× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: 9ae253033c529846a51b8b47210d62edd234767e010fd1f03ce642ea2fedbb3a
Nazwa pliku: 1.dat
Współczynnik wykrycia: 48 / 64
Data analizy: 2017-08-24 01:54:15 UTC ( 4 tygodnie, 1 dzień temu )
Antywirus Wynik Uaktualnij
Ad-Aware Trojan.Ransom.Locky.CU 20170824
AegisLab Troj.W32.Generic!c 20170824
AhnLab-V3 Trojan/Win32.Locky.R206834 20170824
ALYac Trojan.Ransom.Locky.CU 20170824
Antiy-AVL Trojan[Ransom]/Win32.Locky 20170823
Arcabit Trojan.Ransom.Locky.CU 20170823
Avast Win32:Geri 20170823
AVG Win32:Geri 20170823
Avira (no cloud) TR/Ransom.olerf 20170823
AVware Trojan.Win32.Generic!BT 20170824
BitDefender Trojan.Ransom.Locky.CU 20170824
Comodo UnclassifiedMalware 20170824
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170804
Cyren W32/Locky.BY.gen!Eldorado 20170824
DrWeb Trojan.Encoder.13570 20170824
Emsisoft Trojan.Ransom.Locky.CU (B) 20170824
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Filecoder.Locky.K 20170824
F-Prot W32/Locky.BY.gen!Eldorado 20170824
F-Secure Trojan.Ransom.Locky.CU 20170824
GData Trojan.Ransom.Locky.CU 20170824
Ikarus Trojan.Win32.Filecoder 20170823
Sophos ML heuristic 20170822
Jiangmin Trojan.Generic.bftsl 20170824
K7AntiVirus Trojan ( 005107de1 ) 20170823
K7GW Trojan ( 005107de1 ) 20170821
Kaspersky Trojan-Ransom.Win32.Locky.xus 20170824
Malwarebytes Ransom.Locky 20170823
MAX malware (ai score=80) 20170824
McAfee RDN/Ransom 20170824
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.hm 20170824
Microsoft Ransom:Win32/Locky 20170824
eScan Trojan.Ransom.Locky.CU 20170823
NANO-Antivirus Trojan.Win32.Encoder.erswwm 20170824
nProtect Ransom/W32.Locky.529920 20170824
Palo Alto Networks (Known Signatures) generic.ml 20170824
Panda Trj/Genetic.gen 20170823
Qihoo-360 Win32/Trojan.afc 20170824
Rising Ransom.Locky!8.1CD4 (cloud:6JgnCJ4p1VV) 20170824
Sophos AV Mal/Generic-S 20170824
Symantec Ransom.TeslaCrypt 20170823
TrendMicro Ransom_Locky.R0E9C0DHF17 20170824
TrendMicro-HouseCall Ransom_HPLOCKY.SMALYD 20170824
VBA32 suspected of Trojan.Downloader.gen.h 20170823
VIPRE Trojan.Win32.Generic!BT 20170824
ViRobot Trojan.Win32.Z.Locky.529920.B 20170823
Yandex Trojan.Locky! 20170823
ZoneAlarm by Check Point Trojan-Ransom.Win32.Locky.xus 20170824
Alibaba 20170823
Baidu 20170823
Bkav 20170823
CAT-QuickHeal 20170823
ClamAV 20170824
CMC 20170823
Cylance 20170824
Fortinet 20170824
Kingsoft 20170824
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170824
Symantec Mobile Insight 20170824
Tencent 20170824
TheHacker 20170821
TotalDefense 20170823
Trustlook 20170824
Webroot 20170824
WhiteArmor 20170817
Zoner 20170824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-02-02 15:24:00
Entry Point 0x00002C77
Number of sections 5
PE sections
PE imports
CryptDestroyKey
RegCloseKey
AccessCheck
CryptSetHashParam
CryptEncrypt
CryptHashData
CryptImportKey
CryptCreateHash
SetSecurityDescriptorDacl
GetFileSecurityW
CryptGetKeyParam
EqualSid
OpenProcessToken
DuplicateToken
SetTokenInformation
RegOpenKeyExA
RegDeleteValueA
GetTokenInformation
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
OpenThreadToken
CryptDestroyHash
MapGenericMask
RegSetValueExW
FreeSid
CryptGetHashParam
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
SetEntriesInAclA
GetDeviceCaps
GetObjectA
DeleteDC
SetBkMode
CreateFontA
CreateSolidBrush
GetDIBits
SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetStdHandle
GetDriveTypeW
WaitForSingleObject
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
GetVolumeInformationW
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InitializeCriticalSection
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
DeviceIoControl
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
GlobalFindAtomA
ExitProcess
GetVersionExA
GetModuleFileNameA
HeapSetInformation
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetVolumeNameForVolumeMountPointA
CreateThread
MoveFileExW
GetSystemDirectoryW
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
VirtualQuery
FindAtomA
GetCurrentThreadId
InterlockedIncrement
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
AddAtomA
GetWindowsDirectoryA
GetStartupInfoW
DeleteFileW
GetProcAddress
GetTempFileNameW
GetFileSizeEx
FindNextFileW
FindFirstFileW
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetEnvironmentStringsW
CreateProcessW
GetCurrentProcessId
GetDiskFreeSpaceExW
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
OpenMutexA
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetAddConnection2W
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
SysStringByteLen
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
VariantInit
SHGetFolderPathW
ShellExecuteW
ReleaseDC
GetSystemMetrics
FillRect
DrawTextW
SystemParametersInfoW
FrameRect
GetDC
HttpSendRequestA
InternetSetOptionA
InternetWriteFile
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpAddRequestHeadersA
InternetQueryOptionA
HttpQueryInfoA
InternetCrackUrlA
HttpEndRequestA
HttpSendRequestExA
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitializeSecurity
ObtainUserAgentString
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2006:02:02 16:24:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
484864

LinkerVersion
5.2

EntryPoint
0x2c77

InitializedDataSize
51200

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 993608b9aea2b351e4ba883fee8916b0
SHA1 188c1a0fe856dbf5a17ce179f07afdec9aa2ecb2
SHA256 9ae253033c529846a51b8b47210d62edd234767e010fd1f03ce642ea2fedbb3a
ssdeep
12288:EAMm4iyNaUKOJxAH7/tXpBDJgrqck2fkNUSPsiVcboNjImZdFjfdG:EAyiyvK6uH71Xpda9k2fjSPsiVcbolIV

authentihash 3a0996880f9beb3d23a1eba86e30dba5f8d37ba4a7529126fbd0c50df7ad597b
imphash 09039f41fc88a3e991a6e3505504e428
File size 517.5 KB ( 529920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-16 00:40:27 UTC ( 1 miesiąc, 1 tydzień temu )
Last submission 2017-08-16 02:01:36 UTC ( 1 miesiąc, 1 tydzień temu )
Nazwy plików 1.dat
1[1].dat
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications