× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa3b281bb47756b6cd17b6b0379249de33a230667f2dbb727931582ad11bd30e
File name: fa3b281bb47756b6cd17b6b0379249de33a230667f2dbb727931582ad11bd30e
Detection ratio: 50 / 68
Analysis date: 2018-10-15 14:26:25 UTC ( 2 days, 5 hours ago )
Antivirus Result Update
Ad-Aware Generic.Ransom.Purge.41211452 20181015
AhnLab-V3 Trojan/Win32.Purga.R208330 20181015
ALYac Trojan.Ransom.Globe 20181015
Antiy-AVL Trojan[Ransom]/Win32.CryptXXX 20181015
Arcabit Generic.Ransom.Purge.D274D63C 20181015
Avast FileRepMalware 20181015
AVG FileRepMalware 20181015
Avira (no cloud) HEUR/AGEN.1005348 20181015
BitDefender Generic.Ransom.Purge.41211452 20181015
CAT-QuickHeal Ransom.Genasom.A8 20181013
ClamAV Win.Ransomware.Purge-6185917-0 20181015
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cybereason malicious.c8ab75 20180225
Cylance Unsafe 20181015
Cyren W32/Trojan.XQJY-3203 20181015
DrWeb Trojan.Encoder.6182 20181015
Emsisoft Generic.Ransom.Purge.41211452 (B) 20181015
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/Filecoder.FS 20181015
F-Secure Generic.Ransom.Purge.41211452 20181015
Fortinet W32/Filecoder.FS!tr 20181015
GData Generic.Ransom.Purge.41211452 20181015
Ikarus Trojan.Win32.Filecoder 20181015
Sophos ML heuristic 20180717
Jiangmin Trojan.CryptXXX.zw 20181015
K7AntiVirus Trojan ( 0050d6e11 ) 20181015
K7GW Trojan ( 004f700b1 ) 20181015
Kaspersky Trojan-Ransom.Win32.Purga.af 20181015
MAX malware (ai score=100) 20181015
McAfee Artemis!C0F79EDC8AB7 20181015
McAfee-GW-Edition BehavesLike.Win32.Dropper.cc 20181015
Microsoft Ransom:Win32/Contentocrypt.A 20181015
eScan Generic.Ransom.Purge.41211452 20181015
NANO-Antivirus Trojan.Win32.CryptXXX.ekfbku 20181015
Palo Alto Networks (Known Signatures) generic.ml 20181015
Panda Trj/Genetic.gen 20181014
Qihoo-360 HEUR/QVM11.1.7898.Malware.Gen 20181015
Rising Ransom.Pulobe!8.E473 (CLOUD) 20181015
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181015
Symantec Trojan.Gen 20181015
Tencent Win32.Trojan.Purga.Szbj 20181015
TheHacker Posible_Worm32 20181015
TrendMicro Mal_Purge 20181015
TrendMicro-HouseCall Mal_Purge 20181015
VBA32 TScope.Trojan.Delf 20181015
Webroot W32.Malware.Gen 20181015
Yandex Trojan.Purga! 20181012
Zillya Trojan.Purga.Win32.40 20181012
ZoneAlarm by Check Point Trojan-Ransom.Win32.Purga.af 20181015
AegisLab 20181015
Alibaba 20180921
Avast-Mobile 20181015
Babable 20180918
Baidu 20181015
Bkav 20181014
CMC 20181015
Comodo 20181015
eGambit 20181015
F-Prot 20181015
Kingsoft 20181015
Malwarebytes 20181015
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181015
TotalDefense 20181015
Trustlook 20181015
VIPRE 20181015
ViRobot 20181015
Zoner 20181014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00076EC0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
PatBlt
WNetOpenEnumA
VariantCopy
ShellExecuteA
Number of PE resources by type
RT_STRING 8
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
126976

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x76ec0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
360448

File identification
MD5 c0f79edc8ab75c8084bd41d7f42349c6
SHA1 64ebe4f0950a0bee73bbc0c3f95c86a8604d3239
SHA256 fa3b281bb47756b6cd17b6b0379249de33a230667f2dbb727931582ad11bd30e
ssdeep
3072:j3qvHxwzrXnS9CEFE5TZ8m1P7C1WNkqGzn2kgNplm1:reHgYLm1z1klfgO

authentihash 512979bd65f73cf2a9763e06b51e166b67f801fdaf0a7b5a8d4c4c2ad531f6f4
imphash 576105d26d85b12d782914793f27207c
File size 123.0 KB ( 125952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-02-27 21:19:51 UTC ( 1 year, 7 months ago )
Last submission 2018-05-18 04:07:21 UTC ( 5 months ago )
File names fa3b281bb47756b6cd17b6b0379249de33a230667f2dbb727931582ad11bd30e
Win32.Ransom.Globe@fa3b281bb47756b6cd17b6b0379249de33a230667f2dbb727931582ad11bd30e.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Shell commands
Runtime DLLs
UDP communications