× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: b47f15d1093fd6466e040d3ee786a18e25f8980d3db33465d2acbafe8b0f6850
Nombre: FileLocker.exe
Detecciones: 52 / 68
Fecha de análisis: 2018-10-08 05:48:26 UTC ( hace 2 semanas )
Antivirus Resultado Actualización
Ad-Aware Trojan.GenericKD.3035832 20181008
AegisLab Trojan.Win32.Generic.4!c 20181007
AhnLab-V3 Win-Trojan/MDA.630F094C 20181007
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20181008
Arcabit Trojan.Generic.D2E52B8 20181008
Avast Win32:Malware-gen 20181008
AVG Win32:Malware-gen 20181008
Avira (no cloud) TR/FileCoder.476672 20181007
AVware Win32.Malware!Drop 20180925
BitDefender Trojan.GenericKD.3035832 20181007
Bkav W32.FileCoderA.Trojan 20181005
CAT-QuickHeal Ransom.Jobcrypt.A4 20181007
Comodo TrojWare.Win32.Filecoder.AA 20181007
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20180723
Cybereason malicious.53dffb 20180225
Cylance Unsafe 20181008
Cyren W32/Forucon.CVZR-4673 20181008
DrWeb Trojan.DownLoader19.22028 20181008
Emsisoft Trojan.GenericKD.3035832 (B) 20181008
Endgame malicious (high confidence) 20180730
ESET-NOD32 MSIL/Filecoder.JobCrypter.A 20181008
F-Prot W32/Forucon.E 20181007
F-Secure Trojan.GenericKD.3035832 20181008
Fortinet W32/Malicious_Behavior.VEX 20181008
GData MSIL.Trojan-Ransom.JobCrypter.A 20181008
Ikarus Trojan.MSIL.Filecoder 20181007
Jiangmin Trojan.Blocker.bjd 20181008
K7AntiVirus Trojan ( 700000121 ) 20181007
K7GW Trojan ( 700000121 ) 20181007
Kaspersky Trojan-Ransom.MSIL.Agent.wf 20181008
MAX malware (ai score=100) 20181008
McAfee Generic.yc 20181008
McAfee-GW-Edition Generic.yc 20181008
Microsoft Ransom:MSIL/Nojocrypt.A 20181007
eScan Trojan.GenericKD.3035832 20181007
NANO-Antivirus Trojan.Win32.Dwn.eahoqy 20181008
Palo Alto Networks (Known Signatures) generic.ml 20181008
Panda Generic Malware 20181007
Qihoo-360 Win32/Trojan.226 20181008
Rising Trojan.Spy.Win32.Nojocrypt.a (CLASSIC) 20181008
Sophos AV Troj/MSIL-JWI 20181008
Symantec Ransom.JobCrypter 20181007
Tencent Ransom.Win32.CryptGraphicLocker.b 20181008
TrendMicro Ransom_Nojocrypt.R002C0CDR18 20181007
TrendMicro-HouseCall Ransom_Nojocrypt.R002C0CDR18 20181008
VBA32 TScope.Trojan.MSIL 20181005
VIPRE Win32.Malware!Drop 20181008
Webroot W32.Trojan.GenKD 20181008
Yandex Trojan.Blocker!9oXOdHdhVwo 20181005
Zillya Trojan.Blocker.Win32.33408 20181005
ZoneAlarm by Check Point Trojan-Ransom.MSIL.Agent.wf 20181008
Zoner Trojan.Blocker 20181008
Alibaba 20180921
Avast-Mobile 20181007
Babable 20180918
Baidu 20180930
ClamAV 20181007
CMC 20181007
eGambit 20181008
Sophos ML 20180717
Kingsoft 20181008
Malwarebytes 20181008
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181008
TheHacker 20181001
TotalDefense 20181007
Trustlook 20181008
ViRobot 20181007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016

Product FileLocker
Original name FileLocker.exe
Internal name FileLocker.exe
File version 1.0.0.0
Description FileLocker
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-05 21:08:10
Entry Point 0x00061E1E
Number of sections 4
.NET details
Module Version ID 4e5ee51a-6914-4180-a10a-8b6b85aff127
TypeLib ID b0f304b7-622d-4167-934a-a2c169276435
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 13
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 16
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
FileLocker

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
82432

EntryPoint
0x61e1e

OriginalFileName
FileLocker.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2016

FileVersion
1.0.0.0

TimeStamp
2016:02:05 22:08:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FileLocker.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
393216

ProductName
FileLocker

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 a02aff753dffb13ad034ca67aed985d8
SHA1 f53cb550bc4d6193a42f8aa2ec348e8cc89728e9
SHA256 b47f15d1093fd6466e040d3ee786a18e25f8980d3db33465d2acbafe8b0f6850
ssdeep
6144:Y2fS613hVdeOVoYUo9wbLqWzFFrI9OBG9QMbRXn2Huq9OOVDVQMbRXn2Puq9OJ:PK6NjVoHLP4QMbJ2HFhQMbJ2Pc

authentihash 7a02f802acd2db1b4b15d855aaa9f3b2c5b5c5b9af5ed99a1ea58c390df8ba4b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
Tamaño del fichero 465.5 KB ( 476672 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (44.5%)
Win32 Executable MS Visual C++ (generic) (18.9%)
Win64 Executable (generic) (16.7%)
Windows screen saver (7.9%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-02-10 08:06:45 UTC ( hace 2 años, 8 meses )
Last submission 2018-10-08 05:48:26 UTC ( hace 2 semanas )
Nombres a02aff753dffb13ad034ca67aed985d8.exe
f53cb550bc4d6193a42f8aa2ec348e8cc89728e9.exe
JZAWnb.zip
Locker.exe
FCE7B86kY.chm
a02aff753dffb13ad034ca67aed985d8
FileLocker.exe
b47f15d1093fd6466e040d3ee786a18e25f8980d3db33465d2acbafe8b0f6850.exe
deofuscated - a02aff753dffb13ad034ca67aed985d8
a02aff753dffb13ad034ca67aed985d8.exe_
Advanced heuristic and reputation engines
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
TCP connections
UDP communications