× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 3b7fe3ec5d1ddb2c6666f099b8c97ef14616efde7adaec41fbbc69cdfd8687e1
Bestandsnaam: GGIU63mQ.exe
Detectieverhouding: 39 / 61
Datum van analyse: 2017-04-07 12:11:11 UTC (1 jaar, 1 maand geleden) Laatste weergeven
Virusscanner Resultaat Versie
Ad-Aware Gen:Trojan.Heur.DP.dTX@amF5gagi 20170407
AegisLab Gen.Troj.Heur!c 20170407
Antiy-AVL Trojan[Ransom]/Win32.Matrix 20170407
Arcabit Trojan.Heur.DP.E8B7A8 20170407
Avast Win32:Malware-gen 20170407
AVG Win32/DH{AzYKE4JkgRYBgQx9?} 20170407
Avira (no cloud) TR/AD.ChaChaRansom.igrcv 20170407
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9840 20170406
BitDefender Gen:Trojan.Heur.DP.dTX@amF5gagi 20170407
CAT-QuickHeal Trojanransom.Matrix 20170407
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.TAJP-1669 20170407
DrWeb Trojan.DownLoader24.35440 20170407
Emsisoft Gen:Trojan.Heur.DP.dTX@amF5gagi (B) 20170407
Endgame malicious (high confidence) 20170407
ESET-NOD32 a variant of Win32/Filecoder.NKD 20170407
F-Secure Gen:Trojan.Heur.DP.dTX@amF5gagi 20170407
Fortinet W32/Filecoder.NKD!tr 20170407
GData Gen:Trojan.Heur.DP.dTX@amF5gagi 20170407
Ikarus Trojan.Win32.Filecoder 20170407
Sophos ML hacktool.win32.kapahyku.a 20170203
K7AntiVirus Trojan ( 0050878f1 ) 20170407
K7GW Trojan ( 0050878f1 ) 20170407
Kaspersky Trojan-Ransom.Win32.Matrix.ac 20170407
Malwarebytes Ransom.Matrix 20170407
McAfee Artemis!909CA7C139F3 20170407
McAfee-GW-Edition BehavesLike.Win32.Dropper.th 20170407
Microsoft Ransom:Win32/Mytreex.A 20170407
eScan Gen:Trojan.Heur.DP.dTX@amF5gagi 20170407
NANO-Antivirus Trojan.Win32.Matrix.eniwlv 20170407
Palo Alto Networks (Known Signatures) generic.ml 20170407
Panda Trj/CI.A 20170407
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Generic-S 20170407
Symantec Trojan.Gen.2 20170406
TrendMicro-HouseCall TROJ_GEN.R047H09D517 20170407
ViRobot Trojan.Win32.Z.Agent.1100944[h] 20170407
Webroot W32.Ransom.Gen 20170407
ZoneAlarm by Check Point Trojan-Ransom.Win32.Matrix.ac 20170407
AhnLab-V3 20170407
Alibaba 20170407
ALYac 20170407
AVware 20170407
Bkav 20170407
ClamAV 20170407
CMC 20170407
Comodo 20170407
F-Prot 20170407
Jiangmin 20170407
Kingsoft 20170407
nProtect 20170407
Qihoo-360 20170407
Rising 20170405
SUPERAntiSpyware 20170407
Symantec Mobile Insight 20170406
Tencent 20170407
TheHacker 20170406
TrendMicro 20170407
Trustlook 20170407
VBA32 20170407
VIPRE 20170407
WhiteArmor 20170327
Yandex 20170406
Zillya 20170406
Zoner 20170407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-02 18:46:35
Entry Point 0x000D9A54
Number of sections 11
PE sections
Overlays
MD5 2fd683b4f14c2cfa3cfbf0d3945d9464
File type data
Offset 1096192
Size 4752
Entropy 1.14
PE imports
SetThreadLocale
GetStdHandle
GetDriveTypeW
ReleaseMutex
WaitForSingleObject
HeapDestroy
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
UnhandledExceptionFilter
GetLocaleInfoW
GetCPInfo
GetDiskFreeSpaceW
WriteFile
GetThreadTimes
ResumeThread
FreeLibrary
LocalFree
FormatMessageW
GetThreadPriority
InitializeCriticalSection
LoadResource
EnumCalendarInfoW
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
CopyFileW
GetModuleFileNameW
HeapAlloc
VerSetConditionMask
SetThreadPriority
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
CreateThread
GetSystemDefaultUILanguage
GetExitCodeThread
CreateMutexW
GetSystemTimes
ExitThread
TerminateProcess
GetVersion
VirtualQuery
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
RtlUnwind
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
CompareStringW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
GetComputerNameA
FindFirstFileW
IsValidLocale
CreateEventW
CreateFileW
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
GetShortPathNameW
GetSystemInfo
GetProcessTimes
GetThreadLocale
lstrlenW
VirtualFree
SwitchToThread
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
RaiseException
InterlockedCompareExchange
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
SetFilePointer
ReadFile
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
FreeResource
GetCPInfoExW
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
OpenProcessToken
FreeSid
CryptGenRandom
AllocateAndInitializeSid
OpenThreadToken
GetUserNameA
CryptReleaseContext
EqualSid
RegOpenKeyExW
CryptAcquireContextW
RegQueryValueExW
CoUninitialize
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CoInitialize
VariantChangeType
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
SHGetSpecialFolderPathW
CharLowerBuffW
GetSystemMetrics
MessageBoxW
PeekMessageW
CharUpperW
LoadStringW
MessageBoxA
MsgWaitForMultipleObjects
CharUpperBuffW
CharNextW
PE exports
Number of PE resources by type
RT_RCDATA 15
RT_STRING 11
Number of PE resources by language
NEUTRAL 13
ENGLISH US 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:04:02 19:46:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
902656

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
192512

SubsystemVersion
5.0

EntryPoint
0xd9a54

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 909ca7c139f30eb8a1e33d3527090d76
SHA1 85f215979c9986b22ea69fb19e1945e23249bc26
SHA256 3b7fe3ec5d1ddb2c6666f099b8c97ef14616efde7adaec41fbbc69cdfd8687e1
ssdeep
12288:TyVEnwePQp/VgGIbYRHuMdJR5ezaf757gD6c5fgqS33ptG2LVv:OVxePQ/RHuWJR5ezaz57gD6cdgBnPVv

authentihash 94a8c770d65004138154c773fbaf090c3618d11f6b0c0b37246ee86bdd4849f4
imphash 4df958f8ff0b197c86569c48a63a4679
Bestandsgrootte 1.0 MB ( 1100944 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (63.7%)
Windows screen saver (20.0%)
Win32 Executable (generic) (6.9%)
Win16/32 Executable Delphi generic (3.1%)
Generic Win/DOS Executable (3.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-05 08:58:19 UTC (1 jaar, 1 maand geleden)
Last submission 2017-04-08 19:14:23 UTC (1 jaar, 1 maand geleden)
Bestandsnamen GGIU63mQ.exe
tEajMFBE.exe
LOpGkflY.exe
zvqThmgq.exe
3b7fe3ec5d1ddb2c6666f099b8c97ef14616efde7adaec41fbbc69cdfd8687e1.exe
3b7fe3ec5d1ddb2c6666f099b8c97ef14616efde7adaec41fbbc69cdfd8687e1.exe
qZCGzbPX.exe
Malware_Unpacked.exe
Behaviour characterization
Zemana
dll-injection

Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications