× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: 7c07f6c21f01eefa72556858fd89c64df722ccd0c24692ded5113529f4a6fe2b
파일 이름: ransomware6.exe
탐지 비율: 53 / 67
분석 날짜: 2017-11-15 14:00:24 UTC ( 6개월, 1주 전 )
안티바이러스 결과 업데이트
Ad-Aware Gen:Variant.Razy.90557 20171115
AegisLab Troj.W32.Generic!c 20171115
AhnLab-V3 Trojan/Win32.Dynamer.C1318617 20171115
ALYac Gen:Variant.Razy.90557 20171115
Antiy-AVL Trojan/Win32.AGeneric 20171115
Arcabit Trojan.Razy.D161BD 20171115
Avast Win32:Ransom-AXT [Trj] 20171115
AVG Win32:Ransom-AXT [Trj] 20171115
Avira (no cloud) TR/Crypt.ZPACK.207480 20171115
AVware Trojan.Win32.Generic!BT 20171115
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9946 20171115
BitDefender Gen:Variant.Razy.90557 20171115
CAT-QuickHeal Ransom.NanoLocker.A4 20171114
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171115
Cyren W32/NanoLocker.A.gen!Eldorado 20171115
DrWeb Trojan.KeyLogger.37125 20171115
eGambit Unsafe.AI_Score_100% 20171115
Emsisoft Gen:Variant.Razy.90557 (B) 20171115
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/Filecoder.NanoLocker.A 20171115
F-Prot W32/NanoLocker.A.gen!Eldorado 20171115
F-Secure Gen:Variant.Razy.90557 20171115
Fortinet W32/Filecoder.NAN!tr 20171115
GData Gen:Variant.Razy.90557 20171115
Ikarus Trojan.Win32.Dynamer 20171115
Sophos ML heuristic 20170914
Jiangmin Trojan.Generic.jbqe 20171115
K7AntiVirus Riskware ( 0040eff71 ) 20171115
K7GW Riskware ( 0040eff71 ) 20171115
Kaspersky HEUR:Trojan.Win32.Generic 20171115
MAX malware (ai score=100) 20171115
McAfee Ransomware-FCO!C1CF7CE9CFA3 20171115
McAfee-GW-Edition Ransomware-FCO!C1CF7CE9CFA3 20171115
Microsoft Ransom:Win32/Genasom 20171115
eScan Gen:Variant.Razy.90557 20171115
NANO-Antivirus Trojan.Win32.KeyLogger.dzpirk 20171115
Palo Alto Networks (Known Signatures) generic.ml 20171115
Panda Generic Suspicious 20171115
Qihoo-360 Win32/Trojan.07b 20171115
Sophos AV Mal/Generic-S 20171115
Symantec Ransom.NanoLocker 20171115
Tencent Trojan-Ransom.Win32.Nanolocker.a 20171115
TrendMicro Ransom_Genasom.R026C0CDM17 20171115
TrendMicro-HouseCall Ransom_Genasom.R026C0CDM17 20171115
VIPRE Trojan.Win32.Generic!BT 20171115
ViRobot Trojan.Win32.NanoLocker.253952 20171115
Webroot W32.Trojan.Gen 20171115
WhiteArmor Malware.HighConfidence 20171104
Yandex Trojan.Agent!o8Ni0UsH2jE 20171114
Zillya Adware.AdLoad.Win32.8673 20171115
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171115
Alibaba 20170911
Avast-Mobile 20171115
Bkav 20171115
ClamAV 20171115
CMC 20171109
Comodo 20171115
Kingsoft 20171115
Malwarebytes 20171115
nProtect 20171115
Rising 20171115
SentinelOne (Static ML) 20171113
SUPERAntiSpyware 20171115
Symantec Mobile Insight 20171115
TheHacker 20171112
Trustlook 20171115
VBA32 20171115
Zoner 20171115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-02 16:59:15
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
CryptExportKey
RegSetValueExA
CryptEncrypt
AbortSystemShutdownA
RegCreateKeyExA
RegDeleteValueA
CryptDecrypt
CryptGenKey
CryptImportKey
CryptBinaryToStringA
CryptStringToBinaryA
DeleteDC
SetBkMode
CreateSolidBrush
SelectObject
SetBkColor
CreateCompatibleDC
DeleteObject
StretchBlt
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile
CreateToolhelp32Snapshot
GetSystemTime
HeapFree
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GlobalFree
GetDriveTypeA
CopyFileA
GetTickCount
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
Process32NextW
HeapAlloc
GetDateFormatA
GetFileSize
MultiByteToWideChar
GetLogicalDrives
GetCommandLineA
GlobalLock
Process32FirstW
GetProcessHeap
SetFilePointer
GetModuleHandleA
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
FindNextFileA
SetFileAttributesA
FreeLibrary
lstrcpyA
GlobalAlloc
FindClose
Sleep
SetEndOfFile
CreateFileA
ExitProcess
CoCreateInstance
CoUninitialize
CoInitialize
SHGetFolderPathA
SetFocus
GetMessageA
UpdateWindow
BeginPaint
DestroyMenu
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
GetSystemMetrics
AppendMenuA
DispatchMessageA
EndPaint
MessageBoxA
TranslateMessage
RegisterClassExA
CreatePopupMenu
SetWindowTextA
SetClipboardData
SendMessageA
CloseClipboard
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetFocus
EmptyClipboard
GetWindowTextA
DestroyWindow
OpenClipboard
inet_addr
Number of PE resources by type
RT_ICON 18
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 19
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:02 17:59:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
13312

LinkerVersion
5.12

EntryPoint
0x1000

InitializedDataSize
247296

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c1cf7ce9cfa337b22ccc4061383a70f6
SHA1 fea42532538136b61ae490bd82e20163dcc2ef9a
SHA256 7c07f6c21f01eefa72556858fd89c64df722ccd0c24692ded5113529f4a6fe2b
ssdeep
6144:7Qu40vAkzL7r9r/EDppppppppppppppppppppppppppppp0G:bxP7r9r/+ppppppppppppppppppppppJ

authentihash e051794fa8b2d8e79c0caf9d730547c4128b90c7f66e0eb6709e1f79aa86a5fa
imphash 444e7ce758d2784f0e6e53e6002de09f
File size 248.0 KB ( 253952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-11 07:13:46 UTC ( 2년, 4개월 전 )
Last submission 2017-11-15 14:00:24 UTC ( 6개월, 1주 전 )
파일 이름 ransomware6.exe
manage-bde.exe
c6f057b86584942e.pdf...........................................................................scr
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Runtime DLLs
UDP communications