× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f921949f9bf653b37fb73065834141862dc433ca12db8905f07face35f2d652a
File name: sry.exe
Detection ratio: 41 / 68
Analysis date: 2018-04-15 17:19:00 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40200740 20180415
AegisLab Troj.W32.Gen.lCFe 20180415
AhnLab-V3 Trojan/Win32.RansomCrypt.C2463990 20180415
ALYac Trojan.GenericKD.40200740 20180415
Antiy-AVL Trojan[Backdoor]/Win32.Mokes 20180415
Arcabit Trojan.Generic.D2656A24 20180415
Avast Win32:Malware-gen 20180415
AVG Win32:Malware-gen 20180415
Avira (no cloud) TR/Crypt.Xpack.xogwa 20180415
AVware Trojan.Win32.Generic!BT 20180415
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180413
BitDefender Trojan.GenericKD.40200740 20180415
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cybereason malicious.bcfd52 20180225
Cylance Unsafe 20180415
Cyren W32/Trojan.DDEB-2697 20180415
DrWeb Trojan.Encoder.24384 20180415
Emsisoft Trojan.GenericKD.40200740 (B) 20180415
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GFPF 20180415
F-Secure Trojan.GenericKD.40200740 20180415
Fortinet W32/Kryptik.GFHY!tr 20180415
GData Trojan.GenericKD.40200740 20180415
Sophos ML heuristic 20180121
K7GW Trojan ( 0052dcb21 ) 20180415
Kaspersky Trojan.Win32.IRCbot.bhic 20180415
Malwarebytes Trojan.MalPack 20180415
MAX malware (ai score=96) 20180415
McAfee RDN/Generic.hbg 20180415
McAfee-GW-Edition BehavesLike.Win32.Downloader.mh 20180415
Microsoft Trojan:Win32/Dynamer!rfn 20180415
eScan Trojan.GenericKD.40200740 20180415
Palo Alto Networks (Known Signatures) generic.ml 20180415
Panda Trj/Genetic.gen 20180415
Qihoo-360 HEUR/QVM10.1.7C6D.Malware.Gen 20180415
Sophos AV Mal/Generic-S 20180415
Symantec Trojan.Gen.2 20180414
TrendMicro-HouseCall TROJ_GEN.R011C0DDF18 20180415
VIPRE Trojan.Win32.Generic!BT 20180415
Webroot W32.Trojan.Gen 20180415
ZoneAlarm by Check Point Trojan.Win32.IRCbot.bhic 20180415
Alibaba 20180413
Avast-Mobile 20180415
Bkav 20180410
CAT-QuickHeal 20180415
ClamAV 20180415
CMC 20180415
Comodo 20180415
eGambit 20180415
F-Prot 20180415
Ikarus 20180415
Jiangmin 20180415
K7AntiVirus 20180415
Kingsoft 20180415
NANO-Antivirus 20180415
nProtect 20180415
Rising 20180415
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180415
Symantec Mobile Insight 20180412
Tencent 20180415
TheHacker 20180410
TotalDefense 20180415
TrendMicro 20180415
Trustlook 20180415
VBA32 20180414
ViRobot 20180415
WhiteArmor 20180408
Yandex 20180414
Zillya 20180413
Zoner 20180414
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, gemkerzeip

Internal name toofirtyless.exe
File version 5.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-13 16:14:19
Entry Point 0x00001F07
Number of sections 5
PE sections
PE imports
ReportEventA
GetLogColorSpaceA
GetPolyFillMode
GetTextMetricsA
CheckColorsInGamut
CreateRoundRectRgn
GetTextExtentPointW
LineDDA
Ellipse
GetDeviceGammaRamp
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
LocalLock
GetDriveTypeW
LCMapStringW
GetStartupInfoW
lstrlenA
LoadLibraryW
SetTapeParameters
SetEvent
QueryPerformanceCounter
EncodePointer
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
WinExec
GetStdHandle
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
EnterCriticalSection
GetStringTypeW
GetCurrentProcessId
lstrcatA
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
LoadModule
FreeEnvironmentStringsW
FindVolumeMountPointClose
GetProcAddress
SetSystemTimeAdjustment
WritePrivateProfileStringW
GetModuleFileNameW
WideCharToMultiByte
WriteProfileSectionW
TlsFree
DebugBreakProcess
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
GetSystemTimeAsFileTime
PeekConsoleInputA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
TerminateProcess
InitAtomTable
SetHandleCount
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
SetWindowsHookW
DrawAnimatedRects
CloseWindow
CreateMDIWindowW
SetPropA
GetInputState
GrayStringA
LoadCursorW
AppendMenuW
GetWindowTextLengthW
GetWindowTextA
SetClassLongA
ClientToScreen
ReplyMessage
GetDC
InsertMenuItemA
OleMetafilePictFromIconAndLabel
OleSetMenuDescriptor
CoInitialize
Number of PE resources by type
RT_STRING 12
RT_BITMAP 2
NYONHBW 1
GINILEVUSUBO 1
XOFEZAVUYUBOKEJUNIKUDI 1
RT_ICON 1
TUSIDAFOHIXEKAHOTIYIWIFUVUDAMO 1
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 23
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.3.0.6

LanguageCode
English (British)

FileFlagsMask
0x001f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
76288

EntryPoint
0x1f07

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017, gemkerzeip

FileVersion
5.0.0.0

TimeStamp
2018:04:13 18:14:19+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
toofirtyless.exe

ProductVersion
5.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
19968

FileSubtype
0

ProductVersionNumber
1.3.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 02bda9c123b988e86b83d99b8a4bd0b4
SHA1 9433b94bcfd52ba9745792ed534a41f8ee60b0cc
SHA256 f921949f9bf653b37fb73065834141862dc433ca12db8905f07face35f2d652a
ssdeep
1536:GYLXQCVvKyhwA1kUrYQLxvMlR6LOAnVz3HSNY1rzCNq:ljQgjwASUrRLOsJ3HnBB

authentihash 8420b0fb793ff4f09843b9de53a81a1e86685acd8795bffe4b9d7edaa8e1738e
imphash e2923526c1025bf81115648776bcac8d
File size 88.5 KB ( 90624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-14 06:25:06 UTC ( 1 year ago )
Last submission 2018-05-12 17:54:32 UTC ( 11 months, 1 week ago )
File names 02bda9c123b988e86b83d99b8a4bd0b4.virus
toofirtyless.exe
sry.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections