× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd218e093741316782ec4ec89f520d2962a4f3850cb5b04f9c2c9fde567dc23b
File name: AESxWin.exe
Detection ratio: 47 / 68
Analysis date: 2018-07-23 10:59:53 UTC ( 4 weeks, 1 day ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.Vortex.A 20180723
AegisLab Ransomer.Nea.Gen!c 20180723
AhnLab-V3 Trojan/Win32.FileCryptor.C1875123 20180723
ALYac Trojan.Ransom.Vortex 20180723
Antiy-AVL Trojan/Win32.BTSGeneric 20180723
Arcabit Trojan.Ransom.Vortex.A 20180723
Avast Win32:Malware-gen 20180723
AVG Win32:Malware-gen 20180723
Avira (no cloud) HEUR/AGEN.1001952 20180723
AVware Trojan.Win32.Generic!BT 20180723
BitDefender Trojan.Ransom.Vortex.A 20180723
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180530
Cybereason malicious.3947f1 20180225
Cylance Unsafe 20180723
Cyren W32/Trojan.KPUO-9109 20180723
DrWeb Trojan.Encoder.10436 20180723
Emsisoft Trojan.Ransom.Vortex.A (B) 20180723
ESET-NOD32 a variant of MSIL/Filecoder.FF 20180723
F-Secure Trojan.Ransom.Vortex.A 20180723
Fortinet MSIL/Generic.AP.9F510!tr 20180723
GData MSIL.Trojan-Ransom.Vortex.A 20180723
Ikarus Trojan-Ransom.FileCoder 20180723
Jiangmin Trojan.Agent.audc 20180723
K7AntiVirus Trojan ( 005082d71 ) 20180723
K7GW Trojan ( 005082d71 ) 20180723
Kaspersky Trojan-Ransom.Win32.Agent.aago 20180723
MAX malware (ai score=100) 20180723
McAfee GenericRXCB-UH!31329543947F 20180723
McAfee-GW-Edition GenericRXCB-UH!31329543947F 20180723
Microsoft Ransom:Win32/Polski.A 20180723
eScan Trojan.Ransom.Vortex.A 20180723
NANO-Antivirus Trojan.Win32.Agent.emobon 20180723
Palo Alto Networks (Known Signatures) generic.ml 20180723
Panda Trj/GdSda.A 20180722
Qihoo-360 Trojan.Generic 20180723
Rising Ransom.FileCryptor!8.1A7 (CLOUD) 20180723
Sophos AV Troj/Vortex-B 20180723
Symantec Trojan.Gen.2 20180723
Tencent Win32.Trojan.Agent.Lgji 20180723
TrendMicro Ransom_VORTEX.A 20180723
TrendMicro-HouseCall Ransom_VORTEX.A 20180723
VBA32 Trojan-Ransom.Agent 20180720
VIPRE Trojan.Win32.Generic!BT 20180723
Webroot W32.Trojan.Gen 20180723
Yandex Trojan.Filecoder!kBppiMfj/4Y 20180720
Zillya Trojan.Agent.Win32.766337 20180720
ZoneAlarm by Check Point Trojan-Ransom.Win32.Agent.aago 20180723
Alibaba 20180713
Avast-Mobile 20180723
Babable 20180406
Baidu 20180723
Bkav 20180723
CAT-QuickHeal 20180723
ClamAV 20180723
CMC 20180723
Comodo 20180723
eGambit 20180723
Endgame 20180711
F-Prot 20180723
Sophos ML 20180717
Kingsoft 20180723
Malwarebytes 20180723
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180722
TACHYON 20180723
TheHacker 20180723
TotalDefense 20180722
Trustlook 20180723
ViRobot 20180723
Zoner 20180723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Eslam Hamouda 2015

Product AESxWin
Original name AESxWin.exe
Internal name AESxWin.exe
File version 1.0.0.0
Description AESxWin
Comments Encrypt Files With AES
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-08 10:12:06
Entry Point 0x00048E5E
Number of sections 3
.NET details
Module Version ID 04373a8b-8dc9-4fca-8a35-8f40621733c4
TypeLib ID 3a83662f-b372-4a40-8ee4-1d559196254c
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
EslaMxSoft (Eslam Hamouda)

SubsystemVersion
6.0

Comments
Encrypt Files With AES

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
AESxWin

CharacterSet
Unicode

InitializedDataSize
115200

EntryPoint
0x48e5e

OriginalFileName
AESxWin.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Eslam Hamouda 2015

FileVersion
1.0.0.0

TimeStamp
2017:03:08 11:12:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AESxWin.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
EslaMxSoft (Eslam Hamouda)

CodeSize
290816

ProductName
AESxWin

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 31329543947f1ee13ce020c826fb4af5
SHA1 10fcf2dee3fa68c7676076623c0be570c67698a6
SHA256 fd218e093741316782ec4ec89f520d2962a4f3850cb5b04f9c2c9fde567dc23b
ssdeep
3072:oLHrpuLjrpquL1tKJLyQz60URkH1jvIl5P3cIl5P3BIKUPpc:OAPrpquL1cReRGxI/PsI/PxIZP

authentihash cf4bdffc8bbb74b35642abbe6a5888d5691af0457cbaf09963947cf1b8fa9548
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 397.0 KB ( 406528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-03-08 10:45:39 UTC ( 1 year, 5 months ago )
Last submission 2017-12-03 20:40:00 UTC ( 8 months, 2 weeks ago )
File names sample2.exe
fd218e093741316782ec4ec89f520d2962a4f3850cb5b04f9c2c9fde567dc23b.exe
AESxWin.exe
polish.exe
fd218e093741316782ec4ec89f520d2962a4f3850cb5b04f9c2c9fde567dc23b.exe
polish.exe
fd218e093741316782ec4ec89f520d2962a4f3850cb5b04f9c2c9fde567dc23b.exe
31329543947f1ee13ce020c826fb4af5.exe
polish
data
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!