× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f48953a6c896707dd320f6d2433b8484f8410d3e794f584f5c86dfd59c390eb4
File name: 26e8663be637a75a44c17f497af44413.virus
Detection ratio: 39 / 62
Analysis date: 2017-03-16 01:52:44 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4426243 20170315
AhnLab-V3 Trojan/Win32.Cerber.R195514 20170315
ALYac Trojan.GenericKD.4426243 20170316
Antiy-AVL Trojan/Win32.TSGeneric 20170315
Arcabit Trojan.Generic.D438A03 20170315
AVG FileCryptor.NXT 20170315
Avira (no cloud) TR/Crypt.ZPACK.zocom 20170316
AVware Trojan.Win32.Generic!BT 20170315
BitDefender Trojan.GenericKD.4426243 20170315
CAT-QuickHeal Ransom.Genasom 20170315
CrowdStrike Falcon (ML) malicious_confidence_96% (D) 20170130
Emsisoft Trojan.GenericKD.4426243 (B) 20170315
Endgame malicious (moderate confidence) 20170222
ESET-NOD32 a variant of Win32/Injector.DLMH 20170316
F-Secure Trojan.GenericKD.4426243 20170315
Fortinet W32/Injector.DMJG!tr 20170315
GData Trojan.GenericKD.4426243 20170315
Sophos ML trojan.win32.dorv.a 20170203
Jiangmin Trojan.Crusis.fm 20170315
K7AntiVirus Trojan ( 00500d011 ) 20170315
K7GW Trojan ( 00500d011 ) 20170315
Kaspersky Trojan-Ransom.Win32.Crusis.py 20170315
Malwarebytes Trojan.PasswordStealer 20170315
McAfee Artemis!26E8663BE637 20170315
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20170315
Microsoft Trojan:Win32/Dynamer!ac 20170316
eScan Trojan.GenericKD.4426243 20170315
NANO-Antivirus Trojan.Win32.Filecoder.eltmtd 20170316
Panda Trj/Genetic.gen 20170315
Qihoo-360 HEUR/QVM18.1.0000.Malware.Gen 20170316
Rising Malware.Generic.5!tfe (cloud:5j15s0aQcz) 20170316
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV Mal/Isda-D 20170315
Symantec Trojan.Gen 20170315
TrendMicro Ransom_Crusis.R00XC0RCF17 20170316
VIPRE Trojan.Win32.Generic!BT 20170315
Webroot Malicious 20170316
Yandex Trojan.Filecoder!ZhojX05thpE 20170315
ZoneAlarm by Check Point Trojan-Ransom.Win32.Crusis.py 20170316
AegisLab 20170315
Alibaba 20170228
Avast 20170315
Baidu 20170315
Bkav 20170315
ClamAV 20170315
CMC 20170315
Comodo 20170315
Cyren 20170315
DrWeb 20170315
F-Prot 20170315
Ikarus 20170315
Kingsoft 20170316
nProtect 20170316
Palo Alto Networks (Known Signatures) 20170316
SUPERAntiSpyware 20170316
Tencent 20170316
TheHacker 20170315
TotalDefense 20170315
TrendMicro-HouseCall 20170316
Trustlook 20170316
VBA32 20170315
ViRobot 20170315
WhiteArmor 20170315
Zillya 20170314
Zoner 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-16 23:13:04
Entry Point 0x0002AA10
Number of sections 3
PE sections
Overlays
MD5 dfdf8525438ba5e154159e940e9b88cc
File type data
Offset 60416
Size 143823
Entropy 8.00
PE imports
BeginPath
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
GetAsyncKeyState
Number of PE resources by type
RT_BITMAP 1
RT_RIBBON_XML 1
Number of PE resources by language
FRENCH 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:17 00:13:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
9.0

EntryPoint
0x2aa10

InitializedDataSize
4096

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
114688

File identification
MD5 26e8663be637a75a44c17f497af44413
SHA1 49295ddf2207ee7c82d9005eebd2475df0efb6ee
SHA256 f48953a6c896707dd320f6d2433b8484f8410d3e794f584f5c86dfd59c390eb4
ssdeep
6144:mA4MThI6paUyMoSt2jx3/J/eShT/7nkpQaEMTrWwmjK:mA4uhIQDpoSQjxvJ/eI3kpQaEkrWwmjK

authentihash ae03dd564b709d01ad8a341fbfc221986957fb8dcbaed04e217bd35be9948981
imphash b2c6055690cd4afb7b8e792637e2fe32
File size 199.5 KB ( 204239 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2017-03-16 01:52:44 UTC ( 2 years ago )
Last submission 2017-03-16 01:52:44 UTC ( 2 years ago )
File names 26e8663be637a75a44c17f497af44413.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications