× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: 2e16d36064f2048f529d220d2cb3ce6ce0dccfdcd05d7c9b81802369f9bcd38f
Nome del file: 7148e7f4aff7a798031b1db7e1ac61015dc50b4e
Rapporto rilevamento: 57 / 64
Data analisi: 2017-09-13 21:53:21 UTC ( 1 settimana, 1 giorno fa )
Antivirus Risultato Aggiornamento
Ad-Aware Trojan.GenericKD.12189202 20170913
AegisLab Ransom.Cerber.Smaly0!c 20170913
AhnLab-V3 Downloader/Win32.Upatre.R207243 20170913
ALYac Trojan.Ransom.LockyCrypt 20170913
Antiy-AVL Trojan/Win32.TSGeneric 20170913
Arcabit Trojan.Generic.DB9FE12 20170913
Avast Win32:Malware-gen 20170913
AVG Win32:Malware-gen 20170913
Avira (no cloud) TR/AD.Locky.ayzfj 20170913
AVware Trojan.Win32.Generic!BT 20170913
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170913
BitDefender Trojan.GenericKD.12189202 20170913
CAT-QuickHeal Ransom.Exxroute.A4 20170913
Comodo UnclassifiedMalware 20170913
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170913
Cyren W32/Locky.BX.gen!Eldorado 20170913
DrWeb Trojan.Encoder.13570 20170913
Emsisoft Trojan.GenericKD.12189202 (B) 20170913
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Filecoder.Locky.L 20170913
F-Prot W32/Locky.BX.gen!Eldorado 20170913
F-Secure Trojan.GenericKD.12189202 20170913
Fortinet W32/Kryptik.FVTR!tr 20170913
GData Win32.Trojan-Ransom.Locky.DQ 20170913
Ikarus Trojan.Ransom.Locky 20170913
Sophos ML heuristic 20170822
Jiangmin Trojan.Cryptor.bw 20170913
K7AntiVirus Trojan ( 005137001 ) 20170913
K7GW Trojan ( 005137001 ) 20170913
Kaspersky Trojan-Ransom.Win32.Cryptor.ou 20170913
Malwarebytes Ransom.Locky 20170913
MAX malware (ai score=100) 20170913
McAfee Ransomware-GBY!8FD9C646DF2D 20170913
McAfee-GW-Edition BehavesLike.Win32.Ransomware.jc 20170913
Microsoft Ransom:Win32/Locky 20170913
eScan Trojan.GenericKD.12189202 20170913
NANO-Antivirus Trojan.Win32.Cryptor.escsds 20170913
nProtect Ransom/W32.Cryptor.621056.B 20170913
Palo Alto Networks (Known Signatures) generic.ml 20170913
Panda Trj/GdSda.A 20170913
Qihoo-360 Trojan.Generic 20170913
Rising Ransom.Locky!8.1CD4 (cloud:YQir07r2RjJ) 20170913
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170913
Symantec Ransom.Lukitus 20170913
Tencent Win32.Trojan.Filecoder.Egez 20170913
TrendMicro Ransom_CERBER.SMALY0 20170913
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170913
VBA32 Trojan.Agent 20170913
VIPRE Trojan.Win32.Generic!BT 20170913
ViRobot Trojan.Win32.Z.Cryptxxx.621056 20170913
Webroot W32.Trojan.Gen 20170913
WhiteArmor Malware.HighConfidence 20170829
Yandex Trojan.Cryptor!5lUvj/NvV+E 20170908
Zillya Trojan.Cryptor.Win32.143 20170913
ZoneAlarm by Check Point Trojan-Ransom.Win32.Cryptor.ou 20170913
Alibaba 20170911
ClamAV 20170913
CMC 20170913
Kingsoft 20170913
SUPERAntiSpyware 20170913
Symantec Mobile Insight 20170913
TheHacker 20170911
TotalDefense 20170913
Trustlook 20170913
Zoner 20170913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-02 01:03:03
Entry Point 0x00005FEE
Number of sections 4
PE sections
PE imports
CMP_Report_LogOn
CM_Add_Range
CM_Add_Empty_Log_Conf
CM_Add_IDA
DowngradeAPL
SetSetupSave
CoLoadServices
CoEnterServiceDomain
OpenThread
CreateNamedPipeW
WaitForSingleObject
CreateDirectoryA
LoadLibraryA
GetLocalTime
GetPrivateProfileStringA
GetConsoleTitleW
GetCommandLineW
GetProcAddress
GetComputerNameExA
CreateFileMappingW
GlobalAddAtomW
CreateSemaphoreA
CreateThread
SetEnvironmentVariableW
GetModuleHandleA
FindFirstFileA
FindResourceExW
CloseHandle
FindNextFileA
SetPriorityClass
FormatMessageW
GetEnvironmentVariableA
GetLogicalDriveStringsW
FindClose
InterlockedIncrement
ClusWorkerStart
ClusWorkerTerminate
ExtractIconA
SHCreateDirectoryExW
SHBrowseForFolderW
DllGetVersion
DragQueryFileA
StrChrA
SHEmptyRecycleBinA
DllCanUnloadNow
SHGetFolderPathA
SHFree
PathCompactPathW
UrlCreateFromPathA
UrlUnescapeW
UrlCombineA
PathCombineA
UrlHashW
UrlEscapeW
UrlIsNoHistoryA
UrlIsW
UrlGetPartA
PathCommonPrefixW
UrlGetLocationA
PathIsRootW
UrlCompareW
wsprintfA
DrawStateW
GetClassLongA
LoadIconA
LoadBitmapW
MessageBoxA
IsDialogMessageA
PeekMessageW
DialogBoxParamA
InsertMenuW
PostMessageW
IsCharLowerW
DispatchMessageW
CharToOemA
Number of PE resources by type
IKQ 21
OPS 1
Number of PE resources by language
ENGLISH US 21
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:03:02 02:03:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53760

LinkerVersion
5.12

EntryPoint
0x5fee

InitializedDataSize
564224

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8fd9c646df2d7d03259a8d0124673355
SHA1 2f4fddd232ab44c0ae74fba4aee01e5714ad0c4e
SHA256 2e16d36064f2048f529d220d2cb3ce6ce0dccfdcd05d7c9b81802369f9bcd38f
ssdeep
12288:PFP1IIexawFUu3moT16f4XlW3nTfgMgbvaDzuywH8m3sMnYZoH9xHWf:P0xxaw+os4XA3LgvmzoXcMn+onU

authentihash 8ffd9cc3f43507ed21bfeb29cc812ca52992150071d3aee6a54d2e4307b6051b
imphash bcaeab3e510f5ee8741515367c63f041
File size 606.5 KB ( 621056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-22 09:39:06 UTC ( 1 mese fa )
Last submission 2017-08-23 18:17:09 UTC ( 4 settimane, 1 giorno fa )
Nomi dei files bURnweP2.exe_
bURnweP2.exe
tvdNkseBgD3.exe
7148e7f4aff7a798031b1db7e1ac61015dc50b4e
jbfr387[1].3164.dr
jbfr387
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications