× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
Nom du fichier : 2c163be10c2dcd9b96243bd8175889d4.vir
Ratio de détection : 55 / 64
Date d'analyse : 2018-07-04 06:48:16 UTC (il y a 1 mois, 2 semaines)
Antivirus Résultat Mise à jour
Ad-Aware Trojan.GenericKD.12364946 20180704
AegisLab Ransom.Cerber.Smaly0!c 20180704
AhnLab-V3 Win-Trojan/Lukitus3.Exp 20180703
ALYac Trojan.Ransom.LockyCrypt 20180704
Antiy-AVL Trojan/Win32.TSGeneric 20180704
Arcabit Trojan.Generic.DBCAC92 20180704
Avast Win32:Trojan-gen 20180704
AVG Win32:Trojan-gen 20180704
Avira (no cloud) TR/Crypt.Xpack.qhtbe 20180703
AVware Trojan.Win32.Generic!BT 20180704
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180704
BitDefender Trojan.GenericKD.12364946 20180704
Bkav W32.eHeur.Malware14 20180703
CAT-QuickHeal Ransom.Exxroute.A4 20180703
Comodo TrojWare.Win32.Ransom.Locky.AF 20180704
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.10c2dc 20180225
Cyren W32/Ransom.GS.gen!Eldorado 20180704
DrWeb Trojan.Encoder.13570 20180704
Emsisoft Trojan.GenericKD.12364946 (B) 20180704
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/Filecoder.Locky.L 20180704
F-Prot W32/Ransom.GS.gen!Eldorado 20180704
F-Secure Trojan.GenericKD.12364946 20180704
Fortinet W32/Kryptik.FYKK!tr 20180704
GData Win32.Trojan.Kryptik.IT 20180704
Ikarus Trojan.Win32.Tofsee 20180703
Sophos ML heuristic 20180601
Jiangmin Trojan.Tofsee.au 20180703
K7AntiVirus Trojan ( 0051497b1 ) 20180704
K7GW Trojan ( 0051497b1 ) 20180704
Kaspersky HEUR:Trojan.Win32.Generic 20180704
Malwarebytes Trojan.MalPack 20180704
MAX malware (ai score=100) 20180704
McAfee Ransom-Locky!2C163BE10C2D 20180704
McAfee-GW-Edition BehavesLike.Win32.RansomLocky.jc 20180704
Microsoft Ransom:Win32/Locky.A 20180704
eScan Trojan.GenericKD.12364946 20180704
NANO-Antivirus Trojan.Win32.Locky.esqsia 20180704
Palo Alto Networks (Known Signatures) generic.ml 20180704
Panda Trj/Genetic.gen 20180703
Qihoo-360 Trojan.Generic 20180704
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Elenoocka-E 20180704
SUPERAntiSpyware Ransom.Cerber/Variant 20180704
Symantec Trojan.Smoaler 20180704
TACHYON Ransom/W32.Locky.675328 20180704
VBA32 Trojan.FakeAV.01657 20180629
VIPRE Trojan.Win32.Generic!BT 20180704
ViRobot Trojan.Win32.Agent.675328.E 20180704
Webroot W32.Trojan.Gen 20180704
Yandex Trojan.Filecoder!OpAYIP/xu4M 20180703
Zillya Trojan.Locky.Win32.3033 20180703
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180704
Avast-Mobile 20180704
ClamAV 20180704
CMC 20180703
eGambit 20180704
Kingsoft 20180704
Tencent 20180704
TheHacker 20180628
TotalDefense 20180704
Trustlook 20180704
Zoner 20180703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-24 11:48:16
Entry Point 0x0000A8D7
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegUnLoadKeyA
RegOpenKeyA
RegSaveKeyA
LogonUserW
CryptSignHashW
RegEnumKeyW
ClearEventLogA
ControlService
InitializeAcl
RegReplaceKeyW
OpenEventLogW
AuthzInitializeContextFromSid
AuthzAddSidsToContext
GetConsoleAliasA
GetModuleFileNameW
WaitForSingleObject
CreateJobObjectW
GetTickCount
CreateMailslotA
GetFileAttributesW
GetDateFormatA
LoadLibraryExA
MoveFileExA
GetCommandLineW
SearchPathW
DeleteFileW
GetProcAddress
GetProfileSectionA
GetTempPathA
lstrcmpiA
GetModuleHandleA
GetSystemDirectoryA
GetStringTypeW
ReadConsoleA
MoveFileA
GetLogicalDriveStringsA
InitializeCriticalSection
UnmapViewOfFile
CreateFileW
GetVersion
OpenSemaphoreW
GetExpandedNameA
GetThemeBackgroundRegion
GetThemeSysBool
GetWindowTheme
GetThemeAppProperties
GetCurrentThemeName
GetThemeSysFont
GetThemeBackgroundExtent
IsThemeActive
DrawThemeText
GetThemeFilename
CloseThemeData
GetThemeSysInt
GetThemePosition
GetThemeEnumValue
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelRead
WTSFreeMemory
WTSRegisterSessionNotification
WTSSetSessionInformationW
WTSEnumerateSessionsW
WTSSetUserConfigW
WTSWaitSystemEvent
WTSEnumerateServersA
Number of PE resources by type
RT_DIALOG 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:24 12:48:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49664

LinkerVersion
6.12

FileTypeExtension
exe

InitializedDataSize
624640

SubsystemVersion
5.1

EntryPoint
0xa8d7

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 2c163be10c2dcd9b96243bd8175889d4
SHA1 d086fe8bbd8b7129d89dc1cfcb8a8175a6445b29
SHA256 a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
ssdeep
12288:DBBph23Ks1mQnWattmsbMVSH05SxQiEQ9jmE56:DBBK3p0RzYa+E

authentihash 3ca60b5f1d6eac84bd6d87e238869eacd42b2a5fe25270145798237b38402638
imphash e0cd36fc4e4f4032fc5cd3323a14cac0
File size 659.5 KB ( 675328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-12 10:38:55 UTC (il y a 11 mois, 1 semaine)
Last submission 2018-05-22 14:51:25 UTC (il y a 2 mois, 3 semaines)
Noms du fichier 2c163be10c2dcd9b96243bd8175889d4.vir
ddokslf.exe
2c163be1.gxe
VirusShare_2c163be10c2dcd9b96243bd8175889d4
a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371.bin_used
a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications