× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
Nom du fichier : ddokslf.exe
Ratio de détection : 55 / 66
Date d'analyse : 2017-10-13 03:32:33 UTC (il y a 4 jours, 8 heures)
Antivirus Résultat Mise à jour
Ad-Aware Trojan.GenericKD.12364946 20171013
AegisLab Ransom.Cerber.Smaly0!c 20171013
AhnLab-V3 Win-Trojan/Lukitus3.Exp 20171012
ALYac Trojan.Ransom.LockyCrypt 20171013
Antiy-AVL Trojan/Win32.TSGeneric 20171012
Arcabit Trojan.Generic.DBCAC92 20171013
Avast Win32:Trojan-gen 20171013
AVG Win32:Trojan-gen 20171013
Avira (no cloud) TR/Crypt.Xpack.qhtbe 20171012
AVware Trojan.Win32.Generic!BT 20171013
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20171012
BitDefender Trojan.GenericKD.12364946 20171013
CAT-QuickHeal Trojan.IGENERIC 20171012
Comodo UnclassifiedMalware 20171013
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171013
Cyren W32/Trojan.COUE-5759 20171013
DrWeb Trojan.Encoder.13570 20171013
Emsisoft Trojan.GenericKD.12364946 (B) 20171013
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Filecoder.Locky.L 20171013
F-Prot W32/Ransom.GS.gen!Eldorado 20171013
F-Secure Trojan.GenericKD.12364946 20171012
Fortinet W32/Kryptik.FWMX!tr.ransom 20171013
GData Win32.Trojan-Ransom.Locky.DO 20171012
Ikarus Trojan.Win32.Tofsee 20171012
Sophos ML heuristic 20170914
Jiangmin Trojan.Tofsee.au 20171013
K7AntiVirus Trojan ( 0051497b1 ) 20171013
K7GW Trojan ( 0051497b1 ) 20171013
Kaspersky Trojan-Ransom.Win32.Locky.yto 20171013
Malwarebytes Trojan.MalPack 20171013
MAX malware (ai score=100) 20171013
McAfee Ransom-Locky!2C163BE10C2D 20171013
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jc 20171013
Microsoft Ransom:Win32/Locky.A 20171013
eScan Trojan.GenericKD.12364946 20171013
NANO-Antivirus Trojan.Win32.Locky.esqsia 20171013
nProtect Ransom/W32.Locky.675328 20171013
Palo Alto Networks (Known Signatures) generic.ml 20171013
Panda Trj/Genetic.gen 20171012
Qihoo-360 Trojan.Generic 20171013
Sophos AV Mal/Elenoocka-E 20171013
SUPERAntiSpyware Ransom.Cerber/Variant 20171013
Symantec Trojan.Smoaler 20171013
Tencent Win32.Trojan.Filecoder.Hqvm 20171013
TrendMicro Ransom_LOCKY.TH912 20171013
TrendMicro-HouseCall Ransom_LOCKY.TH912 20171013
VIPRE Trojan.Win32.Generic!BT 20171013
ViRobot Trojan.Win32.Z.Highconfidence.675328 20171012
Webroot W32.Trojan.Gen 20171013
WhiteArmor Malware.HighConfidence 20170927
Yandex Trojan.Filecoder!OpAYIP/xu4M 20171012
Zillya Trojan.Locky.Win32.3033 20171012
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.yto 20171013
Alibaba 20170911
Avast-Mobile 20171012
Bkav 20171013
ClamAV 20171013
CMC 20171012
Kingsoft 20171013
Rising 20171013
SentinelOne (Static ML) 20171001
Symantec Mobile Insight 20171011
TheHacker 20171013
TotalDefense 20171012
Trustlook 20171013
VBA32 20171012
Zoner 20171013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-24 11:48:16
Entry Point 0x0000A8D7
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegUnLoadKeyA
RegOpenKeyA
RegSaveKeyA
LogonUserW
CryptSignHashW
RegEnumKeyW
ClearEventLogA
ControlService
InitializeAcl
RegReplaceKeyW
OpenEventLogW
AuthzInitializeContextFromSid
AuthzAddSidsToContext
GetConsoleAliasA
GetModuleFileNameW
WaitForSingleObject
CreateJobObjectW
GetTickCount
CreateMailslotA
GetFileAttributesW
GetDateFormatA
LoadLibraryExA
MoveFileExA
GetCommandLineW
SearchPathW
DeleteFileW
GetProcAddress
GetProfileSectionA
GetTempPathA
lstrcmpiA
GetModuleHandleA
GetSystemDirectoryA
GetStringTypeW
ReadConsoleA
MoveFileA
GetLogicalDriveStringsA
InitializeCriticalSection
UnmapViewOfFile
CreateFileW
GetVersion
OpenSemaphoreW
GetExpandedNameA
GetThemeBackgroundRegion
GetThemeSysBool
GetWindowTheme
GetThemeAppProperties
GetCurrentThemeName
GetThemeSysFont
GetThemeBackgroundExtent
IsThemeActive
DrawThemeText
GetThemeFilename
CloseThemeData
GetThemeSysInt
GetThemePosition
GetThemeEnumValue
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelRead
WTSFreeMemory
WTSRegisterSessionNotification
WTSSetSessionInformationW
WTSEnumerateSessionsW
WTSSetUserConfigW
WTSWaitSystemEvent
WTSEnumerateServersA
Number of PE resources by type
RT_DIALOG 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:24 12:48:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49664

LinkerVersion
6.12

EntryPoint
0xa8d7

InitializedDataSize
624640

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 2c163be10c2dcd9b96243bd8175889d4
SHA1 d086fe8bbd8b7129d89dc1cfcb8a8175a6445b29
SHA256 a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
ssdeep
12288:DBBph23Ks1mQnWattmsbMVSH05SxQiEQ9jmE56:DBBK3p0RzYa+E

authentihash 3ca60b5f1d6eac84bd6d87e238869eacd42b2a5fe25270145798237b38402638
imphash e0cd36fc4e4f4032fc5cd3323a14cac0
File size 659.5 KB ( 675328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (43.2%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.8%)
Win16/32 Executable Delphi generic (6.8%)
Generic Win/DOS Executable (6.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-12 10:38:55 UTC (il y a 1 mois)
Last submission 2017-10-13 03:32:33 UTC (il y a 4 jours, 8 heures)
Noms du fichier 2c163be1.gxe
ddokslf.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications