× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffd0f09a97baa854bd645c1ec160901a234c16afe57a08b5b3706fe5fe74b92c
File name: 11.exe
Detection ratio: 35 / 58
Analysis date: 2017-02-27 04:46:45 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4452362 20170227
AhnLab-V3 Trojan/Win32.Locky.R195837 20170226
Antiy-AVL Trojan[Ransom]/Win32.Locky 20170227
Arcabit Trojan.Generic.D43F00A 20170227
Avast Win32:Malware-gen 20170227
AVG Atros5.HOS 20170227
Avira (no cloud) TR/Crypt.ZPACK.jwgzo 20170226
AVware Trojan.Win32.Generic!BT 20170227
BitDefender Trojan.GenericKD.4452362 20170227
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
DrWeb Trojan.Encoder.10332 20170227
Emsisoft Trojan.GenericKD.4452362 (B) 20170227
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/GenKryptik.VVX 20170227
F-Secure Trojan.GenericKD.4452362 20170227
Fortinet W32/GenKryptik.VVX!tr 20170227
GData Trojan.GenericKD.4452362 20170227
Ikarus Trojan.Win32.Krypt 20170226
Jiangmin Trojan.Locky.dgv 20170226
K7AntiVirus Trojan ( 00506a6e1 ) 20170227
K7GW Trojan ( 00506a6e1 ) 20170227
Kaspersky Trojan-Ransom.Win32.Locky.xnp 20170227
Malwarebytes Ransom.Locky 20170227
McAfee RDN/Ransom 20170225
McAfee-GW-Edition RDN/Ransom 20170227
eScan Trojan.GenericKD.4452362 20170227
nProtect Ransom/W32.Locky.462848 20170227
Rising Trojan.Ransom-Locky!8.4655 (cloud:A6VqzZII46F) 20170227
Sophos AV Mal/Generic-S 20170227
Symantec Ransom.TeslaCrypt 20170226
Tencent Win32.Trojan.Raas.Auto 20170227
TrendMicro Ransom_LOCKY.DLDTAST 20170227
VIPRE Trojan.Win32.Generic!BT 20170227
ViRobot Trojan.Win32.Z.Locky.462848[h] 20170226
Webroot Malicious 20170227
AegisLab 20170227
Alibaba 20170227
ALYac 20170227
Baidu 20170224
Bkav 20170225
CAT-QuickHeal 20170225
ClamAV 20170227
CMC 20170226
Comodo 20170227
Cyren 20170227
F-Prot 20170227
Sophos ML 20170203
Kingsoft 20170227
Microsoft 20170227
NANO-Antivirus 20170227
Panda 20170226
Qihoo-360 20170227
SUPERAntiSpyware 20170226
TheHacker 20170223
TotalDefense 20170226
Trustlook 20170227
VBA32 20170224
WhiteArmor 20170222
Yandex 20170225
Zillya 20170224
Zoner 20170227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©Masters ITM. All rights reserved.

Product ChengCryptographic
Internal name ChengCryptographic
Description Van Surround Materials Researching Mailnickname
Comments Van Surround Materials Researching Mailnickname
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-23 11:47:56
Entry Point 0x00008316
Number of sections 4
PE sections
PE imports
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameW
IsValidSid
GetSidIdentifierAuthority
RegQueryValueExA
LsaAddAccountRights
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
AuthzInitializeContextFromSid
AuthzInitializeContextFromAuthzContext
AVIStreamRelease
AVIStreamGetFrameOpen
ImageList_ReplaceIcon
PatBlt
SaveDC
TextOutA
GetPixel
Rectangle
GetDeviceCaps
CreateDCA
DeleteDC
RestoreDC
SetBkMode
GetBitmapDimensionEx
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
FillRgn
CreateEllipticRgn
CreateBitmap
GetStockObject
ExtTextOutA
GetDIBits
CreateCompatibleDC
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
OpenFileMappingA
FreeEnvironmentStringsW
EnumTimeFormatsA
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
_lopen
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
LoadResource
InterlockedDecrement
SetLastError
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
_lclose
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetCPInfo
GetProcAddress
_lread
GetProcessHeap
CompareStringW
FindFirstFileA
CompareStringA
GlobalLock
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
UnmapViewOfFile
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
GradientFill
ICCompressorChoose
NetUserGetInfo
NetApiBufferFree
DsReplicaSyncA
OleCreatePictureIndirect
glLoadIdentity
glMatrixMode
RpcStringFreeA
UuidToStringA
UuidCreate
SHGetFileInfoA
SHBrowseForFolderA
SHAddToRecentDocs
ExtractIconExA
Shell_NotifyIconA
SetFocus
RedrawWindow
GetParent
UpdateWindow
GetScrollInfo
BeginPaint
EnumWindows
SendInput
GetCursorInfo
GetIconInfo
PostQuitMessage
DefWindowProcA
ShowWindow
SetClassLongA
FillRect
LoadBitmapA
SetWindowPos
DeferWindowPos
BeginDeferWindowPos
SetScrollPos
IsWindow
MessageBeep
GetWindowRect
DispatchMessageA
EndPaint
ScrollWindowEx
LoadStringA
VkKeyScanA
LoadImageA
CallNextHookEx
WindowFromPoint
MessageBoxA
DrawIcon
GetWindowLongA
TranslateMessage
GetSysColor
GetDC
RegisterClassExA
GetCursorPos
SystemParametersInfoA
EndDeferWindowPos
DestroyIcon
SendDlgItemMessageA
LockWindowUpdate
GetSystemMetrics
OffsetRect
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
GetDlgItem
GetDCEx
CreateIconIndirect
FrameRect
GetClassLongA
ScreenToClient
wsprintfA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
InvalidateRect
GetMenuStringA
RegisterHotKey
GetDesktopWindow
CallWindowProcA
GetFocus
SetWindowLongA
ReleaseDC
GetMenuItemCount
GetMessageA
SetCursorPos
SetPropW
PtInRect
GetFileVersionInfoSizeA
WinHttpOpen
timeGetTime
CryptCATPutAttrInfo
CryptCATOpen
CryptCATPersistStore
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
CoInitializeEx
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
GetHGlobalFromStream
CoRegisterClassObject
StringFromGUID2
CoSetProxyBlanket
SnmpUtilOidCpy
SnmpUtilOidFree
Number of PE resources by type
RT_DIALOG 15
RT_ICON 9
RT_CURSOR 8
PNG 7
TXT 5
RT_GROUP_CURSOR 4
BINDATA 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 53
PE resources
ExifTool file metadata
CodeSize
114176

SubsystemVersion
5.0

Comments
Van Surround Materials Researching Mailnickname

InitializedDataSize
347648

ImageVersion
0.0

ProductName
ChengCryptographic

FileVersionNumber
2.2.3.7

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
2.2.3.7

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2017:02:23 12:47:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChengCryptographic

ProductVersion
2.2.3.7

FileDescription
Van Surround Materials Researching Mailnickname

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright Masters ITM. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Masters ITM

LegalTrademarks
Copyright Masters ITM. All rights reserved.

FileSubtype
0

ProductVersionNumber
2.2.3.7

EntryPoint
0x8316

ObjectFileType
Executable application

File identification
MD5 ed428546d562febd364c727bc6d1e41a
SHA1 236f0ddcc996cf69bb3482b5c53344b702370930
SHA256 ffd0f09a97baa854bd645c1ec160901a234c16afe57a08b5b3706fe5fe74b92c
ssdeep
6144:X8BTefDE9FCDp6x7VXr9aWiXFxYfukpArX4CltEJXgYMfnsToYKzxIHq1FllyM:kTmIXQps7V9jCxYfZ8vWIeq4M

authentihash 6d6e407a8059fe0bab1c1005cfac1a35e455f6937ed093aa620e8dbb93bacfdc
imphash 310f77b09180d4218641443d05c088a3
File size 452.0 KB ( 462848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-23 13:28:17 UTC ( 1 year, 12 months ago )
Last submission 2017-07-12 13:34:31 UTC ( 1 year, 7 months ago )
File names aa
VirusShare_ed428546d562febd364c727bc6d1e41a
exe1.exe
11.exe
11.exe
Jq37.caj
ChengCryptographic
locky.exe
ffd0f09a97baa854_11.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications