× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f927efd7cd2da3a052d857632f78ccf04b673e2774f6ce9a075e654dfd77d940
File name: 87h754.exe
Detection ratio: 2 / 55
Analysis date: 2016-02-24 16:37:44 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160224
VBA32 suspected of Trojan.Downloader.gen.h 20160224
Ad-Aware 20160224
AegisLab 20160224
Yandex 20160221
AhnLab-V3 20160224
Alibaba 20160224
ALYac 20160224
Antiy-AVL 20160224
Arcabit 20160224
Avast 20160224
AVG 20160224
Avira (no cloud) 20160224
AVware 20160224
Baidu-International 20160224
BitDefender 20160224
Bkav 20160224
ByteHero 20160224
CAT-QuickHeal 20160224
ClamAV 20160224
CMC 20160223
Comodo 20160224
Cyren 20160224
DrWeb 20160224
Emsisoft 20160224
ESET-NOD32 20160224
F-Prot 20160224
F-Secure 20160224
Fortinet 20160224
GData 20160224
Ikarus 20160224
Jiangmin 20160224
K7AntiVirus 20160224
K7GW 20160224
Kaspersky 20160224
Malwarebytes 20160224
McAfee 20160224
McAfee-GW-Edition 20160224
Microsoft 20160224
eScan 20160224
NANO-Antivirus 20160224
nProtect 20160224
Panda 20160223
Rising 20160224
Sophos AV 20160224
SUPERAntiSpyware 20160224
Symantec 20160224
Tencent 20160224
TheHacker 20160222
TrendMicro 20160224
TrendMicro-HouseCall 20160224
VIPRE 20160224
ViRobot 20160224
Zillya 20160223
Zoner 20160224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-22 14:53:35
Entry Point 0x0001A338
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InterlockedCompareExchange
TlsFree
GetCurrentThread
GetModuleHandleA
WideCharToMultiByte
GetStringTypeA
SetFilePointer
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetVersion
VirtualAlloc
SetLastError
LeaveCriticalSection
SHQueryInfoKeyA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:01:22 15:53:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
118784

LinkerVersion
7.1

EntryPoint
0x1a338

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 3f118d0b888430ab9f58fc2589207988
SHA1 1231e4a00c3da3ae8001a0620bae1242ef95d095
SHA256 f927efd7cd2da3a052d857632f78ccf04b673e2774f6ce9a075e654dfd77d940
ssdeep
1536:nMBT3vXuo4fsgMmSIOfGbBeZ4Ao2rf86eeyfSHOg2eCl2N/R/O/7elOjTbD8VY+:nMxRNAOfGFeZDIJBOZc2N5WDy68i+

authentihash 482b68a795b1987af2f930c70636fe542275cba135f561a5f89c3d407ae412f5
imphash daa1e1ea4daadf60cc4e3a1e8f6a75f4
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-24 15:12:39 UTC ( 1 year, 9 months ago )
Last submission 2017-08-21 04:17:32 UTC ( 3 months ago )
File names hg8JbVQN
3yQJIkxM.bin
88668644
index.html.exe
WjyMPkJP.exe
yqpJhtuxo.exe1
virus.exe
hAUDVIiI.exe
locky.exe
hgZX2qo_
Setup.exe
hkLIgVcKu.exe
download
locky
87h754.ex_
PpCRXaXkF.exe
87h754.exe_virus
test.test
fxbvkhcbd.exe
Oghm74pw
87h754(1)
87h754.exe
87h754[1].tx_
foo.txt
hkligvcku.locky
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications