× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd218e093741316782ec4ec89f520d2962a4f3850cb5b04f9c2c9fde567dc23b
File name: AESxWin.exe
Detection ratio: 48 / 68
Analysis date: 2018-01-11 11:33:20 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.Vortex.A 20180111
AegisLab Ransomer.Nea.Gen!c 20180111
AhnLab-V3 Trojan/Win32.FileCryptor.C1875123 20180111
ALYac Trojan.Ransom.Vortex 20180111
Antiy-AVL Trojan/Win32.BTSGeneric 20180111
Arcabit Trojan.Ransom.Vortex.A 20180111
Avast Win32:Malware-gen 20180111
AVG Win32:Malware-gen 20180111
AVware Trojan.Win32.Generic!BT 20180103
BitDefender Trojan.Ransom.Vortex.A 20180111
Comodo TrojWare.MSIL.Filecoder.~FF 20180111
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180111
Cyren W32/Trojan.KPUO-9109 20180111
DrWeb Trojan.Encoder.10436 20180111
Emsisoft Trojan.Ransom.Vortex.A (B) 20180111
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of MSIL/Filecoder.FF 20180111
F-Secure Trojan.Ransom.Vortex.A 20180111
Fortinet MSIL/Generic.AP.9F510!tr 20180111
GData MSIL.Trojan-Ransom.Vortex.A 20180111
Ikarus Trojan-Ransom.FileCoder 20180111
Sophos ML heuristic 20170914
Jiangmin Trojan.Agent.audc 20180111
K7AntiVirus Trojan ( 005082d71 ) 20180111
K7GW Trojan ( 005082d71 ) 20180111
Kaspersky Trojan-Ransom.Win32.Agent.aago 20180111
MAX malware (ai score=100) 20180111
McAfee RDN/Ransom 20180110
McAfee-GW-Edition RDN/Ransom 20180111
Microsoft Ransom:Win32/Polski.A 20180111
eScan Trojan.Ransom.Vortex.A 20180111
NANO-Antivirus Trojan.Win32.Agent.emobon 20180111
Palo Alto Networks (Known Signatures) generic.ml 20180111
Panda Trj/GdSda.A 20180110
Qihoo-360 Trojan.Generic 20180111
Sophos AV Troj/Vortex-B 20180111
Symantec Trojan.Gen.2 20180111
Tencent Win32.Trojan.Agent.Lgji 20180111
TrendMicro Ransom_VORTEX.A 20180111
TrendMicro-HouseCall Ransom_VORTEX.A 20180111
VBA32 Trojan-Ransom.Agent 20180110
VIPRE Trojan.Win32.Generic!BT 20180111
Webroot W32.Trojan.Gen 20180111
Yandex Trojan.Filecoder!kBppiMfj/4Y 20180109
Zillya Trojan.Agent.Win32.766337 20180110
ZoneAlarm by Check Point Trojan-Ransom.Win32.Agent.aago 20180111
Alibaba 20180111
Avast-Mobile 20180111
Avira (no cloud) 20180111
Baidu 20180111
Bkav 20180111
CAT-QuickHeal 20180111
ClamAV 20180111
CMC 20180111
eGambit 20180111
F-Prot 20180111
Kingsoft 20180111
Malwarebytes 20180111
nProtect 20180111
Rising 20180111
SentinelOne (Static ML) 20171224
SUPERAntiSpyware 20180111
Symantec Mobile Insight 20180111
TheHacker 20180108
TotalDefense 20180111
Trustlook 20180111
ViRobot 20180111
WhiteArmor 20180110
Zoner 20180111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Eslam Hamouda 2015

Product AESxWin
Original name AESxWin.exe
Internal name AESxWin.exe
File version 1.0.0.0
Description AESxWin
Comments Encrypt Files With AES
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-08 10:12:06
Entry Point 0x00048E5E
Number of sections 3
.NET details
Module Version ID 04373a8b-8dc9-4fca-8a35-8f40621733c4
TypeLib ID 3a83662f-b372-4a40-8ee4-1d559196254c
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
EslaMxSoft (Eslam Hamouda)

SubsystemVersion
6.0

Comments
Encrypt Files With AES

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
AESxWin

CharacterSet
Unicode

InitializedDataSize
115200

EntryPoint
0x48e5e

OriginalFileName
AESxWin.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Eslam Hamouda 2015

FileVersion
1.0.0.0

TimeStamp
2017:03:08 11:12:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AESxWin.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
EslaMxSoft (Eslam Hamouda)

CodeSize
290816

ProductName
AESxWin

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 31329543947f1ee13ce020c826fb4af5
SHA1 10fcf2dee3fa68c7676076623c0be570c67698a6
SHA256 fd218e093741316782ec4ec89f520d2962a4f3850cb5b04f9c2c9fde567dc23b
ssdeep
3072:oLHrpuLjrpquL1tKJLyQz60URkH1jvIl5P3cIl5P3BIKUPpc:OAPrpquL1cReRGxI/PsI/PxIZP

authentihash cf4bdffc8bbb74b35642abbe6a5888d5691af0457cbaf09963947cf1b8fa9548
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 397.0 KB ( 406528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (63.1%)
Win64 Executable (generic) (23.8%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-03-08 10:45:39 UTC ( 1 year, 1 month ago )
Last submission 2017-12-03 20:40:00 UTC ( 4 months, 3 weeks ago )
File names sample2.exe
fd218e093741316782ec4ec89f520d2962a4f3850cb5b04f9c2c9fde567dc23b.exe
AESxWin.exe
polish.exe
fd218e093741316782ec4ec89f520d2962a4f3850cb5b04f9c2c9fde567dc23b.exe
polish.exe
fd218e093741316782ec4ec89f520d2962a4f3850cb5b04f9c2c9fde567dc23b.exe
31329543947f1ee13ce020c826fb4af5.exe
polish
data
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!