× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e
ファイル名: ergergerg.exe
検出率: 44 / 61
分析日時: 2017-03-29 08:29:30 UTC (3 ヶ月, 3 週間前)
ウイルス対策ソフト 結果 更新日
Ad-Aware Trojan.GenericKD.4661697 20170329
AegisLab Uds.Dangerousobject.Multi!c 20170329
AhnLab-V3 Trojan/Win32.Cerber.R197324 20170329
ALYac Trojan.Ransom.Cerber 20170329
Antiy-AVL Trojan/Win32.TSGeneric 20170329
Arcabit Trojan.Generic.D4721C1 20170329
Avast Win32:Trojan-gen 20170329
AVG Crypt7.WTU 20170329
Avira (no cloud) TR/Crypt.ZPACK.fyzop 20170328
AVware Trojan.Win32.Generic!BT 20170329
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9574 20170329
BitDefender Trojan.GenericKD.4661697 20170329
CAT-QuickHeal TrojanRansom.Zerber 20170329
Cyren W32/Trojan.VTJA-0815 20170329
DrWeb Trojan.Encoder.10603 20170329
Emsisoft Trojan-Ransom.Cerber (A) 20170329
Endgame malicious (moderate confidence) 20170317
ESET-NOD32 Win32/Filecoder.Cerber.I 20170329
F-Prot W32/Cerber.AX.gen!Eldorado 20170329
F-Secure Trojan.GenericKD.4661697 20170329
Fortinet W32/Filecoder_Cerber.I!tr 20170329
GData Trojan.GenericKD.4661697 20170329
Ikarus Trojan.Win32.Filecoder 20170329
Jiangmin Trojan.Zerber.bby 20170329
K7AntiVirus Trojan ( 0050974f1 ) 20170329
K7GW Trojan ( 0050974f1 ) 20170329
Kaspersky Trojan-Ransom.Win32.Zerber.dfep 20170329
Malwarebytes Trojan.PasswordStealer 20170329
McAfee RDN/Generic.dx 20170329
McAfee-GW-Edition RDN/Generic.dx 20170329
Microsoft Ransom:Win32/Cerber 20170328
eScan Trojan.GenericKD.4661697 20170329
NANO-Antivirus Trojan.Win32.Zerber.emvdry 20170329
Panda Trj/CI.A 20170328
Qihoo-360 HEUR/QVM11.1.FDAD.Malware.Gen 20170329
Rising Malware.Generic.5!tfe (cloud:5x2E6ZTRPxM) 20170329
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV Mal/Generic-S 20170329
Symantec Ransom.Cerber 20170328
Tencent Win32.Trojan.Zerber.Eaxa 20170329
TrendMicro Cryp_Cerber-24 20170329
VIPRE Trojan.Win32.Generic!BT 20170329
Webroot W32.Trojan.GenKD 20170329
ZoneAlarm by Check Point Trojan-Ransom.Win32.Zerber.dfep 20170329
Alibaba 20170329
Bkav 20170328
ClamAV 20170329
CMC 20170329
Comodo 20170329
CrowdStrike Falcon (ML) 20170130
Sophos ML 20170203
Kingsoft 20170329
nProtect 20170329
Palo Alto Networks (Known Signatures) 20170329
SUPERAntiSpyware 20170329
Symantec Mobile Insight 20170329
TheHacker 20170327
TotalDefense 20170329
TrendMicro-HouseCall 20170329
Trustlook 20170329
VBA32 20170328
ViRobot 20170329
WhiteArmor 20170327
Yandex 20170327
Zillya 20170328
Zoner 20170329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

Product ergergerg.exe
Original name ergergerg.exe
Internal name ergergerg.exe
File version 1.0.0.1
Description TODO: <File description>
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-22 18:02:38
Entry Point 0x00046450
Number of sections 3
PE sections
Overlays
MD5 ed42ceb88bc0064c248505c89a4f516b
File type data
Offset 111104
Size 232568
Entropy 8.00
PE imports
GetOpenFileNameA
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SafeArrayCreateEx
BringWindowToTop
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_BITMAP 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
FRENCH 2
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
176128

LanguageCode
French

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x46450

OriginalFileName
ergergerg.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017

FileVersion
1.0.0.1

TimeStamp
2017:03:22 19:02:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ergergerg.exe

ProductVersion
1.0.0.1

FileDescription
TODO: <File description>

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: <Company name>

CodeSize
110592

ProductName
ergergerg.exe

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 82c68596a6afdc322b91a96e2736813b
SHA1 8018fcd789ce6e5b913f74124386d24d86cb15ef
SHA256 08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e
ssdeep
6144:2PHa7AURNCrYgjpMPMKaJsf2AGXOIOiwSry1WAvoU7HRDQ:2Pq5RNC8AKWnOIOrSG1WAvoUbi

authentihash 172eb45bf037f6e4913441fb76c2e6654260c2d02fe7c4135fc5cdd9f13266aa
imphash 4cceeaef603dec9bcd8890ae96a1aedd
File size 335.6 KB ( 343672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2017-03-23 09:13:23 UTC (4 ヶ月前)
Last submission 2017-03-27 09:48:42 UTC (3 ヶ月, 4 週間前)
ファイル名 08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e.exe
08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e.exe
1.exe
ergergerg.exe
08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e.exe
08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e.exe
08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e.exe
08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e.exe
018c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e.bin.exe
08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e.exe
UnInstall.exe
08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e.exe
08c368769ff51415ef8c727a432d864a79ac9bbffb3ff2bff49939a468f7304e.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs