× Sütik letiltva! Az oldal helyes működéséhez engedélyezni kell a sütiket.
SHA256: 462e30eb9cf267315e5f39e4fec4cfff78b34a5f6ebf61bad06cdfd9cbe0a06a
Fájl neve: nanolocker1.exe.dontrun
Észlelési arány: 52 / 66
Elemzés ideje: 2018-07-27 19:23:21 UTC ( 1 hónap, 3 hét ezelőtt )
Vírusirtó Eredmény Utolsó frissítés
Ad-Aware Gen:Heur.Zard.1 20180727
AegisLab Trojan.Win32.Generic.4!c 20180727
AhnLab-V3 Trojan/Win32.Dynamer.C1318617 20180727
ALYac Gen:Heur.Zard.1 20180727
Antiy-AVL Trojan/Win32.AGeneric 20180727
Arcabit Trojan.Zard.1 20180727
Avast Win32:Ransom-AXT [Trj] 20180727
AVG Win32:Ransom-AXT [Trj] 20180727
Avira (no cloud) TR/Dropper.Gen 20180727
AVware Trojan.Win32.Generic!BT 20180727
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9985 20180726
BitDefender Gen:Heur.Zard.1 20180727
CAT-QuickHeal Ransom.NanoLocker.A4 20180725
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180723
Cybereason malicious.e1fb28 20180225
Cylance Unsafe 20180727
Cyren W32/NanoLocker.A.gen!Eldorado 20180727
DrWeb Trojan.MulDrop6.20374 20180727
Emsisoft Gen:Heur.Zard.1 (B) 20180727
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Filecoder.NanoLocker.A 20180727
F-Prot W32/NanoLocker.A.gen!Eldorado 20180727
F-Secure Gen:Heur.Zard.1 20180727
Fortinet W32/Filecoder.NAN!tr 20180727
GData Gen:Heur.Zard.1 20180727
Ikarus Trojan.Win32.Dynamer 20180727
Sophos ML heuristic 20180717
Jiangmin Trojan.Generic.jbqe 20180727
K7AntiVirus Trojan ( 004dbb7c1 ) 20180727
K7GW Trojan ( 004dbb7c1 ) 20180727
Kaspersky HEUR:Trojan.Win32.Generic 20180727
MAX malware (ai score=100) 20180727
McAfee Ransomware-FCO!FCE023BE1FB2 20180727
McAfee-GW-Edition BehavesLike.Win32.Generic.cm 20180727
Microsoft Trojan:Win32/Dynamer!ac 20180727
eScan Gen:Heur.Zard.1 20180727
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc 20180727
Palo Alto Networks (Known Signatures) generic.ml 20180727
Panda Generic Suspicious 20180727
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20180727
Rising Dropper.Generic!8.35E (CLOUD) 20180727
Sophos AV Mal/Generic-S 20180727
Symantec Ransom.NanoLocker 20180727
Tencent Trojan-Ransom.Win32.Nanolocker.a 20180727
TrendMicro Ransom_NANOLOCKER.B 20180727
TrendMicro-HouseCall Ransom_NANOLOCKER.B 20180727
VBA32 Trojan.MulDrop 20180727
VIPRE Trojan.Win32.Generic!BT 20180727
ViRobot Trojan.Win32.Ransom.201216 20180727
Webroot W32.Trojan.Gen 20180727
Yandex Trojan.Agent!SKjcCIG0CPg 20180725
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180727
Alibaba 20180713
Avast-Mobile 20180727
Babable 20180725
Bkav 20180727
ClamAV 20180727
CMC 20180727
Comodo 20180727
eGambit 20180727
Kingsoft 20180727
Malwarebytes 20180727
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180727
TACHYON 20180727
TheHacker 20180727
Trustlook 20180727
Zoner 20180726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-06 08:15:56
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
CryptExportKey
RegSetValueExA
CryptEncrypt
AbortSystemShutdownA
RegCreateKeyExA
RegDeleteValueA
CryptDecrypt
CryptGenKey
CryptImportKey
CryptBinaryToStringA
CryptStringToBinaryA
DeleteDC
SelectObject
CreateSolidBrush
SetBkMode
SetBkColor
CreateCompatibleDC
DeleteObject
StretchBlt
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile
GetSystemTime
HeapFree
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GlobalFree
GetDriveTypeA
CopyFileA
GetTickCount
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
HeapAlloc
GetDateFormatA
GetFileSize
MultiByteToWideChar
GetLogicalDrives
GetCommandLineA
GlobalLock
GetProcessHeap
SetFilePointer
GetModuleHandleA
lstrcmpA
FindFirstFileA
lstrcpyA
CloseHandle
FindNextFileA
SetFileAttributesA
FreeLibrary
WriteFile
GlobalAlloc
FindClose
Sleep
SetEndOfFile
CreateFileA
ExitProcess
CoCreateInstance
CoUninitialize
CoInitialize
SHGetFolderPathA
SetFocus
GetMessageA
UpdateWindow
BeginPaint
DestroyMenu
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
FindWindowA
GetSystemMetrics
AppendMenuA
DispatchMessageA
EndPaint
MessageBoxA
TranslateMessage
RegisterClassExA
CreatePopupMenu
SetWindowTextA
SetClipboardData
SendMessageA
CloseClipboard
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetFocus
EmptyClipboard
GetWindowTextA
DestroyWindow
OpenClipboard
inet_addr
Number of PE resources by type
RT_ICON 8
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:06 09:15:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
13312

LinkerVersion
5.12

EntryPoint
0x1000

InitializedDataSize
194048

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 fce023be1fb28b656e419c5c817deb73
SHA1 589b78fcde00583615e85c16b0a63d0806cf621c
SHA256 462e30eb9cf267315e5f39e4fec4cfff78b34a5f6ebf61bad06cdfd9cbe0a06a
ssdeep
3072:oS8QtzYfnu0Z9C1hwDzBhE/NQ80cKITOpel9gX4cvIcVnQBSUMzIg6IIWXhRw08y:dNYfu02vmeB6N7e9tzGDNb

authentihash f8e845bd10e5b4119f522b8daa10d708267d702b21628ad479abb8211a7f6017
imphash 9459c1bedb44e955107f3c4ac1cd9534
Fájl méret 196.5 KB ( 201216 bytes )
Fájl típus Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-16 12:16:01 UTC ( 2 év, 8 hónap ezelőtt )
Last submission 2018-07-27 19:23:21 UTC ( 1 hónap, 3 hét ezelőtt )
Fájl nevek ransomware3.exe
462e30eb9cf267315e5f39e4fec4cfff78b34a5f6ebf61bad06cdfd9cbe0a06a.exe
nanolocker1.exe.dontrun
Nincsenek hozzászólások. Még egy VirusTotal felhasználó sem írt bejegyzést ehhez, legyél te az első!

Hozzászólás írása...

?
Hozzászólás elküldése

Nem vagy bejelentkezve. Csak regisztrált felhasználók írhatnak hozzászólást, jelentkezz be és oszd meg a véleményed!

Nincsenek szavazatok. Még senki nem szavazott, legyél te az első!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Searched windows
Runtime DLLs
UDP communications