× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 44116521dbb2e24af54a7cdbba0f96260e22f61f660c5d73370c54921bfb84fe
Nombre: Payload.exe
Detecciones: 51 / 67
Fecha de análisis: 2018-01-19 20:18:51 UTC ( hace 9 meses )
Antivirus Resultado Actualización
Ad-Aware Gen:Variant.Zusy.182618 20180119
AegisLab Troj.Ransom.W32!c 20180119
AhnLab-V3 Trojan/Win32.Genasom.R178405 20180119
ALYac Gen:Variant.Zusy.182618 20180119
Antiy-AVL Trojan/Win32.AGeneric 20180119
Arcabit Trojan.Zusy.D2C95A 20180119
Avast Win32:Malware-gen 20180119
AVG Win32:Malware-gen 20180119
Avira (no cloud) TR/Taranis.2433 20180119
AVware Trojan.Win32.Generic!BT 20180119
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9937 20180118
BitDefender Gen:Variant.Zusy.182618 20180119
CAT-QuickHeal Ransom.Generic.100012 20180119
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180119
DrWeb Trojan.Encoder.3953 20180119
Emsisoft Trojan-Ransom.Crysis (A) 20180119
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Filecoder.Crysis.A 20180119
F-Secure Gen:Variant.Zusy.182618 20180119
GData Gen:Variant.Zusy.182618 20180119
Ikarus Trojan.Win32.Filecoder 20180119
Sophos ML heuristic 20170914
Jiangmin Trojan.Generic.ohqi 20180119
K7AntiVirus Trojan ( 004dec7a1 ) 20180119
K7GW Trojan ( 004dec7a1 ) 20180119
Kaspersky Trojan-Ransom.Win32.Crusis.b 20180119
MAX malware (ai score=100) 20180119
McAfee Artemis!878D67C917F0 20180119
McAfee-GW-Edition BehavesLike.Win32.Tool.cc 20180119
Microsoft Ransom:Win32/Nemreq.A 20180119
eScan Gen:Variant.Zusy.182618 20180119
NANO-Antivirus Trojan.Win32.Encoder.eajwpe 20180119
Palo Alto Networks (Known Signatures) generic.ml 20180119
Panda Trj/GdSda.A 20180119
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20180119
Rising Ransom.Crusis!8.5724 (TFE:5:KHnRkhtTHqC) 20180119
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/Generic-S 20180119
SUPERAntiSpyware Ransom.Filecoder/Variant 20180119
Symantec Trojan.Gen 20180119
Tencent Trojan.Win32.Nemreq.a 20180119
TheHacker Trojan/Filecoder.nfy 20180119
VBA32 Hoax.Crysis 20180119
VIPRE Trojan.Win32.Generic!BT 20180119
ViRobot Trojan.Win32.Agent.286720.AK 20180119
Webroot 20180119
Yandex Trojan.Crysis! 20180112
Zillya Trojan.Filecoder.Win32.2021 20180119
ZoneAlarm by Check Point Trojan-Ransom.Win32.Crusis.b 20180119
Alibaba 20180119
Avast-Mobile 20180119
Bkav 20180119
ClamAV 20180119
CMC 20180116
Comodo 20180119
Cyren 20180119
eGambit 20180119
F-Prot 20180119
Fortinet 20180119
Kingsoft 20180119
Malwarebytes 20180119
nProtect 20180119
Symantec Mobile Insight 20180119
TotalDefense 20180118
TrendMicro 20180119
TrendMicro-HouseCall 20180119
Trustlook 20180119
Zoner 20180119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-15 11:55:02
Entry Point 0x0000589A
Number of sections 5
PE sections
PE imports
RegCloseKey
RegOpenKeyExW
RegSetValueExW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetFileAttributesW
RtlUnwind
GetModuleFileNameA
GetStdHandle
IsProcessorFeaturePresent
SetStdHandle
DeleteCriticalSection
LeaveCriticalSection
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
SetFilePointer
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
WideCharToMultiByte
HeapSize
GetLogicalDrives
FreeEnvironmentStringsW
MultiByteToWideChar
DeleteFileW
WaitForMultipleObjects
GetStartupInfoW
ExitProcess
CompareStringW
CreateThread
LoadLibraryW
TlsFree
ExpandEnvironmentStringsW
HeapSetInformation
FindNextFileW
GetTickCount
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CreateMutexW
ReadFile
OpenMutexW
GetCommandLineA
FindFirstFileW
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetEnvironmentVariableA
TerminateProcess
GetConsoleCP
GetTimeZoneInformation
TlsGetValue
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
FindClose
InterlockedIncrement
Sleep
GetFileType
SetFileAttributesW
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CloseHandle
WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW
SystemParametersInfoW
htonl
ntohl
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:02:15 12:55:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
52224

LinkerVersion
10.0

EntryPoint
0x589a

InitializedDataSize
102400

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 878d67c917f0252da2b36826af35f3a5
SHA1 967f64064e6a50047eff5bcba9f107d646eb38b6
SHA256 44116521dbb2e24af54a7cdbba0f96260e22f61f660c5d73370c54921bfb84fe
ssdeep
3072:AelouhyWRAiU7/s/g5KfiZIU4PWvLRMpEKcw:Zlougxp70gAKZXbMpGw

authentihash a3edcf88940f2fbffee26e3b70de03ffad898d69b3ea214ee2d2df45e3eb9af2
imphash 3d207d826d34a3ac459f6ac295dc08f5
Tamaño del fichero 152.0 KB ( 155648 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-22 18:00:38 UTC ( hace 2 años, 8 meses )
Last submission 2016-03-03 15:17:49 UTC ( hace 2 años, 7 meses )
Nombres Payload.exe
Payload.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications