× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 71df0f59d2634568b6753b0a69d9c3fa70b085e59f11c5c7dda04a8b4b37c4f7
ファイル名: xhhtgba[1].exe
検出率: 16 / 65
分析日時: 2017-09-08 13:02:12 UTC (1 年, 8 ヶ月前) 最新を表示
ウイルス対策ソフト 結果 更新日
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170908
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170908
Endgame malicious (high confidence) 20170821
GData Win32.Trojan-Ransom.Locky.DQ 20170908
Sophos ML heuristic 20170822
McAfee-GW-Edition BehavesLike.Win32.ZeroAccess.fc 20170908
Palo Alto Networks (Known Signatures) generic.ml 20170908
Qihoo-360 HEUR/QVM19.1.B54E.Malware.Gen 20170908
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170908
Symantec ML.Attribute.HighConfidence 20170908
TrendMicro Ransom_CERBER.SMALY0 20170908
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170908
Webroot W32.Ransomware.Gen 20170908
WhiteArmor Malware.HighConfidence 20170829
Ad-Aware 20170908
AegisLab 20170908
AhnLab-V3 20170908
Alibaba 20170908
ALYac 20170908
Antiy-AVL 20170908
Arcabit 20170908
Avast 20170908
AVG 20170908
Avira (no cloud) 20170908
AVware 20170906
BitDefender 20170908
Bkav 20170908
CAT-QuickHeal 20170908
ClamAV 20170908
CMC 20170902
Comodo 20170908
Cyren 20170908
DrWeb 20170908
Emsisoft 20170908
ESET-NOD32 20170908
F-Prot 20170908
F-Secure 20170908
Fortinet 20170908
Ikarus 20170908
Jiangmin 20170908
K7AntiVirus 20170908
K7GW 20170908
Kaspersky 20170908
Kingsoft 20170908
Malwarebytes 20170908
MAX 20170908
McAfee 20170908
Microsoft 20170908
eScan 20170908
NANO-Antivirus 20170908
nProtect 20170908
Panda 20170908
Rising 20170908
SUPERAntiSpyware 20170908
Symantec Mobile Insight 20170908
Tencent 20170908
TheHacker 20170907
TotalDefense 20170908
Trustlook 20170908
VBA32 20170907
VIPRE 20170908
ViRobot 20170908
Yandex 20170907
Zillya 20170907
ZoneAlarm by Check Point 20170908
Zoner 20170908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-12 05:23:19
Entry Point 0x00006E7B
Number of sections 4
PE sections
PE imports
CloseClusterGroup
ClusterControl
CloseCluster
CloseClusterNode
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookEnumCountries
PhoneBookCopyFilter
CertFreeCRLContext
CertDeleteCRLFromStore
CertGetNameStringA
CertAddStoreToCollection
CertControlStore
CertFindChainInStore
CertFindAttribute
CertSaveStore
CryptFindOIDInfo
CertNameToStrA
CertFindCRLInStore
ErrMsgParam
CheckADsError
FindSheet
CrackName
CreateJobObjectA
FileTimeToSystemTime
lstrcmpiA
WaitForSingleObject
lstrcmp
LoadLibraryA
CreateDirectoryA
DeleteFileA
OpenFileMappingA
GetCommandLineA
GetProcAddress
FindResourceExA
GetFileAttributesA
GetModuleHandleA
CreateSemaphoreW
GetTempFileNameA
DecodePointer
SetPriorityClass
CreateProcessA
WriteConsoleA
GetEnvironmentVariableA
FormatMessageA
UrlHashW
UrlIsA
UrlIsNoHistoryW
UrlGetLocationW
UrlUnescapeA
UrlCombineW
UrlGetPartA
UrlCanonicalizeW
UrlCreateFromPathW
UrlEscapeA
PathIsRootW
UrlCompareW
Chkdsk
FormatEx
Recover
Extend
Format
Number of PE resources by type
SQW 5
GDA 1
Number of PE resources by language
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:09:12 07:23:19+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
43008

LinkerVersion
5.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x6e7b

InitializedDataSize
33280

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5601c69020b1f8f0ca8db5d7c7cddd9d
SHA1 023d3111ba8f9fdcfd2de600ffa401a7c042bd2f
SHA256 71df0f59d2634568b6753b0a69d9c3fa70b085e59f11c5c7dda04a8b4b37c4f7
ssdeep
6144:x9Y1hfuOJr4ZVkdL4LA2ZhYDPNWWkGy0keNbAgvp:/YnuZi540IhDaNVvp

authentihash 51a6af3f040564574aeb7bd64ee1ab79203a79706db847abea74cfa8c80e1529
imphash f7a9b33b8a99a98d91563c62d9c69262
File size 326.0 KB ( 333824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-08 13:02:12 UTC (1 年, 8 ヶ月前)
Last submission 2019-03-06 04:02:42 UTC (2 ヶ月, 2 週間前)
ファイル名 5601c69020b1f8f0ca8db5d7c7cddd9d.vir
176_08_31_2017_22_44_17_xhhtgba.exe.malware.MRG
output.112059926.txt
xhhtgba.exe
output.112294055.txt
wggsfaa[0].exe
xhhtgba[1].exe
0.exe
71df0f59d2634568b6753b0a69d9c3fa70b085e59f11c5c7dda04a8b4b37c4f7 (1).exe
gbgmskm.exe
155_08_31_2017_22_44_17_gbgmskm.exe.malware.MRG
xhhtgba.exe
faflrjl[0].exe
locky ransomware (1)
output.112059940.txt
xhhtgba.exe
output.112059958.txt
023d3111ba8f9fdcfd2de600ffa401a7c042bd2f
xhhtgba_2.exe
gbgmskm.exe
gbgmskm.exe
wggsfaa.exe
wggsfaa_1.exe
5601c69020b1f8f0ca8db5d7c7cddd9d.vir
faflrjl.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Opened mutexes
Runtime DLLs