× کوکی ها غیر فعال هستند! لطفا برای کارکرد صحیح کوکی ها را فعال کنید
SHA256: 7c07f6c21f01eefa72556858fd89c64df722ccd0c24692ded5113529f4a6fe2b
نام فایل: ransomware6.exe
نرخ کشف: 55 / 68
تاریخ تحلیل: 2018-07-19 03:11:30 UTC ( 5 ماه قبل )
آنتی ویروس نتایج بروزرسانی
Ad-Aware Gen:Heur.Zard.1 20180719
AegisLab Troj.W32.Generic!c 20180719
AhnLab-V3 Trojan/Win32.Dynamer.C1318617 20180719
ALYac Gen:Heur.Zard.1 20180719
Antiy-AVL Trojan/Win32.AGeneric 20180719
Arcabit Trojan.Zard.1 20180719
Avast Win32:Ransom-AXT [Trj] 20180719
AVG Win32:Ransom-AXT [Trj] 20180719
Avira (no cloud) TR/Crypt.ZPACK.207480 20180718
AVware Trojan.Win32.Generic!BT 20180719
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9946 20180717
BitDefender Gen:Heur.Zard.1 20180719
CAT-QuickHeal Ransom.NanoLocker.A4 20180718
Comodo UnclassifiedMalware 20180719
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20180530
Cybereason malicious.9cfa33 20180225
Cylance Unsafe 20180719
Cyren W32/NanoLocker.A.gen!Eldorado 20180719
DrWeb Trojan.KeyLogger.37125 20180719
Emsisoft Gen:Heur.Zard.1 (B) 20180719
Endgame malicious (high confidence) 20180711
ESET-NOD32 Win32/Filecoder.NanoLocker.A 20180719
F-Prot W32/NanoLocker.A.gen!Eldorado 20180719
F-Secure Gen:Heur.Zard.1 20180719
Fortinet W32/Filecoder.NAN!tr 20180719
GData Gen:Heur.Zard.1 20180719
Ikarus Trojan.Win32.Dynamer 20180718
Sophos ML heuristic 20180717
Jiangmin Trojan.Generic.jbqe 20180719
K7AntiVirus Riskware ( 0040eff71 ) 20180719
K7GW Riskware ( 0040eff71 ) 20180718
Kaspersky HEUR:Trojan.Win32.Generic 20180719
MAX malware (ai score=100) 20180719
McAfee Ransomware-FCO!C1CF7CE9CFA3 20180719
McAfee-GW-Edition BehavesLike.Win32.StartPage.dt 20180719
Microsoft Ransom:Win32/Genasom 20180719
eScan Gen:Heur.Zard.1 20180719
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc 20180719
Palo Alto Networks (Known Signatures) generic.ml 20180719
Panda Generic Suspicious 20180718
Qihoo-360 Win32/Trojan.07b 20180719
Rising Dropper.Generic!8.35E (CLOUD) 20180719
Sophos AV Mal/Generic-S 20180719
Symantec Ransom.NanoLocker 20180718
Tencent Trojan-Ransom.Win32.Nanolocker.a 20180719
TrendMicro Ransom_NANOLOCKER.THGAHAH 20180719
TrendMicro-HouseCall Ransom_NANOLOCKER.THGAHAH 20180719
VBA32 Trojan.Keyloggerger 20180718
VIPRE Trojan.Win32.Generic!BT 20180719
ViRobot Trojan.Win32.NanoLocker.253952 20180718
Webroot W32.Trojan.Gen 20180719
Yandex Trojan.Agent!o8Ni0UsH2jE 20180717
Zillya Adware.AdLoad.Win32.8673 20180718
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180719
Alibaba 20180713
Avast-Mobile 20180718
Bkav 20180718
ClamAV 20180719
CMC 20180718
eGambit 20180719
Kingsoft 20180719
Malwarebytes 20180719
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180719
TACHYON 20180719
TheHacker 20180718
TotalDefense 20180718
Trustlook 20180719
Zoner 20180718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-02 16:59:15
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
CryptExportKey
RegSetValueExA
CryptEncrypt
AbortSystemShutdownA
RegCreateKeyExA
RegDeleteValueA
CryptDecrypt
CryptGenKey
CryptImportKey
CryptBinaryToStringA
CryptStringToBinaryA
DeleteDC
SetBkMode
CreateSolidBrush
SelectObject
SetBkColor
CreateCompatibleDC
DeleteObject
StretchBlt
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile
CreateToolhelp32Snapshot
GetSystemTime
HeapFree
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GlobalFree
GetDriveTypeA
CopyFileA
GetTickCount
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
Process32NextW
HeapAlloc
GetDateFormatA
GetFileSize
MultiByteToWideChar
GetLogicalDrives
GetCommandLineA
GlobalLock
Process32FirstW
GetProcessHeap
SetFilePointer
GetModuleHandleA
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
FindNextFileA
SetFileAttributesA
FreeLibrary
lstrcpyA
GlobalAlloc
FindClose
Sleep
SetEndOfFile
CreateFileA
ExitProcess
CoCreateInstance
CoUninitialize
CoInitialize
SHGetFolderPathA
SetFocus
GetMessageA
UpdateWindow
BeginPaint
DestroyMenu
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
GetSystemMetrics
AppendMenuA
DispatchMessageA
EndPaint
MessageBoxA
TranslateMessage
RegisterClassExA
CreatePopupMenu
SetWindowTextA
SetClipboardData
SendMessageA
CloseClipboard
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetFocus
EmptyClipboard
GetWindowTextA
DestroyWindow
OpenClipboard
inet_addr
Number of PE resources by type
RT_ICON 18
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 19
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:02 17:59:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
13312

LinkerVersion
5.12

EntryPoint
0x1000

InitializedDataSize
247296

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c1cf7ce9cfa337b22ccc4061383a70f6
SHA1 fea42532538136b61ae490bd82e20163dcc2ef9a
SHA256 7c07f6c21f01eefa72556858fd89c64df722ccd0c24692ded5113529f4a6fe2b
ssdeep
6144:7Qu40vAkzL7r9r/EDppppppppppppppppppppppppppppp0G:bxP7r9r/+ppppppppppppppppppppppJ

authentihash e051794fa8b2d8e79c0caf9d730547c4128b90c7f66e0eb6709e1f79aa86a5fa
imphash 444e7ce758d2784f0e6e53e6002de09f
File size 248.0 KB ( 253952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-11 07:13:46 UTC ( 2 سال، 11 ماه قبل )
Last submission 2017-11-15 14:00:24 UTC ( 1 سال، 1 ماه قبل )
نام های فایل ransomware6.exe
manage-bde.exe
c6f057b86584942e.pdf...........................................................................scr
بدون نظر. هیچ یک از اعضای انجمن ویروس توتال نظری در مورد این آیتم نداده است، بنابراین شما میتوانید اولین شخص باشید!

نظر بدهید...

?
ارسال نظر

شما هنوز وارد نشدید. تنها کاربران ثبت نام کرده می توانند نظر ارسال کنند، وارد شده و نظر بدهید.

بدون رای. هنوز شخصی برای این آیتم رای نداده است، شما اولین شخص باشید!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Runtime DLLs
UDP communications