× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
Nom du fichier : ddokslf.exe
Ratio de détection : 19 / 64
Date d'analyse : 2017-09-12 10:38:55 UTC (il y a 1 an, 8 mois) Voir les derniers
Antivirus Résultat Mise à jour
Avast FileRepMetagen [Malware] 20170912
AVG FileRepMetagen [Malware] 20170912
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20170912
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170912
Endgame malicious (high confidence) 20170821
Fortinet W32/Kryptik.FWMX!tr 20170912
Sophos ML heuristic 20170822
McAfee Ransom-Locky!2C163BE10C2D 20170912
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.jc 20170912
Qihoo-360 HEUR/QVM20.1.CB63.Malware.Gen 20170912
Rising Malware.Heuristic!ET#97% (rdm+) 20170912
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170912
Symantec ML.Attribute.HighConfidence 20170912
TrendMicro Ransom_CERBER.SMALY0 20170912
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170912
Webroot W32.Trojan.Gen 20170912
WhiteArmor Malware.HighConfidence 20170829
Ad-Aware 20170912
AegisLab 20170912
AhnLab-V3 20170912
Alibaba 20170911
ALYac 20170912
Antiy-AVL 20170912
Arcabit 20170912
Avira (no cloud) 20170912
AVware 20170912
BitDefender 20170912
Bkav 20170911
CAT-QuickHeal 20170912
ClamAV 20170912
CMC 20170902
Comodo 20170912
Cyren 20170912
DrWeb 20170912
Emsisoft 20170912
ESET-NOD32 20170912
F-Prot 20170912
F-Secure 20170912
GData 20170912
Ikarus 20170912
Jiangmin 20170912
K7AntiVirus 20170912
K7GW 20170912
Kaspersky 20170912
Kingsoft 20170912
Malwarebytes 20170912
MAX 20170912
Microsoft 20170912
eScan 20170912
NANO-Antivirus 20170912
nProtect 20170912
Palo Alto Networks (Known Signatures) 20170912
Panda 20170911
SUPERAntiSpyware 20170912
Symantec Mobile Insight 20170912
Tencent 20170912
TheHacker 20170911
Trustlook 20170912
VBA32 20170911
VIPRE 20170912
ViRobot 20170912
Yandex 20170908
Zillya 20170911
ZoneAlarm by Check Point 20170912
Zoner 20170912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-24 11:48:16
Entry Point 0x0000A8D7
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegUnLoadKeyA
RegOpenKeyA
RegSaveKeyA
LogonUserW
CryptSignHashW
RegEnumKeyW
ClearEventLogA
ControlService
InitializeAcl
RegReplaceKeyW
OpenEventLogW
AuthzInitializeContextFromSid
AuthzAddSidsToContext
GetConsoleAliasA
GetModuleFileNameW
WaitForSingleObject
CreateJobObjectW
GetTickCount
CreateMailslotA
GetFileAttributesW
GetDateFormatA
LoadLibraryExA
MoveFileExA
GetCommandLineW
SearchPathW
DeleteFileW
GetProcAddress
GetProfileSectionA
GetTempPathA
lstrcmpiA
GetModuleHandleA
GetSystemDirectoryA
GetStringTypeW
ReadConsoleA
MoveFileA
GetLogicalDriveStringsA
InitializeCriticalSection
UnmapViewOfFile
CreateFileW
GetVersion
OpenSemaphoreW
GetExpandedNameA
GetThemeBackgroundRegion
GetThemeSysBool
GetWindowTheme
GetThemeAppProperties
GetCurrentThemeName
GetThemeSysFont
GetThemeBackgroundExtent
IsThemeActive
DrawThemeText
GetThemeFilename
CloseThemeData
GetThemeSysInt
GetThemePosition
GetThemeEnumValue
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelRead
WTSFreeMemory
WTSRegisterSessionNotification
WTSSetSessionInformationW
WTSEnumerateSessionsW
WTSSetUserConfigW
WTSWaitSystemEvent
WTSEnumerateServersA
Number of PE resources by type
RT_DIALOG 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:24 12:48:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49664

LinkerVersion
6.12

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xa8d7

InitializedDataSize
624640

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 2c163be10c2dcd9b96243bd8175889d4
SHA1 d086fe8bbd8b7129d89dc1cfcb8a8175a6445b29
SHA256 a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
ssdeep
12288:DBBph23Ks1mQnWattmsbMVSH05SxQiEQ9jmE56:DBBK3p0RzYa+E

authentihash 3ca60b5f1d6eac84bd6d87e238869eacd42b2a5fe25270145798237b38402638
imphash e0cd36fc4e4f4032fc5cd3323a14cac0
File size 659.5 KB ( 675328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-12 10:38:55 UTC (il y a 1 an, 8 mois)
Last submission 2018-05-22 14:51:25 UTC (il y a 1 an)
Noms du fichier 2c163be10c2dcd9b96243bd8175889d4.vir
ddokslf.exe
2c163be1.gxe
VirusShare_2c163be10c2dcd9b96243bd8175889d4
a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371.bin_used
a4bb7f498946155aaf1f6724dc6c37b7a149a369d4e5af724f3794c34629f371
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications