× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 2c9599396f8267baa20e89bab33b323ae98497f855534a8b2a629af502539cfe
Nombre: t11.exe
Detecciones: 52 / 69
Fecha de análisis: 2018-10-09 18:21:05 UTC ( hace 1 semana, 6 días )
Antivirus Resultado Actualización
Ad-Aware Gen:Heur.Ransom.REntS.Gen.1 20181009
AegisLab Trojan.Win32.Generic.4!c 20181009
AhnLab-V3 Trojan/Win32.Ransom.C1284673 20181009
ALYac Gen:Heur.Ransom.REntS.Gen.1 20181009
Antiy-AVL Trojan/Win32.AGeneric 20181009
Arcabit Trojan.Ransom.REntS.Gen.1 20181009
Avast Win32:Malware-gen 20181009
AVG Win32:Malware-gen 20181009
Avira (no cloud) HEUR/AGEN.1022935 20181009
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Gen:Heur.Ransom.REntS.Gen.1 20181009
Bkav W32.SmagtaKF.Trojan 20181009
CAT-QuickHeal Ransom.MSIL.Zuquitache.A3 20181008
ClamAV Win.Trojan.Agent-1388055 20181009
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.34db87 20180225
Cylance Unsafe 20181009
Cyren W32/Trojan.GIPN-4185 20181009
DrWeb Trojan.DownLoader18.21693 20181009
Emsisoft Gen:Heur.Ransom.REntS.Gen.1 (B) 20181009
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/Filecoder.AF 20181009
F-Secure Gen:Heur.Ransom.REntS.Gen.1 20181009
Fortinet W32/Generic.AF!tr 20181009
GData MSIL.Trojan-Ransom.Cryptear.H 20181009
Ikarus Trojan.MSIL.Filecoder 20181009
Jiangmin Trojan.Generic.irwc 20181009
K7AntiVirus Riskware ( 0040eff71 ) 20181009
K7GW Riskware ( 0040eff71 ) 20181009
Kaspersky HEUR:Trojan.Win32.Generic 20181009
MAX malware (ai score=100) 20181009
McAfee Ransomware-FTD!50881C434DB8 20181009
McAfee-GW-Edition Ransomware-FTD!50881C434DB8 20181009
Microsoft Ransom:MSIL/Zuquitache.A 20181009
eScan Gen:Heur.Ransom.REntS.Gen.1 20181009
NANO-Antivirus Trojan.Win32.Dwn.dzyoxk 20181009
Palo Alto Networks (Known Signatures) generic.ml 20181009
Panda Trj/GdSda.A 20181009
Qihoo-360 Win32/Trojan.160 20181009
Rising Trojan.Ransom!1.A42C (CLASSIC) 20181009
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Troj/Cryptear-A 20181009
SUPERAntiSpyware Trojan.Agent/Gen-Ransom 20181006
Symantec Infostealer.Limitail 20181009
Tencent Trojan.Win32.HiBuddy.a 20181009
TrendMicro Ransom_CRYPZUQUIT.SMA 20181009
TrendMicro-HouseCall Ransom_CRYPZUQUIT.SMA 20181009
VBA32 TScope.Trojan.MSIL 20181009
VIPRE Trojan.Win32.Generic!BT 20181009
Webroot W32.Malware.Gen 20181009
Yandex Trojan.Agent!6cX6mUQDWWs 20181008
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181009
Alibaba 20180921
Avast-Mobile 20181009
Babable 20180918
Baidu 20181009
CMC 20181009
Comodo 20181009
eGambit 20181009
F-Prot 20181009
Sophos ML 20180717
Kingsoft 20181009
Malwarebytes 20181009
Symantec Mobile Insight 20181001
TACHYON 20181009
TheHacker 20181008
TotalDefense 20181009
Trustlook 20181009
ViRobot 20181009
Zillya 20181009
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2015

Product t11
Original name t11.exe
Internal name t11.exe
File version 1.0.0.0
Description t11
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-20 14:12:22
Entry Point 0x0000777E
Number of sections 3
.NET details
Module Version ID 6befc1b7-72f5-458e-9621-d7417dd205d5
TypeLib ID 7542b03c-b8ba-4574-860e-5ca59fd3e353
PE sections
Overlays
MD5 ba70e20ea0f5dcb805ad828ec80f88ce
File type ASCII text
Offset 25088
Size 51
Entropy 4.68
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
t11

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x777e

OriginalFileName
t11.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015

FileVersion
1.0.0.0

TimeStamp
2015:12:20 15:12:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
t11.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
22528

ProductName
t11

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 50881c434db8730bfc5e67bccf573ec2
SHA1 393c2a157d52301405d1594cbcb694c6d2931296
SHA256 2c9599396f8267baa20e89bab33b323ae98497f855534a8b2a629af502539cfe
ssdeep
768:lWACR8PGlIb65mr6Bvu/0s5yTHkvm6892bojB44BCdpsuuE:gACR8PGlIb65mr6BvS0s5ywvm6892bMQ

authentihash de609a03c078c950c60a4ea21b85a933ed098c640dcf4af2b58e509b99479bd0
imphash f34d5f2d4577ed6d9ceec516c1f5a744
Tamaño del fichero 24.5 KB ( 25139 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe via-tor assembly overlay

VirusTotal metadata
First submission 2016-01-31 12:00:25 UTC ( hace 2 años, 8 meses )
Last submission 2018-10-09 18:21:05 UTC ( hace 1 semana, 6 días )
Nombres ransom
Samas.exe
50881c434db8730bfc5e67bccf573ec2.exe
50881c434db8730bfc5e67bccf573ec2.exe
sec_check.scr
sec_check.scr.exe.bin
t11.exe
2c9599396f8267baa20e89bab33b323ae98497f855534a8b2a629af502539cfe.exe
Samas.exe
50881c434db8730bfc5e67bccf573ec2.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications