× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 3b7585f4ba0a931be938fb576af2dafe89fdd4cc65f777febd1a5f47d9c5bc54
Nombre: BadBlock
Detecciones: 46 / 69
Fecha de análisis: 2018-10-04 02:53:54 UTC ( hace 2 semanas, 4 días )
Antivirus Resultado Actualización
Ad-Aware Gen:Variant.Graftor.288043 20181004
AegisLab Trojan.Win32.Generic.4!c 20181004
AhnLab-V3 Trojan/Win32.Agent.C1454609 20181004
ALYac Trojan.Ransom.BadBlock 20181004
Antiy-AVL Trojan/Win32.AGeneric 20181004
Arcabit Trojan.Graftor.D4652B 20181004
AVG FileRepMalware 20181004
Avira (no cloud) TR/ATRAPS.Gen 20181004
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Gen:Variant.Graftor.288043 20181004
CAT-QuickHeal Ransom.BadBlock.A11 20181001
ClamAV Win.Ransomware.Badblock-1 20181003
Comodo TrojWare.Win32.Generic.dvsdc 20181003
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20180723
Cybereason malicious.ff237a 20180225
Cyren W32/GenBl.856B19AF!Olympus 20181004
DrWeb Trojan.Encoder.4639 20181004
Emsisoft Gen:Variant.Graftor.288043 (B) 20181004
ESET-NOD32 Win32/Filecoder.BadBlock.A 20181003
F-Secure Gen:Variant.Graftor.288043 20181004
Fortinet W32/Filecoder_BadBlock.A!tr 20181004
GData Gen:Variant.Graftor.288043 20181004
Ikarus Trojan-Ransom.BadBlock 20181003
Jiangmin Trojan.Generic.zrns 20181004
Kaspersky HEUR:Trojan.Win32.Fsysna.gen 20181003
MAX malware (ai score=100) 20181004
McAfee Artemis!856B19AFF237 20181003
McAfee-GW-Edition BehavesLike.Win32.Generic.bc 20181004
Microsoft Ransom:Win32/Laksbades.A 20181004
eScan Gen:Variant.Graftor.288043 20181004
NANO-Antivirus Trojan.Win32.Encoder.edfopa 20181003
Palo Alto Networks (Known Signatures) generic.ml 20181004
Panda Trj/Genetic.gen 20181003
Qihoo-360 HEUR/QVM11.1.Malware.Gen 20181004
Rising Ransom.FileCryptor!8.1A7 (CLOUD) 20181003
Sophos AV Mal/Generic-S 20181004
Symantec Ransom.BadBlock 20181003
Tencent Ransom.Win32.Locky.a 20181004
TrendMicro Ransom_BADBLOCK.A 20181003
TrendMicro-HouseCall Ransom_BADBLOCK.A 20181004
VIPRE Trojan.Win32.Generic!BT 20181004
ViRobot Trojan.Win32.Z.Forucon.773632 20181003
Webroot W32.Trojan.GenKD 20181004
Yandex Trojan.Agent!h02sVEmjR2w 20180927
Zillya Trojan.Filecoder.Win32.2599 20181003
ZoneAlarm by Check Point HEUR:Trojan.Win32.Fsysna.gen 20180925
Alibaba 20180921
Avast 20181004
Avast-Mobile 20181003
Babable 20180918
Baidu 20180930
Bkav 20181003
CMC 20181003
Cylance 20181004
eGambit 20181004
Endgame 20180730
F-Prot 20181004
Sophos ML 20180717
K7AntiVirus 20181003
K7GW 20181003
Kingsoft 20181004
Malwarebytes 20181004
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181004
TheHacker 20181001
TotalDefense 20181003
Trustlook 20181004
VBA32 20181003
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.0.0.0
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-17 18:57:40
Entry Point 0x002C97D0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegSaveKeyW
ImageList_Add
NetWkstaGetInfo
IsEqualGUID
VariantCopy
ShellExecuteW
VerQueryValueW
OpenPrinterW
Number of PE resources by type
RT_STRING 38
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 6
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 42
ENGLISH US 20
PORTUGUESE BRAZILIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
2158592

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
12288

EntryPoint
0x2c97d0

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2016:05:17 19:57:40+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
761856

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 856b19aff237ace0dda3ecfc71c09767
SHA1 12c2bd835c52ed13f3b8a82c432ee11c490b90c8
SHA256 3b7585f4ba0a931be938fb576af2dafe89fdd4cc65f777febd1a5f47d9c5bc54
ssdeep
12288:cw0I4GQ7jcXOmrtGYvU0bk4hNNVAVBwhxl1j7t1vocP3I6eVAeYXOh95rw/:cltjc7LM0bk4oVSBF/HPJGtYXM9pw

authentihash b243de8fa92bb41e67f1aa08d6417ed412a7517ecea8757c397d8d24108414f1
imphash a399d17d60506de094e578addd9151b2
Tamaño del fichero 755.5 KB ( 773632 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2016-05-22 23:22:17 UTC ( hace 2 años, 5 meses )
Last submission 2016-07-14 18:35:58 UTC ( hace 2 años, 3 meses )
Nombres 856b19aff237ace0dda3ecfc71c09767
192389573
3b7585f4ba0a931be938fb576af2dafe89fdd4cc65f777febd1a5f47d9c5bc54.exe
badblock.exe
badblock.exe
f9e8c8042dd02df6b7040f6bb249a8b9
badransom.exe
badblock.exe.exe
badransom.exe
BadBlock Ransomware.bin
BadBlock
badransom.ex_
Advanced heuristic and reputation engines
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications