× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f
Nazwa pliku: Zcrypt
Współczynnik wykrycia: 51 / 61
Data analizy: 2017-05-01 21:51:49 UTC ( 3 tygodnie temu )
Antywirus Wynik Uaktualnij
Ad-Aware Trojan.GenericKD.3850419 20170501
AhnLab-V3 Malware/Gen.Generic.C1454393 20170501
ALYac Trojan.GenericKD.3850419 20170501
Antiy-AVL Trojan[Ransom]/Win32.Zcryptor 20170501
Arcabit Trojan.Generic.D3AC0B3 20170501
Avast Win32:Malware-gen 20170501
AVG Ransom_r.NG 20170501
Avira (no cloud) TR/Samca.qqhi 20170501
AVware Trojan.Win32.Generic!BT 20170501
BitDefender Trojan.GenericKD.3850419 20170501
Bkav W32.DxsanASAAAO.Trojan 20170428
CAT-QuickHeal Ransom.ZCrypt.A6 20170430
Comodo TrojWare.Win32.Agent.tnxsm 20170501
CrowdStrike Falcon (ML) malicious_confidence_75% (W) 20170130
Cyren W32/Trojan.IZLU-4742 20170501
DrWeb Trojan.Encoder.4645 20170501
Emsisoft Trojan.GenericKD.3850419 (B) 20170501
Endgame malicious (high confidence) 20170419
ESET-NOD32 Win32/Filecoder.FO 20170501
F-Prot W32/ZCryptor.A 20170501
F-Secure Trojan.GenericKD.3850419 20170501
Fortinet W32/Crypren.ACRJ!tr 20170501
GData Trojan.GenericKD.3850419 20170501
Ikarus Trojan-Ransom.ZCryptor 20170501
Jiangmin Trojan.Crypren.br 20170428
K7AntiVirus Riskware ( 0040eff71 ) 20170501
K7GW Riskware ( 0040eff71 ) 20170426
Kaspersky Trojan-Ransom.Win32.Zcryptor.a 20170501
McAfee RDN/Ransom 20170501
McAfee-GW-Edition BehavesLike.Win32.AdwareConvertAd.bh 20170501
Microsoft Ransom:Win32/ZCryptor.A 20170501
eScan Trojan.GenericKD.3850419 20170501
NANO-Antivirus Trojan.Win32.Encoder.ecpjnx 20170501
nProtect Ransom/W32.Crypren.809984 20170501
Palo Alto Networks (Known Signatures) generic.ml 20170501
Panda Trj/GdSda.A 20170501
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20170501
Rising Malware.Undefined!8.C (cloud:bPKooEeCa7Q) 20170501
SentinelOne (Static ML) static engine - malicious 20170330
Sophos Troj/Agent-ARXC 20170501
SUPERAntiSpyware Trojan.Agent/Gen 20170501
Symantec W32.ZCrypt 20170501
Tencent Win32.Trojan.Zcryptor.Wrzz 20170501
TrendMicro Ransom_ZCRYPT.A 20170501
TrendMicro-HouseCall Ransom_ZCRYPT.A 20170501
VBA32 Hoax.Crypren 20170429
VIPRE Trojan.Win32.Generic!BT 20170501
ViRobot Trojan.Win32.Ransom.809984[h] 20170501
Webroot W32.Trojan.Zcrypt 20170501
ZoneAlarm by Check Point Trojan-Ransom.Win32.Zcryptor.a 20170501
Zoner Trojan.Crypren 20170501
AegisLab 20170501
Alibaba 20170428
Baidu 20170428
CMC 20170501
Invincea 20170413
Kingsoft 20170501
Malwarebytes 20170501
Symantec Mobile Insight 20170428
TheHacker 20170429
TotalDefense 20170426
Trustlook 20170501
WhiteArmor 20170409
Yandex 20170428
Zillya 20170428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-18 21:47:17
Entry Point 0x0005E883
Number of sections 6
PE sections
PE imports
RegOpenKeyA
RegCloseKey
RegSetValueExA
DeregisterEventSource
SystemFunction036
GetUserNameA
RegisterEventSourceA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegGetValueA
ReportEventA
GetStdHandle
GetFileAttributesA
SetEvent
GetDriveTypeA
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetTempPathA
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
GetLogicalDriveStringsA
FindClose
TlsGetValue
SetLastError
ReadConsoleInputA
GetModuleFileNameW
CopyFileA
ExitProcess
GetModuleFileNameA
RaiseException
SetConsoleCtrlHandler
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
GetModuleHandleA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
GlobalMemoryStatus
GetModuleHandleExW
ReadConsoleW
GetCurrentThreadId
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetFileSize
DeleteFileA
GetStartupInfoW
GetCPInfo
GetUserDefaultLCID
GetProcessHeap
CompareStringW
ExpandEnvironmentStringsW
FindFirstFileExA
FindFirstFileA
CompareStringA
GetTempFileNameA
GetComputerNameA
FindNextFileA
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
WaitForSingleObjectEx
WinExec
GetCurrentProcessId
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
OpenMutexA
SetEndOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
SetConsoleMode
Sleep
TerminateProcess
ResetEvent
VariantClear
SHGetFolderPathA
PathFindExtensionA
PathFileExistsA
SystemParametersInfoA
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
DeleteUrlCacheEntry
CoCreateInstance
CoInitialize
URLDownloadToFileA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:18 22:47:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
524800

LinkerVersion
14.0

EntryPoint
0x5e883

InitializedDataSize
295936

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d1e75b274211a78d9c5d38c8ff2e1778
SHA1 d14954a7b9e0c778909fe8dcad99ad4120365b2e
SHA256 bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f
ssdeep
24576:l2RNuxIAdOx6mNoGSyGMjc6XaMAy9xg5tMZ/Z3RPpEYrTQAU:rIG+lbGuntxktM15RPpEYrTQAU

authentihash 81b879cec5f7ab064cc7b5f30d9824c073b07d3f5445c4cc29c41cd13da3330f
imphash 7c6791cb1b3ac992063bd8ecc38e1226
File size 791.0 KB ( 809984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-22 17:59:19 UTC ( 1 rok temu )
Last submission 2017-02-24 12:17:23 UTC ( 2 miesiące, 3 tygodnie temu )
Nazwy plików zcrypt.exe
zcrypt.bin
bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f.exe
bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f_000164782_
zcrypt.exe
zcrypt.ex_
2016-05-25_bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f
bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f
Ransom.ZCryptor.A.exe
bc557a7bfec430aab3a1b326f35c8d6c1d2de0532263df872b2280af65f32b8f
Zcrypt
zcrypt.ex_gz
dfce1cdb2a4696a5e639b662a10a448a19959ea0
d1e75b274211a78d9c5d38c8ff2e1778.virus
invoice-order.exe
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!