× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: a64dd2f21a42713131f555bea9d0a76918342d696ef6731608a9dbc57b79b32f
ファイル名: Ransomware_AVCrypt.exe
検出率: 50 / 71
分析日時: 2019-01-07 01:05:39 UTC (1 ヶ月, 1 週間前)
ウイルス対策ソフト 結果 更新日
Ad-Aware Trojan.GenericKD.30445354 20190107
AhnLab-V3 Trojan/Win32.Blocker.C2442804 20190106
ALYac Trojan.Ransom.AVCrypt 20190107
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20190107
Arcabit Trojan.Generic.D1D08F2A 20190107
Avast Win32:Malware-gen 20190107
AVG Win32:Malware-gen 20190107
Avira (no cloud) HEUR/AGEN.1019056 20190107
BitDefender Trojan.GenericKD.30445354 20190107
ClamAV Win.Ransomware.AVCrypt-6492432-0 20190107
Comodo Malware@#u98uk3zc2rs5 20190107
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.ad332f 20180225
Cylance Unsafe 20190107
Cyren W32/Trojan.NYNG-0139 20190107
DrWeb Trojan.Encoder.24939 20190107
Emsisoft Trojan.GenericKD.30445354 (B) 20190107
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Filecoder.NPZ 20190107
F-Secure Trojan.GenericKD.30445354 20190107
Fortinet W32/Fareit.A 20190107
GData Trojan.GenericKD.30445354 20190107
Ikarus Trojan-Ransom.Crypter 20190106
Sophos ML heuristic 20181128
Jiangmin TrojanRansom.AVCrypt.a 20190107
K7AntiVirus Trojan ( 0052b4561 ) 20190107
K7GW Trojan ( 0052b4561 ) 20190106
Kaspersky Trojan-Ransom.Win32.Blocker.kwyx 20190107
McAfee Ransom-Pactelung!BD20D8AFABE6 20190107
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.vc 20190107
Microsoft Ransom:Win32/Pactelung.A 20190107
eScan Trojan.GenericKD.30445354 20190107
NANO-Antivirus Trojan.Win32.Blocker.ezhyvs 20190107
Palo Alto Networks (Known Signatures) generic.ml 20190107
Panda Trj/CI.A 20190106
Qihoo-360 Trojan.Generic 20190107
Rising Trojan.Win32.Destructor!1.B060 (CLOUD) 20190107
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Troj/AVCrypt-A 20190107
Symantec Trojan.Gen.2 20190106
Tencent Win32.Trojan.Blocker.Pgcm 20190107
Trapmine malicious.high.ml.score 20190103
TrendMicro Ransom_AVCRYPT.A 20190107
TrendMicro-HouseCall Ransom_AVCRYPT.A 20190107
VBA32 TrojanRansom.Blocker 20190104
VIPRE Trojan.Win32.Generic!BT 20190106
ViRobot Trojan.Win32.S.AVCrypt.3052032.A 20190107
Webroot W32.Trojan.Gen 20190107
Zillya Trojan.Blocker.Win32.39783 20190105
ZoneAlarm by Check Point Trojan-Ransom.Win32.Blocker.kwyx 20190107
Acronis 20181227
AegisLab 20190107
Alibaba 20180921
Avast-Mobile 20190106
Babable 20180918
Baidu 20190107
Bkav 20190104
CAT-QuickHeal 20190106
CMC 20190106
eGambit 20190107
F-Prot 20190107
Kingsoft 20190107
Malwarebytes 20190107
MAX 20190107
SUPERAntiSpyware 20190102
TACHYON 20190107
TheHacker 20190106
TotalDefense 20190106
Trustlook 20190107
Yandex 20181229
Zoner 20190107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-21 13:30:37
Entry Point 0x00010068
Number of sections 4
PE sections
PE imports
CryptDestroyKey
GetTokenInformation
CryptReleaseContext
RegCloseKey
OpenProcessToken
CryptDeriveKey
RegOpenKeyExW
CryptAcquireContextW
AdjustTokenPrivileges
CryptEncrypt
LookupPrivilegeValueW
CryptHashData
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
InitCommonControlsEx
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
HeapDestroy
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
LoadResource
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
SetFileAttributesW
OutputDebugStringA
SetLastError
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetThreadPriority
EnumSystemLocalesW
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
GetModuleHandleExW
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
FindNextFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
ReadConsoleW
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LoadLibraryExW
LCMapStringW
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
Process32NextW
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
UnhandledExceptionFilter
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
IsValidCodePage
WriteFile
CreateProcessW
Sleep
SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
ShellExecuteExW
SHSetValueW
PathCombineW
PathFindFileNameW
RedrawWindow
DefWindowProcW
FindWindowW
GetMessageW
ShowWindow
SetWindowPos
GetSystemMetrics
MessageBoxW
GetWindowRect
RegisterClassExW
GetClipboardData
TranslateMessage
DispatchMessageW
SendMessageW
RegisterClassW
CloseClipboard
SetWindowTextW
SetTimer
GetSysColorBrush
LoadCursorW
SendMessageTimeoutW
CreateWindowExW
SetForegroundWindow
OpenClipboard
InternetCheckConnectionW
socket
inet_addr
send
WSACleanup
WSAStartup
connect
htons
WSAGetLastError
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
ObtainUserAgentString
Number of PE resources by type
R 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:03:21 14:30:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
166400

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
2897408

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x10068

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 bd20d8afabe658816d06301b8f367c7e
SHA1 ca99a0cad332fbd5346dc17cef334f741af2f007
SHA256 a64dd2f21a42713131f555bea9d0a76918342d696ef6731608a9dbc57b79b32f
ssdeep
49152:KOUH1Xq5DXAo3Q/lchXnmF69YH9dIrbU/zuaVJGBgzUgQ7x3fR2CzjUxCl+fnIfk:fGYb3Q/GoF66H9d+Yua9zUgoj7A4GILw

authentihash 3c88834d39bb1973bd4d06dc9818715d2e7f355ac0e83e06f511fcf3efb7c848
imphash bf4be44f55bb0802873331a55bb9bc59
File size 2.9 MB ( 3052032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.0%)
Win64 Executable (generic) (34.0%)
Win32 Executable (generic) (5.5%)
OS/2 Executable (generic) (2.4%)
Generic Win/DOS Executable (2.4%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-03-21 13:36:48 UTC (11 ヶ月前)
Last submission 2018-05-28 00:32:11 UTC (8 ヶ月, 3 週間前)
ファイル名 Admin.exe
benedikt richter.exe
a64dd2f21a42713131f555bea9d0a76918342d696ef6731608a9dbc57b79b32f._exe
Sample_5ab64cacdabaeb038fa863ab.exe
av2018.exe
a64dd2f21a42713131f555bea9d0a76918342d696ef6731608a9dbc57b79b32f.bin_used
av2018.exe
Ransomware_AVCrypt.exe
Av.exe
av2018.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
DNS requests
TCP connections
UDP communications