× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: d6160870e857acffc5b07abd99a3b101220ca162b064683a848c88962e9c2b0d
ファイル名: IUGiwe8
検出率: 50 / 65
分析日時: 2017-09-23 17:18:42 UTC (1 年, 6 ヶ月前) 最新を表示
ウイルス対策ソフト 結果 更新日
Ad-Aware Trojan.RanSerKD.12395314 20170923
AegisLab Ransom.Cerber.Smaly0!c 20170923
AhnLab-V3 Trojan/Win32.Locky.R209268 20170923
ALYac Trojan.Ransom.LockyCrypt 20170923
Antiy-AVL Trojan[Ransom]/Win32.Locky 20170923
Arcabit Trojan.RanSerKD.DBD2332 20170923
Avast Win32:Malware-gen 20170923
AVG Win32:Malware-gen 20170923
Avira (no cloud) TR/Crypt.ZPACK.sxyzu 20170923
AVware Trojan.Win32.Generic!BT 20170923
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170922
BitDefender Trojan.RanSerKD.12395314 20170923
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170923
Cyren W32/Locky.DMES-1850 20170923
DrWeb Trojan.DownLoader25.35515 20170923
Emsisoft Trojan.RanSerKD.12395314 (B) 20170923
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Filecoder.Locky.L 20170923
F-Prot W32/Locky.OL 20170923
F-Secure Trojan.RanSerKD.12395314 20170923
Fortinet W32/Locky.FWSD!tr.ransom 20170923
GData Win32.Trojan-Ransom.Locky.KZDKCN 20170923
Ikarus Trojan-Ransom.Locky 20170923
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0051775f1 ) 20170923
K7GW Trojan ( 0051775f1 ) 20170923
Kaspersky Trojan-Ransom.Win32.Locky.zqi 20170923
Malwarebytes Trojan.PasswordStealer 20170923
MAX malware (ai score=100) 20170923
McAfee Ransom-Locky!939C552FBC07 20170923
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jc 20170923
Microsoft Ransom:Win32/Locky 20170923
eScan Trojan.RanSerKD.12395314 20170923
nProtect Ransom/W32.Locky.654848.B 20170923
Palo Alto Networks (Known Signatures) generic.ml 20170923
Panda Trj/Genetic.gen 20170923
Rising Ransom.Locky!8.1CD4 (CLOUD) 20170923
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170923
Symantec Ransom.Lukitus 20170923
Tencent Suspicious.Heuristic.Gen.b.0 20170923
TrendMicro Ransom_LOCKY.TH922 20170923
TrendMicro-HouseCall Ransom_LOCKY.TH922 20170923
VBA32 Trojan.Filecoder 20170922
VIPRE Trojan.Win32.Generic!BT 20170923
ViRobot Trojan.Win32.Locky.654848.A 20170923
Webroot W32.Trojan.Gen 20170923
WhiteArmor Malware.HighConfidence 20170829
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.zqi 20170923
Alibaba 20170911
Avast-Mobile 20170923
CAT-QuickHeal 20170923
ClamAV 20170923
CMC 20170920
Comodo 20170923
Jiangmin 20170923
Kingsoft 20170923
NANO-Antivirus 20170923
Qihoo-360 20170923
SUPERAntiSpyware 20170923
Symantec Mobile Insight 20170922
TheHacker 20170921
TotalDefense 20170923
Trustlook 20170923
Yandex 20170908
Zillya 20170922
Zoner 20170923
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-09 05:09:20
Entry Point 0x00002666
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
RegCreateKeyExW
RegLoadKeyA
LogonUserW
CryptSignHashW
ClearEventLogW
ControlService
RegOpenKeyA
RegReplaceKeyW
OpenEventLogA
RegEnumKeyA
RegDeleteValueA
InitializeSid
GetConsoleAliasA
SearchPathA
CreateFileMappingA
GetFileAttributesA
LoadLibraryA
InitializeCriticalSection
lstrcmpiA
WaitForSingleObject
CreateMailslotW
GetOEMCP
GetLogicalDriveStringsW
GetDateFormatW
SetErrorMode
ReadConsoleW
GetCommandLineA
DeleteFileW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
NDdeShareGetInfoA
NDdeShareDelA
NDdeShareAddA
StrStrA
SHCreateShellItem
StrChrW
ShellAboutW
SHGetFolderPathA
FindExecutableW
SHQueryRecycleBinA
SHGetFileInfoW
ExtractIconW
DllRegisterServer
InsertMenuA
wsprintfA
LoadMenuA
GetMessageA
GetClassLongW
LoadStringA
CreateDesktopA
DrawStateA
DispatchMessageA
LoadIconW
GetPropW
DialogBoxParamA
GetDlgItemTextW
PostMessageW
LoadBitmapA
IsDialogMessageA
CharToOemA
Number of PE resources by type
SERT 3
RT_STRING 1
RT_MENU 1
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:05:08 22:09:20-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46080

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, Aggressive working-set trim, 32-bit, No debug

EntryPoint
0x2666

InitializedDataSize
607744

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 939c552fbc07410a99400ebcbcafcc2f
SHA1 bc75609dfc7d72b92da6da37cd60a96dd56a0d84
SHA256 d6160870e857acffc5b07abd99a3b101220ca162b064683a848c88962e9c2b0d
ssdeep
12288:5c666666/UoIs7z6EUI5cTL5yaJ4Kn3bHHfDISc3vV9BE8uHQ5yt81MCTIVZaZT:5c666666/UlI6YiTLoA7rHbdc/ze8sQj

authentihash cb0f075145c4be3d646ff0af2e1862166d8502b6db9f5da073ba68adc6189095
imphash 2499bb0fe1577d7050ef6cd9c1ae1a30
File size 639.5 KB ( 654848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-21 10:15:30 UTC (1 年, 6 ヶ月前)
Last submission 2019-03-06 04:03:35 UTC (2 週間, 3 日前)
ファイル名 cerber.exe
IUGiwe8.exe
IUGiwe8
output.112277031.txt
d6160870e857acffc5b07abd99a3b101220ca162b064683a848c88962e9c2b0d
content
IUGiwe8[1].txt
939c552fbc07410a99400ebcbcafcc2f.vir
b4d833df4558593012aaae9028f63c4b5a9baf2a
VirusShare_939c552fbc07410a99400ebcbcafcc2f
csLRjbBo.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。