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetSystemInfo
VirtualProtect
GetOEMCP
QueryPerformanceCounter
HeapDestroy
HeapAlloc
IsBadWritePtr
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
IsBadReadPtr
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
TerminateProcess
LCMapStringA
IsValidCodePage
HeapCreate
VirtualQuery
VirtualFree
GetFileType
GetTickCount
IsBadCodePtr
ExitProcess
GetCurrentThreadId
GetLocaleInfoW
VirtualAlloc
Number of PE resources by type
RT_ICON 1
RT_MENU 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:10:24 10:24:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x57a2

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 6bf84d641c52c1d222986901006e854d
SHA1 2a8c224b59461c4978da1c77dcb3a8d98eabf0eb
SHA256 f2a98724919f7c15c09532e9a102362839d02588ab078d8348801ad98d5470f6
ssdeep
12288:fj3Rle+ciryAe3/xhBsFHxvJFBMUSsw5k1SIa05yeYNCMFEG5q/E:fjze+ciOh/xh4J/SIa05ydCMFEGw/E

authentihash 3d36968e9903f0a43d12c3a9186b0a19cb70aacca6b569b88962bbf482036247
imphash 49112f57b0403a33cb77a6280df68545
File size 493.7 KB ( 505536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-10-30 21:23:48 UTC ( 1 year, 3 months ago )
Last submission 2017-10-30 21:23:48 UTC ( 1 year, 3 months ago )
File names 6bf84d641c52c1d222986901006e854d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications