× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f46daaa2a6c046d4d2f28b63d1d91e316756112d06223a6dfae2c45fc21b92b0
File name: output.112668208.txt
Detection ratio: 51 / 68
Analysis date: 2018-01-05 03:24:47 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12690971 20171225
AegisLab Uds.Dangerousobject.Multi!c 20180105
AhnLab-V3 Trojan/Win32.Magniber.R216083 20180104
ALYac Trojan.Ransom.GlobeImposter 20180105
Antiy-AVL Trojan/Win32.BTSGeneric 20180103
Arcabit Trojan.Generic.DC1A61B 20180105
Avast Win32:Malware-gen 20180105
AVG Win32:Malware-gen 20180105
Avira (no cloud) TR/Crypt.Xpack.gugwe 20180105
AVware Trojan.Win32.Generic!BT 20180103
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9987 20180104
BitDefender Trojan.GenericKD.12690971 20180105
CAT-QuickHeal Trojan.Multi 20180104
Comodo UnclassifiedMalware 20180105
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cylance Unsafe 20180105
Cyren W32/Ransom.IU.gen!Eldorado 20180105
DrWeb Trojan.Encoder.23992 20180105
Emsisoft Trojan.GenericKD.12690971 (B) 20180105
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GAWB 20180105
F-Prot W32/Ransom.IU.gen!Eldorado 20180105
F-Secure Trojan.GenericKD.12690971 20180105
Fortinet Generik.FAVEXCN!tr 20180105
GData Win32.Trojan-Ransom.GlobeImposter.J 20180105
Ikarus Trojan.SuspectCRC 20180104
Sophos ML heuristic 20170914
Jiangmin TrojanDropper.Macrodrop.m 20180105
K7AntiVirus Trojan ( 005212321 ) 20180105
K7GW Trojan ( 005212321 ) 20180104
Kaspersky Trojan-Ransom.Win32.Crypmod.yti 20180105
MAX malware (ai score=99) 20180105
McAfee RDN/Generic.dx 20180102
McAfee-GW-Edition BehavesLike.Win32.Multiplug.ch 20180105
Microsoft Ransom:Win32/Ergop 20180104
eScan Trojan.GenericKD.12690971 20180105
NANO-Antivirus Trojan.Win32.GenKryptik.ewggtn 20180105
Palo Alto Networks (Known Signatures) generic.ml 20180105
Panda Trj/Genetic.gen 20180104
Qihoo-360 Trojan.Generic 20180105
Rising Malware.Obscure/Heur!1.A89E (CLASSIC) 20180105
Sophos AV Troj/Ransom-ETZ 20180105
Symantec Ransom.CryptXXX 20180105
Tencent Suspicious.Heuristic.Gen.b.0 20180105
TrendMicro Ransom_FAKEGLOBE.ASUVB 20180105
TrendMicro-HouseCall Ransom_FAKEGLOBE.ASUVB 20180105
VIPRE Trojan.Win32.Generic!BT 20180105
ViRobot Trojan.Win32.GlobeImposter.195584 20180104
Webroot W32.Trojan.Gen 20180105
Zillya Trojan.Crypmod.Win32.476 20180104
ZoneAlarm by Check Point Trojan-Ransom.Win32.Crypmod.yti 20180105
Alibaba 20180105
Avast-Mobile 20180104
Bkav 20180104
ClamAV 20180104
CMC 20180104
Cybereason 20171103
eGambit 20180105
Kingsoft 20180105
Malwarebytes 20180105
nProtect 20180105
SentinelOne (Static ML) 20171224
SUPERAntiSpyware 20180105
TheHacker 20180103
TotalDefense 20180104
Trustlook 20180105
VBA32 20180104
WhiteArmor 20171226
Yandex 20171229
Zoner 20180105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-20 11:12:46
Entry Point 0x000036E0
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorControl
GetUserNameA
InitiateSystemShutdownA
OpenEventLogW
LookupPrivilegeNameW
StretchBlt
FillPath
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
ExitProcess
TlsAlloc
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetProcessId
HeapAlloc
GetCurrentProcess
GetStartupInfoW
GetWindowsDirectoryW
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetCPInfo
GetCommProperties
LoadLibraryExW
MultiByteToWideChar
GetAtomNameW
SetFilePointerEx
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
AddAtomW
HeapSize
SetStdHandle
RaiseException
GetFileSizeEx
WideCharToMultiByte
TlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
GetTempPathW
SetProcessWorkingSetSize
CloseHandle
IsProcessorFeaturePresent
GetProcessWorkingSetSize
GetThreadTimes
GetSystemTimes
GetACP
GetLongPathNameW
GetStringTypeW
GetModuleHandleW
GetProcessAffinityMask
ReadConsoleW
GetSystemTimeAdjustment
GetFileType
TerminateProcess
GetThreadPriority
GetProcessHandleCount
GetProcessShutdownParameters
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
WriteFile
CreateFileW
GlobalAlloc
GetEnvironmentStringsW
TlsGetValue
Sleep
SetLastError
SetEndOfFile
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcessHeap
WriteConsoleW
LeaveCriticalSection
GradientFill
ShowScrollBar
SetScrollRange
GetPropW
SetPropW
Number of PE resources by type
RT_ICON 14
RT_STRING 4
RT_GROUP_ICON 2
RT_DIALOG 1
RT_GROUP_CURSOR 1
UPPSQ 1
RT_CURSOR 1
Number of PE resources by language
NEUTRAL 24
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:12:20 12:12:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
68096

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x36e0

InitializedDataSize
1161216

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b6166a47509429d3ffedbd100e87bd78
SHA1 8c0cf82dd80293ed029269f25fad42b6c3570e0a
SHA256 f46daaa2a6c046d4d2f28b63d1d91e316756112d06223a6dfae2c45fc21b92b0
ssdeep
3072:3+8+j2u8X07yC+fO+Akcqxq+kZt2OLu4BkskBH3uIv/20xNY6dh90JoHi:K2rCEO+vEVqeLkBNv9DY6dhcoHi

authentihash 6fd7f5a78e2ec9cae1c78df3039a160bc7a3497f64e8aab1bbd30fbc5f6d1b0e
imphash 3fca54c883b0bb36e4a2a945881da664
File size 191.0 KB ( 195584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-20 17:10:33 UTC ( 1 year, 1 month ago )
Last submission 2019-01-07 02:01:49 UTC ( 2 weeks ago )
File names PsmGr36d.exe
b6166a47509429d3ffedbd100e87bd78_exe
6c2acdb8-e703-11e7-a829-80e65024849a.file
output.112668208.txt
JVkQDkmSTKS.exe
FILE_47.1
b6166a47509429d3ffedbd100e87bd78.exe
PsmGr36d[1].txt.2.dr
noname.ext
VirusShare_b6166a47509429d3ffedbd100e87bd78
6c2acdb8-e703-11e7-a829-80e65024849a.file
cf416326-e9b5-11e7-b014-80e65024849a.file
b6166a47.gxe
PsmGr36d
8c0cf82dd80293ed029269f25fad42b6c3570e0a.exe
cf416326-e9b5-11e7-b014-80e65024849a.file
6c2acdb8-e703-11e7-a829-80e65024849a.file
cf416326-e9b5-11e7-b014-80e65024849a.file
PsmGr36d.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Runtime DLLs
UDP communications