× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
Nom du fichier : ddokslf.exe
Ratio de détection : 57 / 68
Date d'analyse : 2017-11-17 09:09:37 UTC (il y a 1 mois)
Antivirus Résultat Mise à jour
Ad-Aware Trojan.GenericKD.12364946 20171117
AegisLab Ransom.Cerber.Smaly0!c 20171117
AhnLab-V3 Win-Trojan/Lukitus3.Exp 20171117
ALYac Trojan.Ransom.LockyCrypt 20171117
Antiy-AVL Trojan/Win32.TSGeneric 20171117
Arcabit Trojan.Generic.DBCAC92 20171117
Avast Win32:Trojan-gen 20171117
AVG Win32:Trojan-gen 20171117
Avira (no cloud) TR/Crypt.Xpack.qhtbe 20171117
AVware Trojan.Win32.Generic!BT 20171117
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20171117
BitDefender Trojan.GenericKD.12364946 20171117
CAT-QuickHeal Trojan.IGENERIC 20171117
Comodo UnclassifiedMalware 20171117
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171117
Cyren W32/Trojan.COUE-5759 20171117
DrWeb Trojan.Encoder.13570 20171117
Emsisoft Trojan.GenericKD.12364946 (B) 20171117
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/Filecoder.Locky.L 20171117
F-Prot W32/Ransom.GS.gen!Eldorado 20171117
F-Secure Trojan.GenericKD.12364946 20171117
Fortinet W32/Kryptik.FWMX!tr.ransom 20171117
GData Win32.Trojan-Ransom.Locky.DO 20171117
Ikarus Trojan.Win32.Tofsee 20171116
Sophos ML heuristic 20170914
Jiangmin Trojan.Tofsee.au 20171117
K7AntiVirus Trojan ( 0051497b1 ) 20171117
K7GW Trojan ( 0051497b1 ) 20171117
Kaspersky HEUR:Trojan.Win32.Generic 20171117
Malwarebytes Trojan.MalPack 20171117
MAX malware (ai score=100) 20171117
McAfee Ransom-Locky!2C163BE10C2D 20171117
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jc 20171117
Microsoft Ransom:Win32/Locky.A 20171117
eScan Trojan.GenericKD.12364946 20171117
NANO-Antivirus Trojan.Win32.Locky.esqsia 20171117
nProtect Ransom/W32.Locky.675328 20171117
Palo Alto Networks (Known Signatures) generic.ml 20171117
Panda Trj/Genetic.gen 20171116
Qihoo-360 Trojan.Generic 20171117
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Elenoocka-E 20171117
SUPERAntiSpyware Ransom.Cerber/Variant 20171117
Symantec Trojan.Smoaler 20171117
Tencent Suspicious.Heuristic.Gen.b.0 20171117
TrendMicro Ransom_LOCKY.TH912 20171117
TrendMicro-HouseCall Ransom_LOCKY.TH912 20171117
VIPRE Trojan.Win32.Generic!BT 20171117
ViRobot Trojan.Win32.Z.Highconfidence.675328 20171117
Webroot W32.Trojan.Gen 20171117
WhiteArmor Malware.HighConfidence 20171104
Yandex Trojan.Filecoder!OpAYIP/xu4M 20171116
Zillya Trojan.Locky.Win32.3033 20171116
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171117
Alibaba 20170911
Avast-Mobile 20171116
Bkav 20171116
ClamAV 20171117
CMC 20171117
eGambit 20171117
Kingsoft 20171117
Rising 20171117
Symantec Mobile Insight 20171117
TheHacker 20171112
TotalDefense 20171117
Trustlook 20171117
VBA32 20171116
Zoner 20171117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-24 11:48:16
Entry Point 0x0000A8D7
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegUnLoadKeyA
RegOpenKeyA
RegSaveKeyA
LogonUserW
CryptSignHashW
RegEnumKeyW
ClearEventLogA
ControlService
InitializeAcl
RegReplaceKeyW
OpenEventLogW
AuthzInitializeContextFromSid
AuthzAddSidsToContext
GetConsoleAliasA
GetModuleFileNameW
WaitForSingleObject
CreateJobObjectW
GetTickCount
CreateMailslotA
GetFileAttributesW
GetDateFormatA
LoadLibraryExA
MoveFileExA
GetCommandLineW
SearchPathW
DeleteFileW
GetProcAddress
GetProfileSectionA
GetTempPathA
lstrcmpiA
GetModuleHandleA
GetSystemDirectoryA
GetStringTypeW
ReadConsoleA
MoveFileA
GetLogicalDriveStringsA
InitializeCriticalSection
UnmapViewOfFile
CreateFileW
GetVersion
OpenSemaphoreW
GetExpandedNameA
GetThemeBackgroundRegion
GetThemeSysBool
GetWindowTheme
GetThemeAppProperties
GetCurrentThemeName
GetThemeSysFont
GetThemeBackgroundExtent
IsThemeActive
DrawThemeText
GetThemeFilename
CloseThemeData
GetThemeSysInt
GetThemePosition
GetThemeEnumValue
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelRead
WTSFreeMemory
WTSRegisterSessionNotification
WTSSetSessionInformationW
WTSEnumerateSessionsW
WTSSetUserConfigW
WTSWaitSystemEvent
WTSEnumerateServersA
Number of PE resources by type
RT_DIALOG 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:24 12:48:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49664

LinkerVersion
6.12

EntryPoint
0xa8d7

InitializedDataSize
624640

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 2c163be10c2dcd9b96243bd8175889d4
SHA1 d086fe8bbd8b7129d89dc1cfcb8a8175a6445b29
SHA256 a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
ssdeep
12288:DBBph23Ks1mQnWattmsbMVSH05SxQiEQ9jmE56:DBBK3p0RzYa+E

authentihash 3ca60b5f1d6eac84bd6d87e238869eacd42b2a5fe25270145798237b38402638
imphash e0cd36fc4e4f4032fc5cd3323a14cac0
File size 659.5 KB ( 675328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (43.2%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.8%)
Win16/32 Executable Delphi generic (6.8%)
Generic Win/DOS Executable (6.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-12 10:38:55 UTC (il y a 3 mois)
Last submission 2017-10-13 03:32:33 UTC (il y a 2 mois)
Noms du fichier 2c163be1.gxe
ddokslf.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications